Sample details: d97f841c20e3ede79332d7cf0a6634de --

Hashes
MD5: d97f841c20e3ede79332d7cf0a6634de
SHA1: 2d885362f4753123c149bcf537931d93ea7ec14f
SHA256: db43ec1dd1e950081bf994caebd108beef030ac8bbf69d258bd26a8e5b1e0f7f
SSDEEP: 768:t7hLa4zIfXmPvUVPKbb8SCHxpi5ivLHkGM5RzuR8XXnyTFWlipB4taXuh7D:tdeunUCbb8Sg1LElDzuynnyTFsAuaX
Details
File Type: MS-DOS
Added: 2019-02-26 04:44:09
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/Str_Win32_Wininet_Library | YRP/suspicious_packer_section | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2
Q6/<a:
lEjz^2|; tn
^@D+:G
z.j|?a
ykAvlu=h~q
LtrOvYz
!qCvI'
=}4Wqg
>zf]ET
h``1_1
_Y_1hu
XP i0!
C:o~P;
^Kk6LE,
"ER:an
*t"fAj
gbjAxg
)@0b(!Y#)o
Vw4)#A
+wvAc_
,.@0d{
2\7_!K"c
Q_0t}-c
b?g0N~
e8&ndo
v%mfw2 U
qI*_Z@
#-q~lz
VhUOVx
%<dUJ`W
PM6A4#
vRHl#v2q
)B|Yk#z1wJ
%P%Tjb
{so|b1
%IL E64
m/(S/mc
2;GV/a
3.(Jytu<
pR\u~7
hYG;yT
	C;tv1WX
q^Y#n+k
LM&7Z*
2[sf%_&
@Z`(N,
9=x^2L
<;k+OIi
[b/}oU
yVtY^V
o4iCjF
~&0MC,
bXuA	q
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
advapi32.dll
RegCloseKey
ole32.dll
CoCreateGuid
shell32.dll
ShellExecuteA
shlwapi.dll
StrStrA
user32.dll
wsprintfA
userenv.dll
LoadUserProfileA
wininet.dll
InternetCrackUrlA
wsock32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`