Sample details: bb94ec5c627dd49f80301608b270dbc8 --

Hashes
MD5: bb94ec5c627dd49f80301608b270dbc8
SHA1: e49ce551b6afbab95479241a02b3325c48e9f00d
SHA256: 9b9c6eace6a4ec918f13ca3a87aa0fbd957f709d552f0939d71efee50fc34193
SSDEEP: 6144:BQHK5zG6ijs9y8uNKFGt6ZNyyAI3Li0+JkLfgijfE5jvzJarUenrbN995WGsgL7W:Cp6b/WK5ZfAI37LlQtrJSPNFZnls
Details
File Type: MS-DOS
Added: 2018-06-22 17:48:56
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/url | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS25
Oz'If(
s+;J:N
!;s&VR
x>*NHJ)
zs"u_d
g6@AZa
a07jC0
SnR;`r
-@g"9U~
@f+;6\Ai
\~}=q4
* LG_*
n/ltX`
*S{OD<
NGKPNQ
SVjPhk.O
Bl6[I+
)B;}>y
7	gN\:
2Ftw;<
%g#	h(
Io+WV2
=B7=Yt,
P	"Ez0
aW	JM1
c`}Oh~
@?Lb.}	s
|fH4bP He
:y% Qj
{ULbN;
,<O\e9o
g2K#{z[m2
hb~}~r
.3xF<l
|IwfUzg
Jw1%Smq'
9<c'}1m
>rN"MO&
ERph6H
OJ$=MjQyTq
).8bzST@
vv!H9.
Tjk3/&
rL-_ZGe
UWh.'#{g^j
@x{?KB0
`f:I]i
YYw5ViR
_pN|pY)
t'ZV'CXz$
WbSc%p|U
uY7DBTf
bXA"MM
GLrfNV
z*9`$q
[G[>ox
I1G(VS
Ae`."X
V.XL*#
4w9zn_
m1}}w3
WmD+yQ
pn,$3hpm
RSuZbc
 2,Af1
.@vhfjl
~/T\8Gu
Ky)@A{
<SXy%i
Qp F%v
4	QT/N_
J~q6?h
jZ~=au
jWu~6R1
7Ok-R~
(eL&P^*	:
1Nmr]MV
-S4D.f
v'Vz1F]U)<
GP$aOj
Pj4P}c~
 9N9Kc!
Vr{ t5
.FI;j5
|[w{n/
*,hQY.
$E(@]Z
vB@B1.
_1QQyK
vg&X+o
TU-%JOR
	`^l)I
dmFf[B
,@PvEU
#'v}[&
'>]{P>
n~Rl#*Z
)~;^kkBc
&.5'AA
!6T+^:6gX
; |TB$
tdKA'(
d"RN9i
VjGy,z
fV/CZYU
 `0a@)[
[5Qo;!
	BU;Kd
)At 0x
q1N1pZ
L(;]5059s
xzG\X0~
?"3c{{b
E@ Wg{
9{oz$!
#	Z4y-
tfFvq8
@Us<.dUtc
 <G	]\z
-pd!:'
"'@:6a
f7Bclw
\.es5>
`8@]<zT=
{PGp{}B6
>^`Qex 
(u(]#I
%bKTz>	v=nk
A.v{wz
_OAJr`"
5NvgXR
`.U AI$S
	O3Sd 
H1v|N*
/~o=<F
v5&pF+
1 2('<4
JVJb@ u
D&qq#u
Evrt!C
)G]+}?v5
Sy_Bm?L
\j#M-~
mbAq&|
znuBQol
Tu6fx$
#7U< |
3TczuC
}(Y>0'
Yb1d/l(
Q9]3UE
vpFdzhd
F}nx{I)
8E:m"&
(8CQ+d
.m6b41g+&
/cvaA1!/
rC-$YBfp
Zp	x}$w
pi>SpZ#
OQ~V9L
1&vB(H
d=f#dG
cT,G`Q
`$k79w:
C}R/Ht
a,,'iWju+6u
#h<R|)
5 >mF4D
iw"&}'UU
JXtv|l
:S=-w8
0fvq S
iuHcKwu
~7;%]*
nx"eR:
dC)eRdq
eXdw/jl$(
k-t^ Y
"'$NFYj1
G.%7?,
2PI9Ny
fUhF)56
*(f>K1>a
;8O%\%B
T~wJ>b
a	HBUIQ\
R&5dOT
}"g-`6zT_
)&9:_N
mDL>uG+7
RKZ	Od
L8ngsF
}`X5[H
!D(FrA(
&[F{J5
39`*gd
<<ecwWd
e R0F(
#/Es)bXMO
7G(|M}
3.?&}1$
9<?m+M
d+OowN
QE'e+!
8),>q21
XdF^,=U
#8P<dk
W?\0MR
c3Yn&5G
t$A#&D
clQOA!
