Sample details: c22b0f61346be211660435284a117618 --

Hashes
MD5: c22b0f61346be211660435284a117618
SHA1: 9d49bbb2fa68eaf3eabc6cf6fd95d33330ae439f
SHA256: 7991359d3441e30467bfe3729b0fa1d2d3bfa62a179f0444b6f1269113dde6b0
SSDEEP: 3072:CexKxf5eXhXPrml8JVVddCkmZrLYpZkyDArvrZNrKTdtnr:CeXXlPCqVfbmZrLwFAbdNQ3n
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex | YRP/win_files_operation |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
=0=O1B
%+=g1B
i1=a0B
&!=`0B
MAp*;2'
p%t,Bd
5R6i(Lh$
{..bFX&5
y_mWol
%4R}]b
Tus|Y]\Z
O||W}?
 n;[S/P
/m+k%<
$yUXPk
wfxkE$
EySZcH
P.Z>@xj
u]$!3P^c+
jIu=6B 
L^#8=t
wr*p@/
2}&i++
Lo\0x6
yaaR6l
vjIGD+C5
mDVEeM
I>\j{~
z[D#[.
,|Eyup
6A}5l 7
[M`] N
,zFP u|8
et-VO"
J	+uN+z
"o]%cd
}!&f8.h%
US}M*"
V)Pn:If,&
`eg%0S
Zmw1~?
?O+x{X
,mdr&g@
K7Z5yvL
\BX`rv
$KnE?q
!h"Dc?
|mji<8
+" 3$x
760h?>q
~ko*6mx@
gU_W7+ql9
uWe0xQ
QRvwsD
E2%vws
[(_8yV(
"/mp8R#
aWG:%Y]
ZiF)$z)
gkQ?''
={hDW^f
6K"^LK
gV=@gAK
l+*--9Lk
!7G7/E
U`Pm }
Gz"-	F
2L%j`&d
dLi~Is=
,1l=s?
=5":x)
h c^~zZ
H"0<Vc
d,S%%9
j(`$Xi
2c 0zPa
5es\H#2
i=p_0py
\"'G%*
w(\hJ~
GX)AQWh
zjfFp[
o`g#]!W
iX4aZ/J
2p6-.]
9Y;ir{
-ix>;(
3,X'b.
KJwJ4s
"s2X80
z+)4Hj
z+) Hj
z+)DHj
z+)hHj
z+)lHj
z+)pHj
z+)THj
x+)tJj
x+)XJj
x+)\Jj
x+)`Jj
y+)$Kj
y+)HKj
y+)LKj
y+)PKj
hGg)lR)
XYk)T@-
RhL `)
HC(3pRT
W&G`R@U
G"?euc
|#OqtE
L".M8D
faVc@S
M @*%7
=m&?j_('m
vig3MY
>_}d<r
TgsZ(n
5c^F]D
2Qe{Zl
@=3D<F
Hp.wo?
