Sample details: ffbdbe043cbad1cf64043546284a9141 --

Hashes
MD5: ffbdbe043cbad1cf64043546284a9141
SHA1: 4d0bc5a35ce2beafc111fcf9f60466a8e189c7b1
SHA256: 21c661f9f75534101c1a092c7b21da524e54314dc1cfd9216b86396958e916b2
SSDEEP: 3072:ckOKKMPrvX5kSFvuKgZBDJ3MHgDLblbP9m9f:cSPzX5kwvwZB+sbRP9m
Details
File Type: PE32
Yara Hits
YRP/IsPE32 | YRP/IsWindowsGUI | YRP/IsPacked | YRP/HasDebugData | YRP/IsBeyondImageSize | YRP/domain | YRP/contentis_base64 | YRP/win_mutex |
Source
http://79.133.98.68/lord.php
Strings
          	            !This program cannot be run in DOS mode.
`.rdata
@.data
B!=]@B
G	5qAB
C1=?@B
0+=(@B
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
G~ufJB
462n	@
OFF`P0
hx#zZ9
L7@T~6
T1)NAD
$s$cZ~
K-	=Lbd
i@:{:_
Mp075~r}
A$3[:j
Kg\R}e
F6eF_w
8oi[Yn< 
6zqBpD
wf2B_'
iqR$tC
I+pmxj
wvdiJ7
CQuTTK
p~'&mB,
~PO/?aS%]Q
;toCzQ
i20g[p0
kwA77k
J <f?7Q
r?P9ae
+)S7j%>)
+x!AIrc
_=Wwop
{.aMC)
vD:qPcxq
-)-"x"
z;^IP	
ln*f5s
5wksWE
+EL7jP2
t33JpD
SVck	0
`eU_z)"
L0;YL3
f7"D%5
 _jM3$v
G#_>u3
O/U&O7ggA
LEQ?j0
EcROv"N
QaAiN'
g$@{%>U
^InS.)G
#4*mF]
?z9ar;
#`Cj>B
Bho*`/s
#LL^5oe
#>5l8!w
T&0pKo
$	O}'W
R/59`n
kM;i'o
sIcdJuHg
0z}@7`
Pkw:Yv@
3R'9uK2
oU]O<;^
Z	YJPH
]'bMoi#
|GmX%._&?
JD6.F&
R3^^ZV
|y_rNy
8d)=.Q
ekT*$0?
neor\$1-
YBFKk<
<v/5}X
Lu97U:
t"gBVM;
jSRh+D
P-Hqsc
w&qoEgM
xf/!ngNhe
:=Ge+[E
tD7~	9
1<JMp^
#8P`oBP
HZ<mq,
\~dN*O
tb	Z|_H
w[	!EGK
'9&!_bf
b-\Vw"
l0*D^q
k&~MY5
T)gp_0
/RJF6x
S1L	#;
z4Q`oZ
m6qj; 
-xi!_9
ge0pU7M
Y,+H o
BG_nzLo0
dpp	;8/u
":mwf|	6
wi-}#[Xj
+'AOm*
Qf8sc'
Qf8Oc'
Qf8Kc'
Qf8gc'
Qf8/c'
Qf8+c'
Qf8Gc'
Qf8cc'
Qf8{c'
Qf8Wc'
Rf87`'
Rf8o`'
Rf8k`'
Sf8wa'
Sf8Sa'
Tf83f'
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
H<mqz|
&0l~)9
RUr.IN
N.Z;l/`=
O7 D''&$
H<mqz|
6|?w4	t
QvD5v7
+f/aCX
\%{eU8
$9G`P+
ResUtilGetBinaryValue
ClusWorkerStart
ResUtilDupString
ClusWorkerTerminate
resutils.dll
CM_Add_Range
CM_Add_Empty_Log_Conf
CMP_Init_Detection
CMP_Report_LogOn
cfgmgr32.dll
RegLoadKeyW
RegEnumKeyA
ReadEventLogA
RegSaveKeyA
RegUnLoadKeyW
RegCreateKeyExW
OpenEventLogA