;K;h:{
A=Ci'M
d/\"51
Cvs^6K@,
+vRV[H-\ 
RZ__$m
"mr{s'"
;W_MG+
xSGU7A
czAtNz
?:op5Cq
5G891g
<0~J$X
D[9TTf
Zf,mdb
&m]Kaf
M%X.)'
g[=e)-
|&3(~e
QQ-e;\
4A+	d6
h0:m5P<
sv!d(1k
v'o*$\$E
SjxCCa
VZ6Y5Y
90/h9Py
Fo'6R3;
+8{sTo
ex 2]X
;)J[q!o
2K%&#\
p+8VX.k
38TV9q
Ux~ya:(
WZw[UO
j<;Zol
oWy`!j
R-/58(Y
T^u<ZS
$!R!ZZ
u'.M^@
H&*OU\
&iw6"F7G
j]=W~@_
Qqz)?A
9+9YUL1
?i,p)p
'o(b%$
c#'dUb
?ak+c^
qWc^?$'Ujd
~';?.3Bs
Chw)G%
ZoGdxy
vBmc~O: 
{V?"TD	7jPUYwe0
B@WEbWS
E_$'?b"
\/3A!hJp
pofK0q
x<&k([
Yr7#o{Ty
D9_XNM:
I-z\ f
6TR_n5
u0PhIHD!jA
*lm>o"
JvFV_s
c&AnH~
`6ssbq
@|^*"R
IxFj3LD
_	UR+}
a0-<N}
bL|v>-N
&)Wr28:
)z+OP-
\fhefe
s&%f	:VP
J[	l<WB}
A|!N:pht
!)CPMhF
M3s5VU
y+[ /w
IXC \2
qR/Qn}
\ZgE}/
4a+^T_
YI#5Fi_i
K	c[E#
CnW/FP
bx4l$^
kmVl(S
H)mUsE
O;CXn9
HMK'[W
7KY(uy
^ty"Nq
+H-__6z
v~Bjc^
(l[5Zzz
FT#\<%(N
 sY!^G
33n*!m	
a|2'	;
dU6L_>
o.3uT9_Z
UN/~=MC
dTCg&.*^
tdBq:t|
qO?=Ym
U5Rt$C:J
Pdc&o~2
"TsSz#I2
n8eh6-
5#mX;WU
E|LKOJ\
M/ .Ui
(8+Xj:
Sngnjo
SqcxP9
ya(SA"
fwa<ADh
p@|OfN
Z^eq^fz
hFjq+P7@
osx_XU
Qvq|_-c
{UIO_]s
Jn};B@4
*Lk;JV
zhb^]J
:vAAC?
%tfw{c
#:=O7T
AxOk[Z
?labKu
k=<<gM
#0nwHX
-9&y9b
8Nv>~d
{Q'{|jg
6e-Tep2
9%OZHw
 5O7R=
)-tcx'T7
Y	Q9i)(
uK4Al*
4^@uSj
z:nX{b
AN)2Y)
uo.;eX>
}5lb$G0
5:6D;c
{5df+~a
rAFpMe
Lqr kC
^: Ud/
"4gnVR
*=xYx$S
BU3?GK
4P.c|,
0ZH8-a
b]zP,Z
O {5*	
n?rioq
a`$eSd
T~8\*h
EcWO?g
7t0n^Z
?j Kz 3
N'R{{m
~dv\AgX
3::>xjr
<%w|2[
lB:Lo%
xkXxn}U{
~FG{[4
Y_w7glY=U
\,Ze/@w
Aq=`1/p&
Tmqr.1I
s{9zfh<
i^lcz`
k*j;p!
A7$Bo'b
,&V@V8
LHaLpv
6UxCr0L
E@'|^w>
=?X$}$5
hy>F2,>?
8Xi22R
\iwDoJr
x	u)G8
wwrX{P	
n>u,x#3
 m/o+	AZ%
KseY1W5s
?Rf"f.
lrBwj8
M.@sh?
>"Fy5!
4[j8>b
lYvL'GP
#(LOfy
j1M<h]t"
-x(MTJ
JdU )!
h	]'jx
L*,7kM
(tG_oB
Y[9Jn*
fGw^[2
%LAK?M$
pK~}P"0
6e'qnw
k	-%=I5
6oa=@q
lIH])N
S#EB"(
;a1*[-
:`@Yz$
$|HO"h
q"O'j$B
?zzUp~	
?	h^!:
[eg_oq
K>[u4~
%Pf)	m
w'fF^@'
{}]ld5
!? B%(V
lu"m+z
0F:/M\T
^CpM7P*
~>+n,2
eLKl(h
O}^x\#
I,g=~|
@7UrXFQu
ICOeNhW
'F>t44
gy`QP,YE
<y^GI2
I	`1)N_
JIa	jc9
oa*9U?;'
MoRh\{
&NmtdcL
~A2_/b9d
B$HbPR
+,DHGYl
F"0z4M~
R4KFEt
gh-mN}
3N#)Kl_
k'1	eA
bB]_`~
a"xUI'Jw
X2a9I!
z3XkAr
Q=5zys/N
	G)6w9
}F:7@7L
w^y4h#
HFx3@Z^
to?%DQ
]{mw*)
JSzD>$
 E0mc.
'H 8-g
B*L'6<
6Z?\L_P
HJ62@a
FZGNg9
Cz;k#z
`+o*Sn
!4V3n}
#v2x=-
B_57+{
Z!9?\V
~rJ5I31
T4Xdv*Cu
6 s^iou
4dS^)+,
4, JF9
z&-AQzrp
PRO(PK
'DokaK
qG=<9o
hCV$x*
{yAn;5
H6Ihc%r
G]_5H	&
[P&}hP
D'"AY74c9
d@6[sp>
Fb<j7&
]v\7h<
1#~h ;m
`\3<)2
_BF4cQ[
x9r2J1
a+LCH*
>]'G=}
w2I..J
(7YpC|I
)p79~q
`{3kpS
8-=k	$
@#5w~T
skHM |2/
_)ks	v
ZY3uFp
U2c{*;
s{$&Z+
.T<,+t
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueA
COMCTL32.dll
PSAPI.DLL
GetModuleBaseNameA
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetSaveFileNameA
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
,,,	,,,	,,,
,SSSzTTT
777	777	666
l!!!m"""m!!!n
###Eust
EEEfddd
@))(v@>=
*KKKjKKKqLLLxLLL~MMM
	999?FFFNFFFU???[===^//0hdhk
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>