Sample details: da7530257317a554e4e3153a5ed35e3e --

Hashes
MD5: da7530257317a554e4e3153a5ed35e3e
SHA1: 2127ccf3fd0455ba803ede1dd5c6acce5393b1eb
SHA256: 4c5331045a844f2e3dd58dd9a2c5e959c645f6512485f83dab8b071329538292
SSDEEP: 6144:gjxhLH40gWxlVuRr8x26SUJ1MY7kyDEpM4NJd03BPwCOzjk6jwd3h/NiyATlNX+I:gFhLHdgWcRE26JEFyDEp3Z03GCO3kBd4
Details
File Type: MS-DOS
Added: 2019-05-06 04:12:54
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://103.248.103.108:6325/SQLAGENTSOM.exe
Strings
		MZ52390
!Win32 .EXE.
.MPRESS1
.MPRESS2
v2.12%
CUGE>$
gCN&l\
v{Zn:L
"z,/Q!k
ixRH Y,
BBT5Y@
Y}LHdDS
|}L5xd
*	?=Dr
H+23K=
zV#t="Y
?ZD#,1
9Vh-@(
Lq}$][,
c!GtN5
%LI1&BbJ|
c;?/S]
~vG}\n
;jx+NE`
!Q(0|9
&}=@F"
gH*">o7
-j7",q
Sk5B4|
,ZY(Ja
XfuSd+
R	Bw?E
o#5,7#U|;)
>\4-0j-Q
AHv^wu
%\"J0E
"cu|t-#
JYGxZ=
rQ:*#b]
[R~mt&8
l*[~t)
O_2)d<b1V
vUH@rq(9
n~IIL?
C/i18TMW
:1bKA+m{!
jaZ]1)z?
^7~~ r
iw0X*q
qVPZc:
'Ofa.=
j)0~T)
p?R{]5
\pSz\N
^@0m4,
](\:X5
/hqL.s7,
3wcD&^
;UZ)Ebq
he7,o=
dTn#fl
/O/m`FR
e\Bt OR^
PL`$?S
v*VP4]
+]rigW
)4Ds#Y
OcMhCg
t[|N.>
T/zCR}k`o	
c,aA5,
qAJ[n_7
,ShKUTM
N8T_pw
Z}.Ec##nU
u%BBU$
!@<i/c
9lvuT%}b%lRrE
*rbz9B9
C~arW)
P'A_$;+
mZCu L
	9: 1A
Ko6X.L
E,Tkku
pRC(c&
W-yHMR	x(
*)1*WL
}=#0&,
$XY@nI
G]?%#oXg
A87;}(|	s
8U@adP
z,z+&d
C{[5Jw
#u^DPXf
/2kWV;01
gNITqz%
s8=n_+0
db	4H@
@9+@S+n
{/ !/#
+}gxh|
V#:Nxyz
{n]B+`
NXi<u9
F1s=OZ
 "YOe,k
Y2:Cv5
y)d[fPJ
BuS/ok
e#>Hi|
uQ% JT
33'$iJ
G<VhMA
38aUX'
B~3v<B
?0k+IA
/1kLyU
8LzSco
Cj;~[1
Y%kN35Qh
 Pp`Xlv
dHMB7q
*D&e""#
=c?X|T~7
eb=5Ju
?0:xY>(
}(#v)_
N	3aPx
F?XA5E
d?}=*q
z`(hgDl[
P(ar^l3R
*`L+Sx
!XeQKXIn
w}7in 
#:uqX\
YGN?l%
1M~0-M
z7#VwD
O9#6] z l
@%yeNr
__G6_w
3JzG#$
	$D$Pq
N`8<ka
f=L@UW/p
v'6RJ?E
EVdpLw
<Znq-s
0ZA/D%?A(
{h&[*KZ
Y5_9e}
:@^.I[