RegOpenKeyA
RegDeleteValueW
RegRestoreKeyW
LogonUserA
advapi32.dll
GetDateFormatW
CreateFileA
CreateMailslotW
LoadLibraryExW
GetSystemDirectoryA
WaitForSingleObject
lstrlen
GetCommandLineA
OpenFileMappingA
GetCurrentThreadId
LeaveCriticalSection
GetModuleHandleA
GetProcAddress
CreateMutexA
GetLongPathNameW
lstrcmpi
kernel32.dll
InsertMenuW
GetPropW
LoadCursorA
DialogBoxParamW
LoadMenuW
	wsprintfW
FindWindowW
IsCharLowerA
SetFocus
LoadBitmapW
DrawStateW
CreateWindowExA
PeekMessageA
GetDlgItemTextW
CharToOemA
user32.dll
RecycleSurrogate
SafeRef
comsvcs.dll
"0,03090F0R0Z0e0r0~0
1$101A1G1T1`1l1|1
2&232?2c2x2
3 3+3;3H3S3`3g3m3x3
4,484G4Q4W4]4d4q4}4
5(545D5b5p5~5
6$6*676C6P6]6i6y6
7)757@7v7
8"8.8B8P8]8h8}8
9)959=9C9N9T9[9a9n9z9
:%:?:H:S:Y:f:r:
;#;+;1;<;I;U;k;x;
< <.<<<M<U<[<a<n<y<
= =-=9=I=P=\=i=u=
>!>'>/>;>H>T>d>j>p>v>
?'?:?G?T?`?h?s?y?
0,080I0O0Y0b0o0{0
1/161A1N1Z1u1
2&232?2W2]2j2v2
3%323?3J3[3c3p3}3
4%414@4M4Y4j4u4
5&535?5L5Y5e5m5t5~5
6+6@6L6Y6e6r6
7(757A7Y7f7r7z7
8)858K8X8d8t8
9!9+989C9P9V9\9b9o9z9
:':3:O:[:h:t:
;';7;=;H;U;a;r;|;
<&<,<3<A<N<Z<q<
=4=A=M=Z=f=v=
>#>)>6>B>Q>^>i>
?*?7?B?S?^?k?w?
0%060C0O0W0]0g0m0z0
1%1@1M1Y1i1t1
2/2;2G2X2d2p2|2
3.343A3M3]3j3v3
4)4:4G4R4Z4g4s4{4
51575=5F5S5_5g5r5x5
6!6'6-696D6T6a6m6u6
7!7'727>7J7Z7f7s7~7
8,888D8L8R8a8n8z8
9%9-9:9F9Q9W9]9c9n9{9
:$:,:5:@:L:X:q:x:
; ;5;B;M;^;d;j;x;
<%<5<@<K<W<b<r<z<
='=7=I=P=V=c=o=
>)>5>=>J>U>]>c>i>o>u>
?)?9?@?F?R?^?k?x?
0 0'020?0J0]0d0u0
1*1I1V1a1i1q1w1
2&232?2J2U2[2g2s2{2
3*363F3L3V3\3i3t3|3
414>4I4Y4c4k4}4
575C5O5W5]5c5p5|5
6'636B6M6Z6f6z6
717C7O7\7h7{7
8!8,848:8G8S8c8p8|8
9,989C9K9T9[9h9s9{9
:!:-:=:C:P:\:d:j:w:
;$;1;=;Q;^;j;r;
<&<3<?<W<c<o<y<
=$=1=<=D=L=R=]=j=v=
>&>->7>D>P>X>c>p>|>
?!?.?:?J?P?V?]?h?u?
0"0/0;0K0Q0]0r0
1 131@1M1Y1a1g1n1y1
2'262C2O2c2j2p2|2
3 3+33393A3P3]3h3x3
4(444A4N4Z4r4
5 5&5C5P5\5m5s5|5
6'61676D6P6X6c6i6w6
7*767I7V7b7j7u7
8#8*848?8L8X8e8s8y8
9'919<9I9T9\9i9t9|9
:':-:5:B:M:\:e:k:x:
; ;8;?;J;W;c;s;
<#<0<<<D<J<R<]<j<v<
=,=8=I=V=b=o={=
>)>A>M>Y>i>o>|>
?%?2?=?E?K?R?]?j?u?
