Sample details: f518e1e8a21d5a54c3e360f6b86cdd4b --

Hashes
MD5: f518e1e8a21d5a54c3e360f6b86cdd4b
SHA1: 89b12c4d637175449dcf504af65cd49b2ae23ca8
SHA256: 1f60446f9a20eaedbf34cdf92c3a96fa4850a60055e8c151217cce2eaa79b55b
SSDEEP: 384:IFh4YDX9X7iOb5Xq1Hp/03a+tGrXtKFxZL/FlVze/qKQDiVMhWJ2Qk/7vvxlLA:8xX9ri+5bKgG7t+XrNK/suVTk/7D
Details
File Type: MS-DOS
Added: 2018-05-15 14:27:17
Yara Hits
YRP/MPRESS_V200_V20X_MATCODE_Software_20090423 | YRP/yodas_Protector_v1033_dllocx_Ashkbiz_Danehkar_h | YRP/mpress_2_xx_x86 | YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasModified_DOS_Message | YRP/maldoc_getEIP_method_1 | YRP/domain | YRP/contentis_base64 | YRP/Str_Win32_Wininet_Library | YRP/Str_Win32_Internet_API | FlorianRoth/ReflectiveLoader | FlorianRoth/DragonFly_APT_Sep17_3 |
Strings
		!Win32 .EXE.
Zg`.s7
fkB	mX
iBi,#k
*5(U	q
!.+~'vw
%\wZav
VJ6fpj
3inU).
Lfi:vKI
Pz?_QZ
TzO-~L
;3=p(f1
7,'I]I]
&a?Of9
!1^DG*$
3>TEP5"
o]TK;*
G^q'S6
3/[T}l
Q_^VApa7:
-2L&Y]
ZfkU'J
?)`3}*
fMHxBn
%a7uu,
J;3X~s
jFV0Ut
R-<x	9
|[F}Lb
HCU14[
Lo40N,
o.9|K)
{hPi7r
'Nnq\p
B=YDcp
C17|?"
	B)z7W
5U\ILT@I-
encryption.dll
_ReflectiveLoader@0
GetModuleHandleA
GetProcAddress
KERNEL32.DLL
USER32.dll
EndPaint
GDI32.dll
TextOutW
ADVAPI32.dll
FreeSid
SHELL32.dll
ShellExecuteW
CRYPT32.dll
CryptStringToBinaryA
WININET.dll
InternetOpenW
PSAPI.DLL
EnumDeviceDrivers
t$t#t$l
D$t#D$h
D$t+D$\
.)D$H+
s`)L$4
D$t+D$\
9l$\w`
<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
    <security>
      <requestedPrivileges>
        <requestedExecutionLevel level='asInvoker' uiAccess='false' />
      </requestedPrivileges>
    </security>
  </trustInfo>
</assembly>