41924ff751f099b4d1dcf12999bf58e6ede7854f5a64a8c2873c9807be1ca85f

Sharing

Copy URL

Twitter E-mail

General

Target

41924ff751f099b4d1dcf12999bf58e6ede7854f5a64a8c2873c9807be1ca85f
Size

313KB
MD5

e53fccd8979a713d50247bd9b715a8c8
SHA1

6d5c963ffd74b59b425ad2434db49e514073c353
SHA256

41924ff751f099b4d1dcf12999bf58e6ede7854f5a64a8c2873c9807be1ca85f
SHA512

e6894a2f75ac004462875e0831b02d2dd77ae1d2d12404c61ca72f53b66ede7d10fbb9e9c28b80e0b47a40454b1225eed0eaeb589d75ea86259f978b60dff048

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

Processes:

resource yara_rule

sample Nirsoft

resource	yara_rule
sample	Nirsoft

Files

41924ff751f099b4d1dcf12999bf58e6ede7854f5a64a8c2873c9807be1ca85f
.exe windows x86

6977cf19bc9928d7e32a82b407afd58e

Code Sign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ImageList_ReplaceIcon
ord17

kernel32

FormatMessageA
LoadLibraryExA
GetWindowsDirectoryA
GetDateFormatA
WriteFile
GetCommandLineA
GetTempFileNameA
GetCurrentProcess
FindClose
ReadFile
GetSystemDirectoryA
CreateFileA
GlobalAlloc
GlobalLock
FindResourceA
GetVersionExA
MultiByteToWideChar
SetFilePointer
GetTimeFormatA
WideCharToMultiByte
EnumResourceNamesA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetStdHandle
DeleteFileA
SetErrorMode
CreateProcessA
ExitProcess
ReadProcessMemory
GetCurrentProcessId
OpenProcess
CreateToolhelp32Snapshot
TerminateProcess
Process32First
Process32Next
EnumResourceTypesA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CopyFileA
GetTickCount
CreateFileMappingA
Sleep
SystemTimeToTzSpecificLocalTime
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
RtlUnwind
InitializeCriticalSection
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
HeapDestroy
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
HeapSize
InterlockedDecrement
GetCurrentThreadId
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
VirtualQuery
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
HeapAlloc
HeapFree
GetModuleHandleA
LoadResource
FindNextFileA
GetFileAttributesA
GetModuleFileNameA
FindFirstFileA
GlobalUnlock
GetTempPathA
SizeofResource
GetLocaleInfoA
FileTimeToLocalFileTime
LockResource
FileTimeToSystemTime
SystemTimeToFileTime
LocalAlloc
GetLastError
GetFileSize
LocalFree
CloseHandle
CompareFileTime
LoadLibraryA
GetProcAddress
FreeLibrary

user32

DispatchMessageA
TranslateMessage
DeferWindowPos
PostQuitMessage
TrackPopupMenu
BeginDeferWindowPos
GetKeyState
GetFocus
EndDeferWindowPos
SetCursor
GetSysColorBrush
ShowWindow
LoadCursorA
RegisterWindowMessageA
GetMessageA
DrawTextExA
IsDialogMessageA
LoadMenuA
GetWindowTextA
GetMenuItemInfoA
EnumChildWindows
DestroyMenu
GetDlgCtrlID
DestroyWindow
ChildWindowFromPoint
SetDlgItemInt
SendDlgItemMessageA
DialogBoxParamA
ModifyMenuA
CreateDialogParamA
LoadStringA
CloseClipboard
ReleaseDC
GetClassNameA
EnableMenuItem
EmptyClipboard
CheckMenuItem
GetMenu
OpenClipboard
MoveWindow
GetSysColor
GetClientRect
GetCursorPos
GetMenuStringA
MapWindowPoints
EnableWindow
SetClipboardData
GetSubMenu
GetMenuItemCount
GetDC
SetFocus
InvalidateRect
SetWindowLongA
GetWindowLongA
LoadImageA
LoadIconA
GetWindowRect
SendMessageA
GetWindowPlacement
MessageBoxA
TranslateAcceleratorA
DefWindowProcA
SetWindowPos
LoadAcceleratorsA
SetMenu
PostMessageA
GetSystemMetrics
UpdateWindow
RegisterClassA
CreateWindowExA
GetDlgItem
EndDialog
SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
GetDlgItemInt
GetParent

gdi32

SetBkColor
GetStockObject
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectA
SetBkMode
GetTextExtentPoint32A
DeleteObject

comdlg32

GetSaveFileNameA
FindTextA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegEnumValueA

shell32

SHGetMalloc
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 139KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6977cf19bc9928d7e32a82b407afd58e

Code Sign

Headers

File Characteristics

Imports

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 128KB - Virtual size: 128KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 21KB

.rsrc Size: 17KB - Virtual size: 17KB

.rmnet Size: 139KB - Virtual size: 140KB

.text
Size: 128KB - Virtual size: 128KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 21KB

.rsrc
Size: 17KB - Virtual size: 17KB

.rmnet
Size: 139KB - Virtual size: 140KB