|j jj2z
%?yaEI}
 I[B*L
Thv6f)
Thvnf)
Thvjf)
Uhvvg)
UhvRg)
Vhv2d)
Vhv&d)
VhvBd)
Vhv^d)
VhvZd)
Thv"f)
Thv>f)
Thv:f)
Thvrf)
ThvNf)
ThvJf)
Thvff)
MAp*;2'
p%t,Bd
5R6i(Lh$
{..bFX&5
y_mWol
%4R}]b
Tus|Y]\Z
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
MAp*;2'
p%t,Bd
5R6i(Lh$
{..bFX&5
y_mWol
%4R}]b
Tus|Y]\Z
CM_Add_IDA
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
CertGetStoreProperty
CertFreeCTLContext
CertOpenStore
CertOIDToAlgId
CryptProtectData
CertEnumSystemStore
CertControlStore
CertFindCTLInStore
CryptMsgGetParam
CryptMsgUpdate
CertCreateCRLContext
CertDeleteCTLFromStore
CertGetNameStringA
crypt32.dll
CoLoadServices
SafeRef
CoEnterServiceDomain
RecycleSurrogate
CoCreateActivity
comsvcs.dll
RegDeleteValueW
OpenEventLogA
RegEnumKeyA
RegRestoreKeyW
ReadEventLogA
LogonUserA
RegSaveKeyA
CryptSignHashA
CreateServiceW
RegOpenKeyA
RegLoadKeyW
GetUserNameA
RegUnLoadKeyW
advapi32.dll
GetMessageA
CharToOemW
CreateDesktopW
SetFocus
DispatchMessageA
PeekMessageW
FindWindowW
IsDialogMessageA
InsertMenuW
GetDlgItemTextW
DialogBoxParamW
LoadMenuW
DrawStateA
MessageBoxA
user32.dll
LoadLibraryExA
GetProcAddress
GetCommandLineW
Heap32First
GetOEMCP
lstrcpy
GetStringTypeW
WriteFile
GetModuleHandleA
GetACP
CreateFileA
WaitForSingleObject
GetConsoleAliasW
CreateMutexA
GetLogicalDriveStringsW
LeaveCriticalSection
OpenMutexW
lstrcpy
kernel32.dll
50;0T0e0l0
1"1*181>1W1i1p1
2$212=2E2K2Q2j2{2
3 3(3/353D3J3P3i3z3
4#404;4C4I4U4a4i4y4
51575L5Y5e5m5s5
6#6<6L6R6\6r6x6
7)7:7F7P7i7z7
8)828?8L8X8`8l8r8
9)91979P9f9l9t9
:):5:@:F:R:\:u:
;';1;=;I;Q;^;j;w;
<-<3<?<L<X<`<x<
='=1=J=[=b=j=
>!>+>1>7>=>V>t>|>
?!?'?/?;?G?O?\?h?p?}?
0%0-030=0G0S0_0g0
1*1:1G1S1[1a1z1
2$202<2I2U2]2c2|2
3#303C3P3\3d3p3{3
4%4-434?4E4K4W4b4j4q4
5!5-555;5T5d5s5
6"6/6;6C6Q6W6]6g6
7#7<7L7T7a7l7t7
878G8M8e8u8
939C9M9e9
:*:2:?:K:_:h:u:{:
;);6;O;`;y;
<%<><S<Y<c<j<
=+=8=P=V=c=o=w=
>%>->4>L>d>t>|>
?%?+?4?A?M?U?_?e?k?w?
0)030=0F0_0q0
1*151N1_1g1q1w1
2%2A2L2R2_2j2t2{2
3 303?3L3X3e3m3w3
4)4B4U4[4e4t4
5&555;5A5G5`5q5{5
6.656;6H6N6[6g6v6
7#7;7H7S7^7w7
8'8-8:8F8N8T8m8}8
9!9*949>9J9V9a9k9x9
:(:0:=:J:U:]:g:
;&;.;:;@;R;X;c;l;x;
< <&<-<3<@<L<T<m<
=5=>=W=m=s=
>6>F>M>Z>f>v>
? ?*?0?=?I?X?q?
0)060?0J0W0c0m0v0
1*161>1W1l1r1x1
2%222>2H2a2r2|2
3!3*313J3_3f3m3u3
4+4;4T4e4k4t4
5)545>5E5^5t5z5
6,6<6I6U6]6g6o6|6
7'7-7;7H7U7a7i7
8%868=8V8f8
9$9?9E9^9n9
:%:,:E:V:o:
;!;);1;J;[;t;
<*<5<;<H<T<^<d<k<
= =,=8=@=G=M=T=a=m=x=~=
>#>)>6>A>K>a>m>u>{>
?#?-?3?>?D?\?l?r?
0$000I0Y0f0r0
1'1-131@1L1T1a1m1u1
2$202:2F2R2Z2`2g2
3)33393?3W3p3
4(4<4C4\4p4x4
5"5(5/5<5H5P5W5b5h5
6 676>6D6J6c6t6{6
7$7*777C7P7V7`7m7y7
8%8=8F8_8
9'979=9J9V9^9d9q9}9
:":.:A:S:d:j:p:}:
;(;0;:;S;e;q;};
<+<8<D<N<g<w<
=$=*=7=C=K=d=w=
>4>J>c>p>|>
?1?;?A?N?[?g?o?y?
