Sample details: cf212b7892d4ef68930c1f9afc58eb22 --

Hashes
MD5: cf212b7892d4ef68930c1f9afc58eb22
SHA1: 01b4201f90002705343f60536891ce99a9c14a8a
SHA256: fdc0cac4c4b18e9dee3d2bdb0c8180e37419c63c480d5886fdadd6e36ea83bbd
SSDEEP: 3072:swmusLIkQqb+tB3ZA62B0K2FklnsdIkQqb+tB3rBpX:nxK1CD32Vm+w1CD3rj
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.udata
@.qdata
]F\L'	>
.1HCXe
c	@mBYC
w4SDEuJ
C_?vq!t
X	3SjH
zSS-D2
~7n,Cj
^PMBFE
"kx*`-
J;h=*/
UI(+X(
Ci\~^[
 T#A:o
f" 1Tc
a|@m':
RhJT_H#
P'='{f
k"T_gX
O)s*|h
g|LQ6Z$
(/K([n@
&pYbU1H
Lr"Ct3
pJTNQx
T){8	I"
z0vwJq
Op$g3u
ArU@/%
cS5fy|
OfM4}'61Wq4
e/2aVn 
6F\rfP
+\4m66
,+ >Lw-
Hx]	=@
Oi_$b(
%V5h0,e
BDsnpC
/ONbnS
c]zR)n
>S	? f
G G{<A
~#cGII%
Q2:RS 
5U \=g
t+sYOq
	IEKS{
<VxW_@
IYpl0kj
V#>Ddb(
	Y*[VO
&vac$6wV
9<8:r0
2rMSc;
<n: z|t 
f{!u|^?=d
onPORDy7+v8
4|PI%r8B
*%IP7?
N8QA/$
ga|?P 
 cKUB#
WNsWw}
tl9>]-
#2J"}9
QG@\#Z
A 	5J 
R$'2lh)
,WY8Be
0		:qe
=M|2`K8
}O|(S%<
YYci|+2{b
8|KeK=N
~!u@9c
)jD^m[
Hr?};h
#l` 8@
B0JAQf
g%kumd
=VFqv+*<"
2!#Zdh
ejWzW+t
tFab8H
.dBw|I
l?YwXj
<4>~G4
_>F)-]<
Un!-7t/
j<].X}
0_8mz!
H>]\8&
jLxNL-
E]WD.x
MyU5W|
b~;CuM
6JL@=)
!mrU,DQ
1t>{0K
<CNdxH
qBCw;CL
?_^*D<
g"t:5b
,p22UF
]F\L'	>
.1HCXe
c	@mBYC
w4SDEuJ
C_?vq!t
X	3SjH
zSS-D2
~7n,Cj
^PMBFE
"kx*`-
J;h=*/
UI(+X(
Ci\~^[
 T#A:o
f" 1Tc
a|@m':
RhJT_H#
P'='{f
k"T_gX
O)s*|h
g|LQ6Z$
]F\L'	>
Y0e0r0
1 1-1B1N1[1l1x1
2+212<2I2V2s2~2
3/3I3Z3e3r3
4/4F4Q4^4k4|4
5)555F5P5_5y5
636F6S6`6q6|6
7#7+7E7V7\7b7o7
8 848N8b8|8
9!91979=9W9h9z9
:+:;:P:V:\:v:
;);9;R;g;t;
<'<A<G<a<r<|<
=!=6=B=O=d=q=~=
>&>>>D>O>[>h>~>
?0?J?c?p?|?
060P0`0j0p0w0
171=1G1P1j1}1
2#242:2@2F2`2v2
3,3D3Q3^3q3{3
4,4=4G4]4j4v4
5'5=5J5W5g5m5x5
6)6:6@6S6m6|6
7$7*707J7_7l7y7
8%888>8D8^8n8
9&939D9^9y9
:*:::G:T:a:q:|:
:	;=;W;g;u;
<&<7<><L<Y<f<v<
= =-=:=K=V=c=p=
>,>2>L>_>y>
?,?9?F?W?]?w?
0#060R0_0l0
1#1/1?1J1W1d1y1
2/2I2_2l2y2
323>3K3[3f3s3
4#494F4S4i4v4
5/5?5V5c5p5
6*676C6Y6b6m6z6
7$7/7<7I7_7e7~7
8$818=8N8]8j8v8
949I9V9c9s9
:%:/:I:^:k:x:
;.;?;Y;m;s;
<)<5<B<X<j<w<
='===K=Q=j=
>'>3>@>M>s>
?,?E?[?f?s?
080H0V0c0p0
1%1?1P1Z1d1p1}1
2*292S2h2u2
3(323F3_3e3
494F4S4c4}4
545A5N5
61676B6O6[6o6
7%767C7\7m7s7}7
838@8M8^8o8{8
9&919>9K9[9e9p9|9
:,:F:[:f:
;7;C;P;a;h;o;v;
<$<><O<f<l<v<
="=.=:=F=`=f=
> >&>4>A>N>c>p>}>
?$?>?O?\?u?
