Sample details: ebe27fddc583ab9e84276bd53682b4ed --

Hashes
MD5: ebe27fddc583ab9e84276bd53682b4ed
SHA1: 5c7f55706534e3c0f64f2022ef173c63fa28eecf
SHA256: 4ed147512124047bb6dadc861434bddbaba082d7bc50fe5ce3f3c4446fbf69ad
SSDEEP: 6144:e08sAv4SkVsimYTdry+V0iO78WvdJvB3hP4hFuVXA9riwwNmeiYmhjdAXF3FRvCt:U55Cznd0iOw0JZRg3u5A0wumeiY02BFg
Details
File Type: MS-DOS
Added: 2018-06-22 17:53:00
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/IsBeyondImageSize | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/screenshot | YRP/win_registry | YRP/Str_Win32_Winsock2_Library | YRP/suspicious_packer_section |
Source
http://checkandswitch.com/afile/3.exe
http://checkandswitch.com/afile/3.exe
Strings
		!Win32 .EXE.
.MPRESS1
.MPRESS2H
JfkQ9%uL
:-[$:I
BLhJ_h
Yy%:` 
iT7^NK
sX$<|c
TexQ-j
o|=:P(gM
K{vk{C
|Pv}DY
O{Z:\h
}o	z)Q
WmA,My
y,W1 R+
@L(YJu
IC^ok3
&K=,}a
5V<_a1
,sNPa/
<&wa#V
Fe|Yji
O]\xHe
p_|J91
x,$asD
-"/L-xG
u`x|C;
?<x(ah
n8b-#e
*Z8D^]
mRCo`vw
-phG%2
"7<*d)X
rF0Stt
YPf(-W
24wUU{y
S+(4xY~
:S1nAK
lP{`-D
/G!*A5
 9?u7?
7Y?0J/
cOn:_;
GeUIK"$
;r)AW&#
BGUpR;
1Jjv0K
6=Iq%y
5$x`JmT0
O'OA<`Q
Q<G7 2
9$d~aA
Z;w$.1
*&0R2yN
eNirQ}
?IS$wY
<6>Cko8
;=OU0H
}EaSMgKDP
I]L{g[/hN
|f74>g
")bjUY
Z3AvVG
i6oPM!
[ZYoW2
EA6Amjb
noi<q.H
3il(Cw
M[5gM3
>.q^`t
	clrp-V[t
UPBu0r
(GAz#=
,e{ $}
q2=rYE
03-J<~
ta7OTT#
8o_fVY
[|5<q~~
t#r#W%
P*[(`|@
CAS+R>
3PK;Y^K
m83kF]
GeZ?T M
Fa>yXaA
IZXMMgn
Hkw=&^
P177@G
LLcj)-
>+E MY!
U5[TsbS
[|Nm44
o	bp.~1
5!323.Ak
XD*]w3
I-x"'h
'uvCc9
0j!SE"~J
@jJ/k;
)d8k&V
-YtSC&
'Kz8w%
5?UftO
`\H/sNf
vL^%*Z5
<Z@%~\
v<X8A+
_?Z36Z,"W
l	VeKH3
r_;^'se
X!9f,:
eCs9JC
Z|dP>k7f
lh!+V~R
Css:mR
e`d57sUI
Ty/.@ 
}|Cj&UD
g~3#m~a
L~TO&zV
b()6k%m
oD}|4*+
z6N	'QQ
3;.OCS
qh!YzR[<
(=3|w<
	e(uQ}H3
;}A"Sj
7L^}Ip
4HaDi:V
;TmJg@
?;Ik8'e
C4[J}yp
4}AEO<
[VK*C{L
e2L\F\	
?Zk1X-7
j5iEf{
?6lq-7
sftcC#D
slBt"&)
OR~i#/
"hV3yh
<N4tgX
+M~ka 
 !rJAo
.f)\o6
Y"@E`_
'9@x`d
M'SV b
E@_+>d
"oUa 4
,W*"'jA
U(9@~L
UD-NU7d
$?ZY7D
^k;%s{
/{p!^*
AwtFMv
AQ8qT\9
yS<L-oCR
.RQu5Bu5
lE5CX`bJ
+fG|k@
u)E-J-
a=OX}IX
"'9kd&
CE-^Zzn
$L(meyuA
`%%ik^%"f
Wv-)r-~<
1R	gB)
)Wxz5E
	EyV#2e7!
