Sample details: d045ea5ed9fca2b2a225f3aa9e5cb7c7 --

Hashes
MD5: d045ea5ed9fca2b2a225f3aa9e5cb7c7
SHA1: 89025b3efc1d62ecb761b81b6f7b93dddb573f2c
SHA256: e21eafb1abf4337a07005a911a535edbf501662adb5e4b763e6936db561c978e
SSDEEP: 3072:LOCq8KvOb/2LZWnit/FcTDervX5kSFvuKgZBDJ3MHgDLblbPFUlR:LOCqpvOb/6snit/0DezX5kwvwZB+sbR+
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
		!This program cannot be run in DOS mode.
`.rdata
@.data
B!=]0B
G	5q1B
C1=?0B
0+=(0B
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
G~ufJB
462n	@
OFF`P0
hx#zZ9
L7@T~6
T1)NAD
$s$cZ~
K-	=Lbd
i@:{:_
Mp075~r}
A$3[:j
Kg\R}e
F6eF_w
8oi[Yn< 
6zqBpD
wf2B_'
iqR$tC
I+pmxj
wvdiJ7
CQuTTK
p~'&mB,
~PO/?aS%]Q
;toCzQ
i20g[p0
kwA77k
J <f?7Q
r?P9ae
+)S7j%>)
+x!AIrc
_=Wwop
{.aMC)
vD:qPcxq
-)-"x"
z;^IP	
ln*f5s
5wksWE
+EL7jP2
t33JpD
SVck	0
`eU_z)"
L0;YL3
f7"D%5
 _jM3$v
G#_>u3
O/U&O7ggA
LEQ?j0
EcROv"N
QaAiN'
g$@{%>U
^InS.)G
#4*mF]
?z9ar;
#`Cj>B
Bho*`/s
#LL^5oe
#>5l8!w
T&0pKo
$	O}'W
R/59`n
kM;i'o
sIcdJuHg
0z}@7`
Pkw:Yv@
3R'9uK2
oU]O<;^
Z	YJPH
]'bMoi#
|GmX%._&?
JD6.F&
R3^^ZV
|y_rNy
8d)=.Q
ekT*$0?
neor\$1-
YBFKk<
<v/5}X
Lu97U:
t"gBVM;
jSRh+D
P-Hqsc
w&qoEgM
xf/!ngNhe
:=Ge+[E
tD7~	9
1<JMp^
#8P`oBP
HZ<mq,
\~dN*O
tb	Z|_H
w[	!EGK
'9&!_bf
b-\Vw"
l0*D^q
k&~MY5
T)gp_0
/RJF6x
S1L	#;
z4Q`oZ
m6qj; 
-xi!_9
ge0pU7M
Y,+H o
BG_nzLo0
dpp	;8/u
":mwf|	6
wi-}#[Xj
+'AOm*
Qf8sc'
Qf8Oc'
Qf8Kc'
Qf8gc'
Qf8/c'
Qf8+c'
Qf8Gc'
Qf8cc'
Qf8{c'
Qf8Wc'
Rf87`'
Rf8o`'
Rf8k`'
Sf8wa'
Sf8Sa'
Tf83f'
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
CPGenKey
CPDecrypt
CPEncrypt
CPDeriveKey
rsaenh.dll
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
RegLoadKeyW
RegEnumKeyA
ReadEventLogA
RegSaveKeyA
RegUnLoadKeyW
RegCreateKeyExW
OpenEventLogA
RegOpenKeyA
RegDeleteValueW
RegRestoreKeyW
LogonUserA
advapi32.dll
GetDateFormatW
CreateFileA
CreateMailslotA
LoadLibraryExA
GetSystemDirectoryA
WaitForSingleObject
lstrcpy
GetCommandLineA
OpenFileMappingW
GetCurrentThread
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
CreateMutexA
GetEnvironmentVariableW
lstrcmpi
kernel32.dll
InsertMenuW
GetPropA
LoadCursorA
DialogBoxParamW
LoadMenuW
	wsprintfW
FindWindowW
IsCharLowerA
SetFocus
LoadBitmapW
DrawStateA
CreateWindowExA
PeekMessageA
GetDlgItemTextW
CharToOemA
user32.dll
RecycleSurrogate
SafeRef
comsvcs.dll
60@0G0M0Z0f0n0y0
1 1+181D1U1[1h1t1
2"2/2:2G2S2w2
3'343?3O3\3g3t3{3
4)434@4L4[4e4k4q4x4
5$5/5<5H5X5v5
6"6.686>6K6W6d6q6}6
7!7)7=7I7T7
8)868B8V8d8q8|8
909=9I9Q9W9b9h9o9u9
:/:9:S:\:g:m:z:
;+;7;?;E;P;];i;
<(<4<B<P<a<i<o<u<
=4=A=M=]=d=p=}=
>$>5>;>C>O>\>h>x>~>
?"?/?;?N?[?h?t?|?