0!010K0i0
1*171D1\1h1u1
2#202G2M2\2i2v2
3$3.3H3X3_3y3
4,484K4e4u4
5,575D5Q5f5s5
6-6:6G6]6c6y6
7'7:7T7k7x7
8'878D8Q8^8o8z8
9&9,969P9`9k9x9
:0:;:A:[:q:}:
; ;3;B;\;n;
<(<5<B<S<]<g<
="=<=j=u=
>5>P>V>p>
?!?.?;?L?[?f?s?
0,080E0V0p0
1&1@1U1b1o1
2%2+2I2V2c2x2~2
3"383E3R3c3i3o3u3
4(444K4k4v4
5 5,595J5d5y5
676G6a6s6
7(747A7R7X7^7x7
8)83898S8e8r8
9"92999I9Q9e9l9w9
:+:?:I:c:s:
;%;6;P;`;f;r;
<5<M<f<{<
=*=;=I=V=b=r=
>/>H>Y>`>r>
?+?8?U?b?o?
"0/0<0L0W0]0c0}0
1/1<1H1`1l1y1
2+2A2G2a2x2
343D3M3g3w3}3
4'444A4Q4d4q4~4
5%5=5C5N5[5h5y5
6)666C6T6n6~6
767G7P7\7b7r7
8!8;8L8f8{8
9-9>9E9K9e9
:":/:?:E:_:s:
;";<;Q;W;q;
<$<*<D<T<l<y<
=%===W=p=}=
>%>;>U>e>w>}>
?%?2???L?\?b?n?{?
0%060P0h0n0u0
131D1J1d1t1z1
2"282E2Q2b2t2
3%363B3W3d3q3
474Q4h4t4
5$545M5f5~5
6$6>6S6Y6_6e6
7&777=7F7_7p7x7
8 8&858B8O8`8k8s8
9'989>9W9h9n9t9
:,:M:S:m:
;0;A;P;];j;z;
<$<.<G<]<j<w<
=*=?=L=Y=o={=
>!>5><>V>o>|>
?/?H?N?T?_?e?~?
0"0/0@0G0a0r0x0~0
11171B1O1\1q1}1
2(2/2I2`2m2y2
3#3;3A3L3Y3f3w3}3
434H4P4[4h4u4
535D5J5d5u5{5
616M6Y6f6
7$797S7i7v7
8%888B8\8m8x8~8
9(9.9:9F9S9
:2:E:_:o:u:
;8;H;V;e;r;
<4<I<c<}<
=!=3=9=D=Q=^=n=t=
>5>@>Z>k>z>
? ?:?T?Z?t?
0&0@0P0V0\0p0
1)131B1O1\1q1|1
2(2@2M2Z2k2
3)3?3Y3x3
4%404=4J4Z4s4
5.5?5M5g5w5}5
6!6/6;6H6a6n6z6
7#7-7G7a7g7
8/888B8\8n8
90989R9b9|9
:,:::G:S:c:}:
;&;6;<;B;[;n;t;z;
</<?<L<Y<p<{<
=%=;=A=K=e=v=
>*>7>D>T>`>j>p>
?"?/???N?[?h?u?
080E0R0b0l0{0
1&1@1Q1k1|1
212>2K2X2h2w2
333@3M3^3
4-4:4G4\4i4v4
5*575D5U5n5
6,626<6B6L6Y6f6s6
7(7.787M7S7Y7d7p7
8#8*828:8A8T8Z8c8h8o8u8~8
9%9/999C9I9U9i9t9z9
fxdfredertazxs.ocx
tzxrzxzbqwfret
]F\L'	>
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
]F\L'	>
.1HCXe
c	@mBYC
w4SDEuJ
DowngradeAPL
ComPlusMigrate
clbcatq.dll
SHFileOperationA
SHGetMalloc
DllUnregisterServer
ShellMessageBoxA
ExtractIconA
DragFinish
SHCreateShellItem
SHGetDesktopFolder
DragQueryPoint
StrChrA
FindExecutableA
ShellAboutA
DuplicateIcon
SHGetDiskFreeSpaceA
SHFree
shell32.dll
HeapFree
GetStringTypeA
FindFirstFileA
LoadLibraryW
GetProcAddress
GetPrivateProfileSectionW
SetSystemTime
CreateFileW
GetModuleHandleA
CreateMailslotW
CreateMutexW
CloseHandle
OpenEventW
GetLongPathNameW
kernel32.dll
WTSEnumerateProcessesA
WTSUnRegisterSessionNotification
WTSLogoffSession
WTSWaitSystemEvent
WTSQueryUserToken
WTSVirtualChannelWrite
WTSFreeMemory
WTSVirtualChannelClose
WTSEnumerateServersA
WTSVirtualChannelPurgeInput
WTSQuerySessionInformationA
WTSSetUserConfigW
wtsapi32.dll
RegRestoreKeyA
RegDeleteValueA
RegLoadKeyA
OpenEventLogW
CreateServiceW
LogonUserW
GetUserNameW
RegUnLoadKeyW
RegOpenKeyA
RegEnumKeyW
RegCreateKeyExW
advapi32.dll
NDdeShareAddA
NDdeShareGetInfoA
NDdeShareDelA
nddeapi.dll
m1trfdsimnhfrtvcdevsx
mccc___ce_s__
kernel32.dll
miiiu_lAlloc
utfwzzonaple
yspqoabdtydyhtyp