ow~5`/
ZSZt4xp
E2.	`t
-*!{ob
E9FK_]R
I]V^!q]
W(s+ca
W@-du4
zU^g$)
cja&sP.i
+[4*yU
Dt6>_N
Cl^(F#
V<.w|y
qi+n97
1y)c"v|
Jfs5f;%
	cp6,C
4JGl/Hv|
#v6~c+1
40_ZT1
-1SKaU
#&~_~w
P_\o.R
9MVp7u
\Xj=}C[#
6+58L$4
~PRc8/N1w
;)`,QO
i(F|LHT
6@&{ 'x
0FljEZX`
I{yj$lo5
BG:*na
zC9EUO
y+uqe3
n@>pZ[6W[
gk*,2}
}$b"(C*
a(ZB~<
^!LiXw
/:/a!M
C;KoM%
nNV~an
tQC7E 
cm-*nt
`3zf'"
~|v3uKW
Yq|o(_
TEf-!-
;f#v-^G
vtvVc}q
zcN6V7&
AE1a'u
4J5GCE$?OFe
"(kR4B
:9;"I$.#
*INT.frG
}!T$8H#
"gj3HTq
n9 PEPL
z*8\5]
C~I\3$
>J3)&8
%/ZzbL
G[6c@S
jUX8I:Q
5{t_r!k
:lpW{g
ei6P|f
R-@	'B
.=Yq_QX 
	r41yDs
(_%C|s{
fw0I{F
` @.NN
1Cl=#*7
`v2Nz2P
{zIOD')
UBd+\G
j{l>m\
uy2jT2
*#AIV	
(V`C0v
IE	IT;
/O L5kU
uXpwE1f|
`	GU9-
cc~XkpS
+@	 6X
^17S>o
F|XX#?
mup_d	
aUQraoOK
-Z#~	r67S?	
9he!!#AA
]\#	Zmj
)Kvh?NJ(
S)YA&%k:f
$_]Ih'
M;`<|O`=
?$Ozvh
V8WYeba
#|vA!0
fk>=S=o
s(TBR3
Ag:3,L
n(U:cM
Z'LqQ6G\Z
J&NVFy
X<6tc0hl
#bNX#@
,\;Bwj
Z].wGz
#BK,Q%
y|?}#7^
dcK~P%
,h7{wB
 ]#!|~
@mlnret6
ZBn6DY
D=%y8jv
*%JuZ(U
d7kV/9
Y8rw86
IJe	_P
l,R'Dg
MB-;^f
hs\1pEI
+mq[7#<
5Smj0DX
)KF@S=
InZpu	`
Fh5W#x%
pFoPN7,
vJ/)O	T
ii"bbA8
/50-dZ
${-] q%n}6
!a\Uq{E
%xLf{1
h  O}}
[Flb]"
c9[g0^
{3{cjX^
0[=80U&%
jECU+1
+u^:XZ
E?93Bg
_eLa7C
-MB=Ip
tC@b#*%u
~7\vY,ZV
dBE>zu
0a3G}?
Rn34VU
Bt'hd|c
KvJ=B5G
H,s<'N
vLn5;.
fdxNj3
H`2?n+@J
kmg!{l
W-%C*a
9'}re6N
e4I'\u
_r"& =_%
i\EI~7 
9"ba3#
si9|VB^X
i:Ip57
/mbBNlrW
6?mFZQ
P,&r e
l7f99/
4E#V:0
7?=(	^*z~+m
@2Z8Z<~
1zvYVb
1n@JnJ
dL0Pal
kNn,*#&j
), j62
pm~u~6
,ReTlB
g@+yj6
j,2ekC
mEk;[.
_	u(UU
;XeoI%
K1IJeT\
LZ:8N/*
h]5?&uT;t:
3zVH.y
u2	4SP
S2!lqIvHA
q)3X6f*
B1mB[Y,_
*/0'B^
?,):P6
j3]vuRf
 *F0NX
:j+rqE|
y<CZqy
TR6OVjK`
/El]A/
ukP`!)>
*BAyoR
~~eBW:U
oOwxs5
EX3KP\
(R17"U
ru|E:a
5lkQq7
ee\4JV
;M>)X]
+s,ykn}4Gi}
5ujsAR.