0.0D0Q0]0n0u0
1)151N1b1o1{1
2&222C2N2Z2e2{2
3#3.363<3B3O3[3n3|3
4!494@4M4Y4a4w4
5*50565C5O5\5b5o5{5
6,626<6R6_6k6s6y6
7$7*747A7M7Z7`7m7y7
8%818N8j8p8}8
9#989>9D9N9Y9f9r9
:%:1:A:G:M:Y:f:r:
;*;5;=;E;O;[;h;t;
<(<4<A<I<S<_<l<w<
=!=B=H=S=`=l=
>2>8>E>Q>d>q>}>
?$?*?7?B?L?V?b?n?v?|?
0"0-0:0F0\0h0t0
1"1/1:1K1X1d1l1z1
2)242>2K2W2d2q2|2
3 3<3I3U3]3h3n3x3
4'4/494O4X4e4q4
5,595E5M5S5`5l5t5~5
676=6G6R6_6k6|6
7$747;7H7T7d7m7z7
8 83898?8J8W8c8x8
9*969F9L9R9X9^9m9z9
:&:.:9:F:R:o:{:
;#;0;<;T;a;m;|;
<$<0<A<H<N<]<k<x<~<
= =+=E=Q=]=m=s=y=
>!>2>8>E>Q>^>j>v>
?&?2?F?S?]?j?u?}?
0,040@0M0Y0j0w0
1(1.1=1Q1d1q1}1
2'242;2F2S2_2p2}2
3"3/3;3S3`3k3|3
4'4:4F4S4_4o4|4
5%595E5Q5i5v5
656>6K6W6b6h6u6
7!7'717>7J7R7]7i7u7
8!8,898E8V8a8n8z8
9#939?9K9S9`9l9t9~9
:(:/:5:B:N:V:]:c:i:o:v:
;%;+;I;T;a;m;
<#<0<=<H<_<l<x<
=%=2=?=K=[=f=l=s=
>#>0><>T>a>l>
?+?1???L?X?k?w?
0#0E0P0^0k0w0
1$101@1M1Y1a1o1}1
2)252K2X2d2u2{2
3)353A3R3^3h3t3
4$474=4H4U4a4~4
5+575?5F5O5Y5f5r5z5
6!6)666B6J6P6Z6e6r6~6
7$7:7H7N7[7f7w7
8$818>8J8e8k8x8
9'949@9J9P9_9l9x9
:+:7:L:Y:e:u:}:
;+;7;?;L;X;e;r;~;
<+<8<D<i<r<
=)=5=F=L=R=\=j=w=
>&>9>H>U>`>p>z>
?*?0?;?A?H?T?Z?l?r?x?
0&060@0O0\0h0
1*171C1Y1e1q1
2+212>2J2R2\2b2o2{2
3!313>3J3[3a3m3s3
4 454;4H4T4\4f4t4
5'525?5J5`5m5y5
6!6.6:6K6Q6]6j6v6
7%7.7;7G7\7k7x7
8&808>8J8V8n8w8
9'939@9M9X9h9n9z9
:":,:6:=:J:V:^:d:j:p:
;';3;D;J;Q;_;j;w;
<&<2<B<H<N<T<Z<g<s<
=+=<=B=M=[=h=t=
>4>@>L>]>c>
?!?'?4?@?H?U?a?i?t?
0'0-050D0J0W0b0m0s0y0
1:1G1S1e1r1~1
2'242@2K2Q2W2d2p2
3%3+3=3J3V3g3m3|3
4 4&404<4H4U4b4n4~4
5#5)565A5I5O5\5n5t5
6*676B6T6_6j6w6
7 7-787I7O7\7h7x7
8$8*858B8N8_8s8
9!9.9:9M9T9Z9g9r9z9
:":.:>:K:V:i:s:y:
;%;,;8;M;Z;f;{;
<&<2<><J<Z<`<g<
=%=6=@=F=O=T=[=a=k=q={=
>'>.><>E>K>R>_>h>n>w>~>
lccc___ce_s__mory
kernel32.dll
liiiu_lAlloc
gqirojgnipqxccpst
uhhiyotlhnocwt
tkgpfvdndlsujgw
H<mqz|
6|?w4	t
QvD5v7