Extracted

• • Target

    10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104

  • Size

    579KB

  • MD5

    bf07faf02a926ec92abc40cc7841b1ad

  • SHA1

    901affb9fdb6f49b7471401a323b40f79a5cb029

  • SHA256

    10cddfffa1f6a49ab646cdfc5bba755ef7d774dcd269ad3472d5d76bc65d8104

  • SHA512

    d984b072682867512bf2ecf1e2a4641c627822690e00560ec582b24f6163f7e79ea5626b035c4c061db9a809b55d74e7271768cd86abf2c0964bcea1af386eb0

  Score

  9^/10

  persistence

  • NirSoft WebBrowserPassView

    Password recovery tool for various web browsers

  • Nirsoft

  • Sets file execution options in registry

    persistence

  • Uses the VBS compiler for execution

  • Suspicious use of SetThreadContext

  behavioral1behavioral2