Sample details: f210544f4dec14cb30da141f8ad82757 --

Hashes
MD5: f210544f4dec14cb30da141f8ad82757
SHA1: 9255439a652f1d76a3c925f0ce9dc2f14b2f4692
SHA256: f61e120df9e5e2b920b6929a1c46c6c2c76fd36b980693f6b41f3b6d7d1dd736
SSDEEP: 1536:nMov7Rl86piLwADS260IYxUpGPapIAs+bp9tVlw+l4Y6WNdjJCFGwylozUN:My7n5yNDlxUgapIP+bptsY6WN3eyygN
Details
File Type: MS-DOS
Added: 2018-06-23 01:41:50
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsDLL | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/IP | YRP/contentis_base64 | YRP/screenshot | YRP/suspicious_packer_section |
Strings
		!Win32 .DLL.
.MPRESS1
.MPRESS2
v2.18B
:9$xd#
)O,Z'y
V6}NG5!
S|Hus)
 SI(?Q
Arg^Oj
\(sm\%
ml7a!;
*OuS|-
1o(6Zj
Q#v${!
|^sD!!G
+EvP'-
\o#uo4
]=mZ	f;5
I0#qR4
x%Q;O7
sVHQXAm
nW[mR9
<=9N2a
qQ1	lMa
9(*L'Wl
sF~-}W%
g9J/oq
D_:Z45
|,{nM_
c)tW'`
+Sa~ns
'TGB+g'
g^M{MY
LJXRt/|
:K%|V|
(`#0ek
gT^_}wZ
Z<_Q6S
}N!U#=ia
	'`}!DU
wA9;*/
}3AK+%
qIl\Smxmxi0
l q\5M
E`@32~R
P?YAB[-
"/PbpQ
l<*6#D
nX	FK-
\d@1	O
sYy1'K]N
K(7aG:|H_
Ea7Wi`
-ZZ3d_
)OrSnsd|J
Mugs=k
##!bEI
*x]V)$
KHPb_1h4?v
~W@L$d
	N_:/F/
f<Q@>f
q;eXzcA
=^SA&B
L<]($|m4b
GkKKvvM
Mn"!|B
\_N$WY
VZD{Mbx
QJP+SC
p/?BJP
~]>K5-lT
W9{Jyg
*y<P5*
WmzVE1
i"F;ft
|9>+-`zr
%oa"FK4kG
9a6@Qb
xAm}VG
;Ekt"R
r)j4$6
~L!:or
sU,0t(
kQ`\ ;
S2kE(\8
A9g`F2
$ 8e90
6T:h+/
AO'FT*
YRwLgV
Mnww[3m
qBo	gz
4`$URE
6zQm2V
CY)CMLT
!'72]kh
[\$rJXya
Y~#U> 
J~|q-.
qD^\5:	
NH|dU#
dp_-Zv
_~Pjmr
o]lIG#
-ZW?8g
~JXoM)
;yDI#XF
hq~k%1=
'\7HGZ/
LV<gi?
nIouF*h
U9#k4&a
~qPg"&
cd;;I7
ciME3`FB
EteOM-
h#^?*Cq*U
Ya*@me
0+E2/5
wmaD&\
Fs1,a-
xVn| [
HOhBQF
Og8LG0Gy
8;0+T\%>
N{HCF8
juyRXs
(F%*Wk
W5 *[w
aq$$J&M
`1UJ]!
&i),Vwu
vv_|wj
XPwJ~#pDnp
}!\\KL
uhE@7ve
>Mk%,=
:\6A`Gr
N&By7Al
5d wWQ
=:J}n/
 #Q'v.
,6wgL*]
hjXw_&G
twvzP9(r
l2,BP+
\cK)2 
osAA\4
	+r=X '
89p.z$ 
Hay4$pU
CRQWM*
:ME\cJ+1r
*'=q2wM$x
Qf sda
|3lU.[\
smEz*2n2"
;YKD:i
^&q;JP
,A19/c"v
>X:s.o
W=+4{6
hvY6r^
bdKKui-z
Ho,3_3
e,2-=	y
L$@;L$D
DDraw.dll
AcquireDDThreadLock
CompleteCreateSysmemSurface
D3DParseUnknownCommand
DDInternalLock
DDInternalUnlock
DirectDrawCreate
DirectDrawCreateClipper
DirectDrawCreateEx
DirectDrawEnumerateA
DirectDrawEnumerateExA
DirectDrawEnumerateExW
DirectDrawEnumerateW
DllCanUnloadNow
DllGetClassObject
ReleaseDDThreadLock
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
SHLWAPI.dll
PathAppendW
USER32.dll
GDI32.dll
BitBlt
SHELL32.dll
SHGetFolderPathW
ole32.dll
CoTaskMemFree
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>