0"0(0.0;0F0N0`0f0
1!131L1b1h1n1x1
2!2.2:2I2V2a2q2~2
2	3"383?3\3c3|3
4.444;4A4G4T4`4o4y4
5(545D5Q5]5e5r5~5
686I6O6^6d6p6|6
70767@7F7_7x7~7
8#8+818A8H8S8`8k8s8|8
9$9.9G9W9p9
:!:+:;:B:O:[:c:i:
;+;7;D;J;c;t;
<'</<;<G<Q<W<^<i<
=%=,=4=>=H=`=v=
>#><>M>S>Z>`>j>
?)?9???G?M?^?h?o?y?
0%0+0D0\0b0o0{0
1 1.1;1G1O1Z1`1m1y1
2&2/2H2Y2g2
3/3B3H3N3Z3f3n3u3{3
494C4M4\4i4u4}4
545E5Q5]5m5
6!6)6/656;6T6d6r6|6
7%7+7?7I7V7b7o7w7
8"8(858@8H8S8Y8f8r8|8
9!979=9D9M9f9v9
:0:@:Y:w:
;5;C;U;m;
<&<3<><W<^<d<}<
=$=+=4=M=^=h=y=
>*>5>M>^>d>n>z>
?5?F?S?_?g?t?
0%0+080D0L0R0\0u0
1)1B1T1^1d1q1}1
2#2.2:2D2L2h2o2u2~2
3/353N3^3h3
4-434@4L4T4^4n4x4
535L5b5h5
6+6<6C6\6m6
7.747D7M7]7c7p7|7
868F8_8p8y8
9$929K9[9s9
:#:):A:Q:]:i:q:z:
;!;);/;<;H;X;^;j;v;
<"<;<K<d<u<
= =-=9=A=K=V=\=e=r=~=
>'>->F>V>r>
?!?0?6?O?`?j?w?
0&020F0L0Y0d0l0v0
1#1+121>1J1W1]1d1u1
2-2>2J2V2a2g2m2s2
3,353C3L3X3d3l3r3z3
4"4(454@4M4S4l4|4
5%525>5F5W5c5o5w5
616A6G6M6U6b6m6
757;7B7O7[7e7q7}7
8 8/8<8G8Q8W8p8
9/9F9^9t9z9
:#:3:::V:]:c:i:p:
; ;-;9;A;G;M;S;_;k;s;
<!<)<B<Y<_<j<v<|<
=	="=2=<=F=O=h=z=
> >8>I>b>y>
?!?9?J?P?h?y?
0 0'040?0O0U0b0n0
1)1/151I1V1b1l1r1x1
2$2=2M2Z2b2l2x2
3-3:3F3N3Y3a3k3q3}3
434F4^4n4t4z4
5+5<5U5p5v5|5
6)696@6M6Y6a6g6
7%7;7A7G7T7_7g7m7u7
8!8)8B8T8m8
9%969<9I9U9]9c9|9
:+:3:@:L:T:m:
;#;*;0;I;Y;_;x;
<%<+<8<C<K<Z<s<
=(=4=C=P=\=h=
>%>->E>U>^>j>v>
>	?"?0?I?_?i?
0)0/070=0L0Y0e0m0y0
1"1/1:1B1H1S1l1}1
2-292E2U2c2t2{2
3+373A3K3X3d3s3y3
4!4,444G4M4U4n4~4
5"5(5-545?5I5O5^5d5j5s5}5
6$626<6G6S6e6k6q6w6}6
7 7&7/757>7E7K7U7c7
9#9-939<9B9M9U9[9b9x9
l1tyhnmiopkmnyunbgtybvc
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
dlyurplvyfnn
xcyvxoxvbojuibvl
MAp*;2'
DSDS.S