0#030@0L0]0c0m0v0
1&121C1J1U1b1n1
2%2:2G2S2k2q2~2
3 3-393F3S3^3o3w3
4&4,494E4T4a4m4~4
5 5*505:5G5S5`5m5y5
6&636?6T6`6m6y6
7,727<7I7U7m7z7
8%808=8I8_8l8x8
9.959?9L9W9d9j9p9v9
:$:/:;:G:c:o:|:
;#;/;;;K;Q;\;i;u;
<!<:<@<G<U<b<n<
=*=H=U=a=n=z=
> >0>7>=>J>V>e>r>}>
?%?,?2?>?K?V?g?r?
0!0.090J0W0c0k0q0{0
1%191T1a1m1}1
2!2'2-2C2O2[2l2x2
3#3.3B3H3U3a3q3~3
4$414=4N4[4f4n4{4
5&525E5K5Q5Z5g5s5{5
656;6A6M6X6h6u6
7/757;7F7R7^7n7z7
8$808@8L8X8`8f8u8
9'999A9N9Z9e9k9q9w9
: :-:8:@:I:T:`:l:
; ;4;I;V;a;r;x;~;
<!<-<9<I<T<_<k<v<
=#=/=;=K=]=d=j=w=
>#>0>=>I>Q>^>i>q>w>}>
?$?1?=?M?T?Z?f?r?
0$040;0F0S0^0q0x0
1%121>1]1j1u1}1
2)2:2G2S2^2i2o2{2
3)313>3J3Z3`3j3p3}3
4#4/4E4R4]4m4w4
5*525K5W5c5k5q5w5
6%6/6;6G6V6a6n6z6
7#7/7E7W7c7p7|7
8!8(858@8H8N8[8g8w8
939@9L9W9_9h9o9|9
:(:5:A:Q:W:d:p:x:~:
;!;8;E;Q;e;r;~;
<&<2<:<G<S<k<w<
=(=8=E=P=X=`=f=q=~=
>*>:>A>K>X>d>l>w>
?"?*?5?B?N?^?d?j?q?|?
0'060C0O0_0e0q0
1(141G1T1a1m1u1{1
2!212;2J2W2c2w2~2
3'343?3G3M3U3d3q3|3
4/4<4H4U4b4n4
5.545:5W5d5p5
6 616;6E6K6X6d6l6w6}6
7&717>7J7]7j7v7~7
81878>8H8S8`8l8y8
9(9;9E9P9]9h9p9}9
:+:;:A:I:V:a:p:y:
;(;4;L;S;^;k;w;
<(<0<7<D<P<X<^<f<q<~<
="=(=3=@=L=]=j=v=
>$>1>=>U>a>m>}>
?'?/?9?F?Q?Y?_?f?q?~?