Tu~1EH.
cD#p0:Z}0
"LW.+f
"*(IoL
Z};+CP5Ha
sZ8e@7v
pr7Og;]
^//o-4v
zfL8LU	
LS#V y
Y-?Dq$
<c=_CsLi
O+}]M1
QF>`%	
3T`tu	
!~09g~
&caiDz
4!^^RuB
CQR\Tp/=
^:.[`Eud[_q
J2&:QK]
m_-,ilU
1b{bBR
}deanB
n)dX_}G
juv;J)
^Ia$}x4K
~grm[~1
V3%L=r
jjI@"8
[Z"$LP"iM
W$(<CeH8
}=AK[8
I~'JE_k
'J[*j>(
za;l#N
iw}=K'
K%|u7w
6-~e:5d
=V8Z;=
hp1C7p
jpPmm#;-;!6
bbJN(:
^7&LI37zr
XNxt@%
NvI@"j
Xm=ks(
8eY[>l
;jHz(l
Nku+GZ
)}h<(^
:)	eWw
1\iw-]
D\Zu9r
RMmsO[
)L~;Zj$
0S@5Dx
3F&^Fk+
z]S5<0w:<
$jalFK
L[NK`:c"?
)@nRB,
+:35TzR
F4D4q*&
cLT<wXy+
uX.7nCs
]&!Shg
5gZ_<u
=,6o[v^u<
a%60RUy
+rWan}
`1%bdcR
U46s]f
Xz$-AX
`F%,6E)
C#vo59
Z&y\e$
\@&a)w
v,vXCS
G!vubD%_
Y`Yy([
\<=rU9{
"xq CTY
R/3"Bu
8 RUr3W
FzDV p
 T_j?$VX
KZdh$)
k}Aq`o
MGY0.IZ
Y;-6_b
9'w?hZ0
F\^:l`)n
SS/SyB
W"p-9u.
Q1wu}sn
+9acfd
49KC'%
@*T5Q!
7,?A[ +Y
e?3iI&
lOGU{MD
\6WL0Sc3
jS+!eS
1I.P/FT
S{hBB|
b*D>V&
_^%t6L
~>BnI.eq
~Fgh*C
2+fJ%u$
bRiGls
}PU\|z
J*Ii<$]
?},&x9
&$?^LO
(Aj+R]+O
,6XLM2
I$T.ek"
/c6+.^d
aEKPYmm^
;l0?I=!
2ku4(7
NWd>+ZF
?`?%I\(
mkJtTxaK
<5gbt'E
M1wmBQ
?^Gl-1T
ZMR\.3K;
~WCPZu
Jf1-B%Il
hDS|\q
y(e4E>
h!JwKzS
8Bvkw@v05IhKi3
<QHhfy9
=W>G>F
v:_2\o
~hu?~	~
BB!7q2
7r0&#F
~2Gfn6
Jx=dNGo-
u+wj;t!
E]0q,1@Q?
M9;$ZJ>
04bO)[d
iJ),:q
;\#(-?
X &]8g
-eD~*_k
fu V73
HKK5\[
)vMIun
Oc(7r}
T{l2Ki
	h.FV#
{jcIn(
;evo6TK
 ho/t]
4499NS
KD.@)B
2d"$t%
,3s~"g
{*,cb&
1o}+>N
>=m8v8
ZcPv)V
X:Jbq},
Ryk[-Qy
:^vl=9
GjE /lX
"k	n:2
<*W|l"
AI>Ec6
%ieq.%Z
%HM)-<uzX*
1xL{4*a
G6S%@z
G,_]"HX
UdGiR;
$&;LTZ
"AY;A(z-
Yo2FY<T
_riUtp
cw-"]_Cm
Ne>L<*
1>s?(E
(@9~?o4
<C+&D\#
S<7=2a
>`pd}xx
sYf.-4<
R`E4nJ
.4B&]	+>
_}SEDgBH
&F|	<!9
k-qT|(C
bA*FsA
GTI&[e]
>m5BP}k
_.$XV;
4qmo~FM
;V;0F	c 
12\d8!
lUMAlB
/.iE{P2
GZRnp	?
<M 9G:
 Qb}~:
`y>))Y
V	iwn?
Kq>|i4
)~abfV
x,z]@P
w_/|2B
%sF	{"zBT
yVwqQX&
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
GDI32.dll
PatBlt
WINMM.dll
waveOutOpen
WINSPOOL.DRV
ClosePrinter
ADVAPI32.dll
RegCloseKey
SHELL32.dll
ShellExecuteA
ole32.dll
OleRun
OLEAUT32.dll
COMCTL32.dll
WS2_32.dll
comdlg32.dll
ChooseColorA
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>