Sample details: d717d5943bdca2758360e4fa3b008a49 --

Hashes
MD5: d717d5943bdca2758360e4fa3b008a49
SHA1: 3066109dbebd2ddd2ce658ca07e88062bc2ff679
SHA256: e2a00647b5fa56b077d3d07b1c05e3b76b7269e07fc3ea84750eb03ad71024de
SSDEEP: 6144:Pbbs8miuWxBn061wjr36UIU+yoTiKVpwCbC/ry7YOTD03AKDGb9V/:TgrTMn061M36RUOTvpwpNO/0dDGH
Details
File Type: MS-DOS
Added: 2019-05-02 12:53:34
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Parent Files
928c1be90a0c7496a691c7a2b631c1d8
Source
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2H
Z4~%7aWI
CA`]jT
A&/T<y
v6&TSH
>}Q	t_
P_ fFb
Bml!(Z.
l0S_9L
	EJ(F+
	% z[M
$VS".z
KdR`@]
	ki--U
wZ^IK!
8f.mZd
Igle$F
h%fK@l6
ySm?:tf
6 A=#b
a+)~DM
q{v~g4|
?RR@;+
DlkTs+
S#a|I{
]ZPk`<r
+QyGad
EU/9zj
	P1&adk
	1NIZ0
TNZL\3v
P|W5JF
FhN!:{
!axLMG5nt
gjw6K4
\c:}\{
,"@AvE
B--o>g
S?\+_P%
$[X;f)
xbB;zcx
P)N(L+
jLXsZv
@tX*T-
&.Kf/Or
""wFHm
msNeC\M1
`vE8){`f
.A'+x-H
5/X^5?
Nj)&hq
+c ?O!
D|9#-_
Fm|t93?
`qRVSr
RT_!Dm
GxeR_b
Jw|k|_
A=}jhB
qs|\#F\
z RynM$
}8(S0k
KTC'V"
\i2?8,
&_CP{r
@.-V,h1
"u~cxq
d+8 }Z
UhF+-%
EuvxVS
@t},.@
B NMro
Tec,!.
#*kJk.H
!Cj4Q}
 MLfs*
M-ei38
;:?!Zqc6x
R`'_rEM
Qju'lA
kR5%4>2n
m56/?0
p+:i(u
MS1St\K#&ks
$qENAZ
CsQKQ7A
Sj_&+=
0_[T1B
TnDoB3F
1C23 		
k'+gX5
-)FQUc
B{,.iD8
R0_]&t	
|RVVFbi
$WU5s,3
jdf(~\{
8NHe!f{
j8(5z1
6T?:Jg
E><T}%i[,
Cpnin!
^?)+c{
Es]xd"
B[8Y%0
}x~>($
Flq%4Z
Jkdl.uO.
>"<;jM;
&PQ ]Z
-PduZa
yU}Dhb~
@Kj|o5
x}/~%yN
lw5@`qx>1
|P}$2Oa\
$%o>n[2
+fWKZV
.RR#j#
R#5k&S
MJqN[7
~%wX+Q
!*YkPB
5qzZf[+
z!>oiT
J_7a,R;
Bbl=GS)eV
G`{M#Iq	
B:c!x^
hS/pa3l
J:myr|VzP
{hK.iR
Gg*e{-E9
Tz->tB
n0vO&:"H
\1@) 8
cy(;A@D9
gr<ugY$|
\"~D}e
gm+E	.
@!E<,8
9h#l:3
SzJ*O/
54s%9m
i"`b0e6>
GPoG\A
NJ%j9~
\ehXrY
|4F,YR
?ij&0@L:4
$$jU53
B^{@>|
9!W>gp=M
H5	\VS
\yr6)|
Z"MK7H
6 ]8r<P
%g<V,1n
&S!J+'
V@5Ye!SzE
m=^*Ht
WZiTb@
"l[Q5{
 AFcoc&
8G8I<f*@
9Y&Wv^
 $#gY.
