filetypesman[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

filetypesman.zip
Size

78KB
MD5

c447430cd085c3dd54bb66af0ea7ba9c
SHA1

a4aaed637c187462cf7c690ff64021dfcace9836
SHA256

dfe33e557f2a11aa81e5f9e590447bccc4f505fd8f84307d73cc53ff7e403281
SHA512

142371748131549621f491d183980afbeb33c199d6086c8cecac54ccb5c09b147bfa4a27201f6a1aa411c223c1b172951d62980663dd724cad6af9cc5c3e0f00
SSDEEP

1536:z8/OsOmQDWq6E7NYjAhzJY+S9gmw4yrGi21rZKUWXZK1lZGQJ/HT18uMV:Q/2D6E7NbF++S3wfnerZjWJ6fHRjMV

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/FileTypesMan.exe	Nirsoft

Files

filetypesman.zip
.zip
FileTypesMan.chm
.chm
FileTypesMan.exe
.exe windows x86

4fbbdf2c2e61dcf46beba35d9c249268

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:a0:6d:cd:2a:62:74:ee:aa:c9:ca:1c:82:15:3d:f4:26:cb:6b:2a:14:18:72:f0:0e:3f:bf:4f:09:3d:f1:de
Signer

Actual PE Digest

45:a0:6d:cd:2a:62:74:ee:aa:c9:ca:1c:82:15:3d:f4:26:cb:6b:2a:14:18:72:f0:0e:3f:bf:4f:09:3d:f1:de

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

09/09/2022, 12:41
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
__p__commode
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__p__fmode
__set_app_type
_controlfp
exit
_except_handler3
__dllonexit
_wcslwr
strlen
qsort
_itow
memmove
malloc
free
modf
memcmp
wcstoul
_memicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscmp
_wtoi
_purecall
_wcsicmp
wcschr
wcsrchr
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
CreateToolbarEx
CreateStatusWindowW
ord17

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

WSASetLastError
closesocket
send
WSAAsyncSelect
socket
connect
inet_addr
htonl
WSAGetLastError
htons
WSACleanup
WSAStartup
bind
WSAAsyncGetHostByName

kernel32

CloseHandle
GetStartupInfoW
GetWindowsDirectoryW
GetDateFormatW
GetTempFileNameW
GetTimeFormatW
GetFileAttributesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetModuleHandleA
EnumResourceTypesW
WinExec
GetCurrentThreadId
Sleep
Process32FirstW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
GetCurrentProcess
ExitProcess
GetCurrentProcessId
ReadProcessMemory
DeleteFileW
SetErrorMode
GetStdHandle
GetVersionExW
WideCharToMultiByte
GetPrivateProfileStringW
FreeLibrary
GetProcAddress
FileTimeToLocalFileTime
CompareFileTime
ExpandEnvironmentStringsW
LoadLibraryW
FileTimeToSystemTime
GetModuleHandleW
LoadLibraryExW
GetFileSize
LocalFree
ReadFile
GetModuleFileNameW
LockResource
CreateFileW
lstrcpyW
WriteFile
lstrlenW
GlobalAlloc
GetSystemDirectoryW
FindResourceW
GlobalUnlock
LoadResource
GetTempPathW
GetLastError
SizeofResource
GlobalLock
FormatMessageW
EnumResourceNamesW

user32

DrawTextExW
GetFocus
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetClipboardData
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
EnumWindows
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
ReleaseCapture
SetCapture
FillRect
GetKeyState
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
SetDlgItemInt
GetWindow
BeginPaint
DrawFrameControl
GetClientRect
SetWindowTextW
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
UpdateWindow
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetSysColor
LoadStringW
CheckMenuItem
GetCursorPos
GetMenu
SetClipboardData
GetSubMenu
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
ScreenToClient
GetMenuStringW
CloseClipboard
MoveWindow
GetMenuItemCount
GetParent
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
DestroyWindow
CreateDialogParamW
EnumChildWindows
DestroyIcon
LoadIconW

gdi32

SetBkMode
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
CreateSolidBrush
PatBlt
SelectObject
SetBkColor
SetTextColor
DeleteObject
CreateFontIndirectW

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW
ChooseFontW

advapi32

RegDeleteKeyW
RegOpenKeyW
RegGetKeySecurity
RegDeleteValueW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RevertToSelf
ImpersonateLoggedOnUser
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteW
SHGetFileInfoW
ExtractIconExW
SHChangeNotify

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

4fbbdf2c2e61dcf46beba35d9c249268

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

45:a0:6d:cd:2a:62:74:ee:aa:c9:ca:1c:82:15:3d:f4:26:cb:6b:2a:14:18:72:f0:0e:3f:bf:4f:09:3d:f1:deSigner

Signature Validations

Verification

09/09/2022, 12:41 Valid: true

Chain 1

Headers

File Characteristics

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 69KB - Virtual size: 69KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 2KB - Virtual size: 7KB

.rsrc Size: 25KB - Virtual size: 24KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

45:a0:6d:cd:2a:62:74:ee:aa:c9:ca:1c:82:15:3d:f4:26:cb:6b:2a:14:18:72:f0:0e:3f:bf:4f:09:3d:f1:de
Signer

09/09/2022, 12:41
Valid: true

.text
Size: 69KB - Virtual size: 69KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 2KB - Virtual size: 7KB

.rsrc
Size: 25KB - Virtual size: 24KB