Warning! We are currently in recovery mode. The complete archive is not available.

Sample details: b6afc91d467bbb2b2f5afb2404082a31 --

Hashes
MD5: b6afc91d467bbb2b2f5afb2404082a31
SHA1: 936ba58ce06876ef9f5ce1fa845ced27483cb2f9
SHA256: 9a78b34c50b14d1da2e250fa837fb3afeb767d1fd0e2708dde3dc597fe225456
SSDEEP: 3072:HJvRebrbmfBvczDaDZ5Kue+n/8tqe4kDarqrJRIC7DFkBJXC:72ufJCOEmGhlBfICc
Details
File Type: MS-DOS
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/suspicious_packer_section |
Source
http://198.55.107.149/cab/setup.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
{YCy]-
CT@gm1+
K[MMkb8j
,	Q+P<
L 5Ny%
+rTOXmN=:
ZLw0L39
P,].uZ
p]^h*V
n +U$]
'Y,W>g
6^{	+'}
h4};d?*-,
U,N9,_
N&M73Y
0qL1<S
vv05G,
*(G NJ
.f >{@
jwh-~x
kJmjb6
'uSIcqw
t8wY+k~l
:p9k+M
\	I}E'
&t2ER&
z )jD,J
92EqBn
*_BJYg
83vZu[37
*9	4_q
lJLxsv(LS
?Bv	tg?
?F<(w-@
<3zH[N
	~aX|<
	Ej5#(
B{9Em+B
U<;oP8
iXdp7E*
4E|sN)l
>,r0me
:~4{&V
=fjQ,S!
iF Z(y
s=hKH4
5@CqD*
W_yMLgSlf
R9AEh/+""
Bo&6~? A
{:^xU!ra
<gY9S=
7d%	fg
@kd'ZS
<}#;6F
x]I^|,
29.\ap;
We9sk1H
7(yEUhl
F<K).<
og[.Cr
@Y;lKB
R*|f}D
e#673x
Wj-VEiY42
VF\cTE
qwSFM=i
aDPF;b
^-!eQvC
z*I j^
93>W+uT
v5=OH6H
6+[G[[~.e
[ZBM69
G(3 CC
^dklzv
tMAp]%{q@We
~I6!wK
Z5T/' Q]
t>%Fww
&m.D$ 
u*Ya+r
mI^eQR
=&`F;,
5}UokF
/*F#d\
n6b`HD^
8,$:}c
E1z$lX
'IY_t6
q<U|'*
kMC>"H
@82mJ_`8
N44v=z
6LvTIx
{2{1|r
[N7S4wt
}a4qNzZ
VPO8<w
|7Btd@*
(lM5Fp
	#*>kt
MCCx!,
];RzI0
35R8@l
GIm[rk
v+*9^f
@P6oLA
*wR%WH
Dg)U_Ta=g
be(X_5Q
#^ +qf
[XJmE.Bt
g?S+&-
ET0}	c
PdQ4U;G
l#o:2o
jY 	ZO
]dIqZU
Ci5XbOa
LNgqau]
M:hi!r
A78ByA.
f??A~G
\$~yX.
%dmhC-*
sgu}+T
J`2s;R
&8a=EY
b/26M1
[$='#nU
\|/[p0
KT,%Ix
]$1=Ga\O
7f:LAq$
R,J#cVr
9Or?	W
_)j3~T
~	V-md
SzEn1o
Xis#Ov=
H,\{o;
1_=QQm
E4-1H!$
6ECr*NX
F.u>lx
AZk};dv
o5`v&d
6!7a3,
[|aUdi
{xhD$!
jxMU $Or9
{K,ak}
nUtoqq
)0{]&m
&ZQVyF
@%T1^K
FLFj9V
L\zy&7j~-
+wTBaf
oxvJ~"
.8Sa$h
G#U|3&
D=T^]?
F/I/ /
8a4'd!C
F\/L#"c
$/YUNMB
h?=*?D
A (NR5
u=ql*Z
YpG8q)+m
\/(XAi
^6aE*c
EX	&$2R
zY:o3g
~{(Ymx
7`^QmI
80]_-v
:Mu<P\
4(i!O"
u'%N!a
;84N#L
8'#LS7
jI_qEV_7
zgNG}Gz
3^%.+ Z
c+9q9O
;T`AbD
.f#$ow
qAvx	j
AyP&[0
/9'Ulv
<\fGf!8
.4!U/0/
. *X+z
(Pdy$I
0L^G)o#m
1'ym9z
kGGDvc
t\=d0l
pr%:]ps
L|+$!1s
W[lN/Kp
e;~\Zb
JKh~UM
V+#9ET
'pEA}C
fdN[Dw %
A9nwze
w&Z|~}
C,~ H 
Vg$Wz78
Kl+/W?
5U;[Gd5(5L
/#;{A^)
l2b3[L
_%33a	l
`VM@=}n
05	t;.
gyWyP44
b~i|02=
}AF212
(Zj_Sy
UG |xf
T^q5D`
+#=gOG
a[Fd<>
1,eas+5K
;c(3`3
Z1,{xs
FgR`6J
(F1IR:
tg?+;O
r=q@r 
IcLSsv
~yKl^Dr
sV<[Mt`
69_JR>
o8o4f6
|kb*Ic
[EyCRz
PagU?C
U=0mgW&
|cI`^a
~o9 MO
-t$OR'
C5~0w[
mx<'m0;R
bk^r|d}
sX	g.0
_c8GF#
^;<mV)f
t=:Wa*
eCqG];
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
ADVAPI32.dll
OpenServiceA
SHELL32.dll
ShellExecuteA
WINHTTP.dll
WinHttpOpen
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>