~SNljg
vgMwNd
/kftpY
b}_CAY?B
`In&9A
jv9x\q
Cvnxpv
%]+1G 
o="^xN
{[olQo
Zbuf>5
Gt8nwA
E+HGAp
,MqU	5
Mx|Ux>n
=!Anx%|
ALG+>2
s'(s"!
cv2rBc
H/`ctXg
WH.g@\
]2P}Z/
k 1NIG9
a[,6@8B
Wdi)M 
'/`"{$n
FCm;8f
>\~L`H9b
dj5-LT
RXeW[5;
SKVCgyI
}hF3]1
{8;i[%c
TGu*P>
z/"/o1
3 -P']c
4T/&-6
giC%M`
UE\P:m=
mZLk"I
e>[GS{@
/3Gw]}
TH}T(*
X %VI:
]X=:ac$
y]eEB)y
>KSWGf
	s0(00
x[ON2<
y]2od!A
GNIux.
-|Hh8R
R$lZ9Az{
}&.cjx
m%&m`,
ts<&dlP
s9wm?:
?_ePl|
]"Gjn'
+%2QlI
Uf6)eWV/
{dH8YB
1[WD1]
@l56JWc
;DA*&J
<EgceT
ErSg?3(6
7b})o&`
?&Rhx`
3-{FBAU3
{0?`5eyg
D78^qj
u)3w_@I
:I}VoQ
:p64m1M
_2n'eN
d5KP-@
ZBKkQ#
Nd]Bx 
?]8:$b}}
glW7eu
z?R> {
Stva4^<
q7}Ng]
phUXtkH
jm&8	C
A{-3&8_
sF}2I 
P:mhy1
~=T@+(
rJV{9[
`u3)E/
gvi#:9
0Lg8D3
x_^P08
ZFw??t
l(0Em>
IW[k.,
MY69Vq
9/{gX>}2
Sd^'+}
Y*;f}&
;Izcd(u]
Tq;S`W
.dlZ& z
kU5d7A
v{84|~3
J/[/bj
Uxz1%X
Yx9<Yz6B
8CS,o:j.
+f>m|\,
z{YnrP
Hab6,P#Q}
KT{O6,
7L2(A7d
8WTpgE
dhcQ}j
e3wB,q
qLe"hr
biHZ!{
&1?jvX
QYJ ;b
V;_+]Pq
TgCesy
}>NjN4
'HZEFz7B
`z]< b
w_C'8?
<o[VTT
&kz">C{~
QUuYwD
%b%Td5
h/umTo
ObF#!u
A%lRLZ
nF;(p;G
L;*CzQ
entkv,
,b5]4/R
N($G=>
y c7<^
^z%i;yN
/J|?M2
^}9D~0i
?	{no!
-,_c ~]~B
{Z}YY"p
!1yI9:P
oB:M|F(
 zS&ba
]k8*L.9
Zn6`ZU=>
yx$lJ2@
*\$kkEs@
9=0T~3
ZQaJ{:&xy
>ve+72}!by
j}lPTgor/
wDf4%B
41&3f2D`
TO NXf:\
?W#Na^
4a[(?0
-74p\@
\8PS?)
*'m@kn
x=-l@x
)heL$x
}y[:#v7
AY\l,A
Lq{oE'
$rOL]j
#DM?*9
a<@\zj
+lrDhvK
L^4TW+7
^E>W'R
KCns1R
z:`^)2
#;KJjx
8MiRjyWgRm4q
,0~$N*tdZ[
ZIz\W!