k<'P15
:m\eMb:
@r8pv]
!^!'r!
mdWSl'
oW#7Mh-
>!vq/3nd
FWtcE:l
h>h|@JL
?nnn1F
oOz ({|
&SE]aK
v%F{a	
tUn2HRV
<`)A,<
vn	R5(
	*6A+P
uURR>V
H0,GgS
sREL\*
pUY1vd
X_0_*e
c|FI%O8!
v$kD{cQy
1pwMh&
|,16o{
gE<9QD
57ipH/
g"R+:6
Ib\QFG
{)v.2c
3ufUCV)
'SmpP0
047}4W
-BC,8o
\1f/6:
$2q3YC
Q"-mmw`
a8n0{w
1?.%;C
{UQWO/
w;Df=z
oeuY|p
B+abSE
r0&fM4P
T\[,]Rl
 +-s" 
)`:ha6
14a(AI~
Em;/cn
?x7V a
E!Gv{0u
lsz>[E
4!l|x?Z-
|2`M{Q
nuK-Y\
r<]/v^
%SUI[7
Q8~;G/^
u=A~0N}
(a^C8<
Q[}'uaN
	N$Q7s
QU}ACm}D
$f3gbl
IXB+"A
3DNIyJ
j	fGee
S!m7e/
tWD1*R
#`=V[&NX
[2=-YN
cqzvAL
U\fuW~
k<.Cm^
_ov%]S[
w_K2.hm
@yffT<
JF\c$kN\
62+:2V#
\G|9q0
H=:} T
fCvHv@@Y
J' lBX
RRm-"Ov1
8'M!+|
+3-	F(
[J[ *Nq
6wXm8|$
(N{Tl\
n%O3l`z2
MGt6"a
~nexTl
(	GQ~\u
@h#p??
Xw5lU]@
3QO66S#;x
*$ dU,&b
{Cy8cSe
*+Gy1)(
MG?%zC2
5n1JeN&
BieVhT
8ZJ|Wl
?jA&Ih
E!e9"R
}>K)CZ
a+cNWfj+vo
	6|dIa
;$$t+;
0D[fYm
Imu+Yc
hdsXQm
L> y"HY7
NYILDP
F$~&QT
Jb/?#v
>!p c4
4O{z:V
5W.*@-
<rnoT/J
J#;L93
DTy	V0
)(TOSq
!m>`Ow$
AWD8KM
W$eq&z
y'Sf<Sz
EZ}U^bx
Plhij@
O;&#G&
qW]Gdv
"I'Vgr%_
$lJ5{e(
NvaQz}
il&tl@
eF6g,u
v[Ntf%-
[j)RB|Qb
f2< = [
)8U?#{
:+gsZ	=
Y(<~]V
=xaCpG
y_9cSl
G!FSh^4
Y[Pm>C
 5WN2Db
+d<wE?u\
~[Z)9Gb
cZ:qEp
rq}8qx0X
k(r,g&Y
	d0l#{
7^'Kvzu
JVu{xF
KQn,_1
MuUh$+
H.4r#%we
)B=3\},|k
p1#,rn
v%_#Ej
,jsgWe
J3TV8t
]ApM%B
;_vz&d
_f&aGI
"K#fJn
-gp1s8a`=
"xW'k}I8
.I(aZ@
UNuEn.
^"MiM>q
sinh%s
gioae}
+[,8%,+
Y%"0Q 
vMXk<!G
e;P\D7
]t_KY+h>
#ik=7X
S0m$qx>
_~?Axdu*C
B|1Q|A
)iB}N*fJu=V
u aL%TW
$4|3#x
.wU5;`,
z[szdz}
~A/y1r 
ez6f5n
pk'qe-
] cuYh\x|
6S!![H1
K?vHK1
tKK:/]
ngRzS14
&{ZEKD6W
zE52Al
7G*O.]Q
-F$k}<
LT4#T.