0'020B0X0e0q0
101=1I1b1v1
2"2-2:2F2W2b2n2y2
3"3*373B3J3P3V3c3o3
4#454M4T4a4m4u4
5'5/5>5D5J5W5c5p5v5
6%6+6@6F6P6f6s6
7&7.787>7H7U7a7n7t7
8!8,898E8b8~8
9+979L9R9X9b9m9z9
:!:,:9:E:U:[:a:m:z:
;(;1;>;I;Q;Y;c;o;|;
<#<)</<<<H<U<]<g<s<
=#=+=5=V=\=g=t=
>+>F>L>Y>e>x>
?&?,?2?8?>?K?V?`?j?v?
0(00060A0N0Z0p0|0
1"1+161C1N1_1l1x1
212=2H2R2_2k2x2
3(343P3]3i3q3|3
4"4(4.4;4C4M4c4l4y4
505@5M5Y5a5g5t5
6 6,6K6Q6[6f6s6
7%787H7O7\7h7x7
8)848G8M8S8^8k8w8
9"929>9J9Z9`9f9l9r9
:":.:::B:M:Z:f:
; ;*;7;D;P;h;u;
<+<8<D<U<\<b<q<
='=4=?=Y=e=q=
>)>5>F>L>Y>e>r>~>
?"?-?:?F?Z?g?q?~?
0*020@0H0T0a0m0~0
1 1,1<1B1Q1e1x1
2"2/2;2H2O2Z2g2s2
3%3+363C3O3g3t3
4"4/4;4N4Z4g4s4
5-53595M5Y5e5}5
6%6I6R6_6k6v6|6
7%7+757;7E7R7^7f7q7}7
8)8/858@8M8Y8j8u8
9+979G9S9_9g9t9
:0:<:C:I:V:b:j:q:w:}:
;&;3;9;?;];h;u;
<7<D<Q<\<s<
=(=9=F=S=_=o=z=
> >&>,>7>D>P>h>u>
?(?0???E?S?`?l?
0+070Y0d0r0
1+181D1T1a1m1u1
2#202=2I2_2l2x2
313=3I3U3f3r3|3
4,484K4Q4\4i4u4
5 5(525?5K5S5Z5c5m5z5
6*656=6J6V6^6d6n6y6
7,787N7\7b7o7z7
8,888E8R8^8y8
9$9*9;9H9T9^9d9s9
: :':2:?:K:`:m:y:
;&;,;2;?;K;S;`;l;y;
<"<.<?<L<X<}<
=#=0===I=Z=`=f=p=~=
>">/>:>M>\>i>t>
?#?.?>?D?O?U?\?h?n?
0!0.0:0J0T0c0p0|0
1+1>1K1W1m1y1
2*2?2E2R2^2f2p2v2
3)353E3R3^3o3u3
4$444I4O4\4h4p4z4
5 5.5;5F5S5^5t5
656B6N6_6e6q6~6
7%797B7O7[7p7
8!8.8:8D8R8^8j8
9%9.9;9G9T9a9l9|9
:,:6:@:J:Q:^:j:r:x:~:
;#;.;;;G;X;^;e;s;~;
<-<:<F<V<\<b<h<n<{<
=&=3=?=P=V=a=o=|=
>&>2>H>T>`>q>w>
?*?5?;?H?T?\?i?u?}?
0*0;0A0I0X0^0k0v0
1)131N1[1g1y1
2+2;2H2T2_2e2k2x2
32393?3Q3^3j3{3
444:4D4P4\4i4v4
5*575=5J5U5]5c5p5
6"6.6>6K6V6h6s6~6
7)747A7L7]7c7p7|7
81888>8I8V8b8s8
9'959B9N9a9h9n9{9
:#:):6:B:R:_:j:}:
;);2;9;@;L;a;n;z;
<$<*<9<E<Q<]<m<s<z<
=#=)=2=8=I=S=Y=b=g=n=t=~=
>%>/>9>@>N>W>]>d>q>z>
ldbcbcp.dll
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
gqirojgnipqxccpst
uhhiyotlhnocwt
tkgpfvdndlsujgw
H<mqz|
6|?w4	t
QvD5v7