#-.>'>
N{ WQc
_}vNU,
sjMFz-
H%[j\5
cPB5AUt
(	`)8QC$
+xv2VW
yT~6$K|s
X&5)PY>*
	22F-P
H@3yjK
jQF{EtL
*NPpZg
u_X9I\
0KR&4eu
CQuBkK
`3zJ?Q
[p-*X(
`T~J9m5
k36Q2?]
a-BdsbTK	=8
^N}k{J
r)$FO_
^wB?.~
/8b}Pp
J`Oi]C
,X[h!4*
cN!cil,
Yf}M(@lB
wRwa13
 {3)+P
FAu4_`
75Nd0Lo
YbVTs 
T	}5J]
~_o.V55L
x\V>X#
m@-C78
2qaaR(
su-O8c@
Qg*	8J
dQ=&{^
MzZp2&
#< sQJ~
b{r UA
vnGFxe
TDK5\{
YVC&Ko
g69g,W?
Jqz~@/Q
4wX	^i\
!TtT0*
}s	~|3
m4>v\w
UVge-<$9
5}	OE'
9:^7d#
fP L?l:
M(]}T|
	G'ckQ
X`fh^y
GB%C%n
qJ6x[j
}	,;0'*Vw
vZ1f}Qw
6O&16l
L5[LDEJl
?Ba_}d
K)nT9R
:@<(EY
}$(h7o
&*gVK=
0]_r}G
zdAb?D
L>vfLE
\w7,Kwy
l;f|&l
kZsG!X
W(6uQ9
mlr 8Ey
9cfY<B
Stx' <
&k_l-<
eNlFc;2a
60B+4~W
IsW	`P
ay39:]>s5
r-IAhK
]EYAh=(
gZ`{>@
8+bh]C
g>`TM#
X&MGbR
_&KdzH
NyC Y]7
5S[)	0
'h+6>)~
A_BY]O
1VEmOh
K68qDB
1Z^B!_&;
f~_5r3
Cq"`Bm
7ros}~	
bGvVmo
Ln#zoV
D4Vjjz
a#-KW_q
|:'3[>
wPhF#e
S3,|:}
% F#>}
3hU+q.
&vyH8-c
URSiCbB
7_!P?p/(
^3=lUv
Dtm'|RJ
g`yb^Tm
[jkX2V
ps!tIO 
)on{+q
eshc<Jm
o0_;>z
7j1lXDJ
|XIL\/
#3-((6
(oxx7q
i[,s2Lc
L5(o}aC
mpZgVc
k\KIXn>j
~Y`<|z
T7csCN2?
S$0ksFP
5v:]eg
y N+:[p
8Z-	t8
)dQ"2ae
+o+S`C L
N=Rc&G
7,B:E4z
*B6b/(
q8D4uc
Shwp.\l
vT?R#&{V
7g	2ZG
gq&t[Y
ui2)v;
2^c(Ah
[;B5*9[
 %7Y@rb
$xGc9A
7'j@-N\
(-}8(Aa
Z*^u3Q
oX-yTUb
rNf&bK
QO")Y?8
4W&*j*
%c@@{ t:y
K[K]MV
!+BrL?
K`xP(CW
Q_%{x|
W`;M;v
l74Ymz
sm8d^nj}`n
ZE}IN6YW
1yvzwv
%u8R3W>
\\'`@'(
1z1ybP
/(=smK-0
XuN@ Vy3
54r4guq
4T8G:3A
Jvh"()
!P4L`6>
sV(OHuo7
=9t^(\
G@7bTa@_
`({.UX
N.=EwI
~/ 	$U
bxf0WV
0H^Qbx
]azF&V]
	gH@-z)
{AaGWuc
uNPgf5
^s	Ku7
rgB$2E*3
%8{&:D
NtGI7^
ouS4Qku
 K6NSn
+v[n*a
 ,T'iY
SrBjeR
#Ai	\_
7DfBxU>
9"%tu,
}3:*17
9GqgGZ9
bE262@Z
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueW
COMCTL32.dll
ImageList_Create
PSAPI.DLL
GetModuleBaseNameW
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetOpenFileNameW
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
Y8rPY8r
Y8rPY8r
"""""/
""""""""""" 
;;3333
332-===
"#333"-
""""""/=
"+;33"#
fffffffff
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>