Go"\K-
,-""5c`
Gv>Ega
I$i I_
Rh0^lO}s
&,|`a1h
ZUTdz?E
FS?"kaM<
K8`=W} $~
%"Ntdl
FPHbxw
%Dlb%t
Igow)Cn@
KK{%[f
i)PJZf
&5O(gb
4{Auoz
SDp[JSk=
,6~O/6&
+tA+$4
7FPFax
49$L7C
*ijJZ	
}M2R>}
,{oyQ2$
RFteU(cyl
_to$Y:
c?='w:g
Z`w 2Q
,v*!T/
zfc)hJ
8~8@H;
1G^Ul(D
RDt5@q
FA`bJR
Dt{^=]	#2NN
)pQ39^
*`ygbo#
2f}6i2
_a9sMi
LVdDC0y
V?:To'
3C>qXTZ
G.YBzdk
>;nmA=TB
}zeIOnI;
&kD4cN
0KO=q!2S
$>GbLQ
	Zb*}tq
=(;SE$
TP|0iL
Il@z3[9
XW/I'o
S0E8Oc
Zhp>l/
KoLi*G
o=*ly&
1CWSERJ
j"`[{{
h$8VTf
W%}>vbp
{i'gm"
0	3"o3
N#0xD$
51~|Z?:
3lxNcs/
JjQm+I
jn';{)
p 2ML/
oiiXA"
qCk$rR
J\v`(m
wA_V	3
9kH{42
nM]-Q(6
A=#p^:
\mN0xS
ZG!0N9	
McF"yV
!f=IB\hU
|NW@V]U
kr7Fr;
J1+ka7>
x1:R65
>sHek,
DJ	M>(
~Tb<M	f
>@CHoK/
Aym[`?
Y07vdD
J) hO9
TVdqWg
3"{"5zw
18U"<F]
xnt)rw"
(3;]k<n
8;XZ-X
^#\u9?
C9TjRF[6IIX
/$BMpQ
hDc,s[
jSG8&lw}
lN1QC6
]jP2DjC
)NU<@7
sug`rD
G~7Y	t
 7A_>|
	|8?:EO
D}Dhoe
5IUPC/G
#2_)aI
TW>"$,
	/FZ'a
6`X{+h{!
-3($Jz!
dp><=R
/|&K45P
^8aVuD\&
 D9ZSB
X!7"Ote|
fD3 gw{
C~W~R2
4eEX%D
W#Y<xSP
E36SOp
.|LqJ8B
jL%_4v
nlgPXb
w-MBd+j
jS3	Z:
3V44*U
f\JCK<
X_8l;$
*frak/
L_:Aj^<
[	V,mT
HnP;-8
9i'ZRC
~Uy~	@0G
8<>'4T
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
WSOCK32.dll
WINMM.dll
mixerOpen
VERSION.dll
VerQueryValueW
COMCTL32.dll
ImageList_Create
PSAPI.DLL
GetModuleBaseNameW
USER32.dll
GDI32.dll
BitBlt
COMDLG32.dll
GetSaveFileNameW
ADVAPI32.dll
RegCloseKey
SHELL32.dll
DragFinish
ole32.dll
CoGetObject
OLEAUT32.dll
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
2IDATx
	hP\d'
b[{oJ%
Y{fd'P
Qe$ BV
V[X+++
"""""/
H*'BES
=b|kBt
	oIDATx
ywfW[[[""4
o	K*y!(
?~HF' "
3uD\E+
P82+,`Q
5x,pu0
` vwwe|
LIV=+f
hHI>6,
'PB/q+L
%U!	j[
>?m$PO
to:	tS
+svp:=
.:=4!i
	*"@uV
oi&j<"
YM	Ev%
@	,oC	
kyfxro
[DIu<[
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0" xmlns:v3="urn:schemas-microsoft-com:asm.v3"><assemblyIdentity version="1.1.00.00" name="AutoHotkey" type="win32" /><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="*" publicKeyToken="6595b64144ccf1df" language="*" /></dependentAssembly></dependency><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/><supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/></application></compatibility><v3:application><v3:windowsSettings xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings"><dpiAware>true</dpiAware></v3:windowsSettings></v3:application><v3:trustInfo><v3:security><v3:requestedPrivileges><v3:requestedExecutionLevel level="asInvoker" uiAccess="false" /></v3:requestedPrivileges></v3:security></v3:trustInfo></assembly>