Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: b327cbff04dc8664bb5148158f39cb45 --

Hashes
MD5: b327cbff04dc8664bb5148158f39cb45
SHA1: c7d5020750503db60d07ebaaf96bd4e57d2c9c95
SHA256: d25a62f94cc8eaf94478cdabe190035e54dfc655b4b8c11627f1efb436c82b3e
SSDEEP: 768:5XYoQaZytwZftjE9MB7MBLXaASfwCLoTwAgBU7D:WoWtwYMB7sXaAS8hgB
Details
File Type: MS-DOS
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/ReflectiveLoader | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
Rb6^E>
~bzkg.
-%[cWD
Lph[Yw
_+",>]
GP)<z2{p 1]r
	=8c%$m
:raUA,^
q5UW<2
cYd	rd
xh&owU
	um3mC
PV&|D~Y
q+Rl<^w
SstDz+
/9&"7p
N^orm\
AN-|Qv
+b+ujpSd
1-B$sY%
nmap5V
5^0-Sa
*M#Dla
RAlJ-"Ko|Zc6
GbVvx'
9K!tl,l
Hj)T1V
&4><WAw
j1U)88I4
'/lG5Y
F(5	ZH
7R/@(]
FD4lMj
9BQ%$ 5p
LSeFEQ
DcHh}xh
.D'IiL?
\^<b*Tce
QSVWj@h
encryption.dll
_ReflectiveLoader@0
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
EndPaint
GDI32.dll
TextOutW
ADVAPI32.dll
FreeSid
SHELL32.dll
ShellExecuteW
CRYPT32.dll
CryptStringToBinaryA
WININET.dll
InternetOpenW
PSAPI.DLL
EnumDeviceDrivers
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>