2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15 | Triage

Sharing

General

Target

2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15
Size

530KB
MD5

03c67d5ff82572582a5722a7b34dada5
SHA1

3dc55010ee44a42de0fbad40a1671c3b7af8aff2
SHA256

2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15
SHA512

0b477f9c703fd8ed3d5f6a7ce3824638ee7c754963e5ed7bbff9e5eb10f2982870b8c7f718d54bdcecccb20662bfa8b7e8fbf4dc42aff73d4365599670ff2425
SSDEEP

6144:NQgf32Okc+tMGWlhcL9BxgZB8gYFkCRmE2CXLp0MC3eGzm5KkC82W3pjJSHAtKka:egfp+tAcL9fhjFs3CY7+KkCC5JSlkna

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Files

2ef326dc90a6d368feb4c59b6bf3f0dbb9e32e509c915fea65a9cb0b02a0aa15
.dll windows x86

f132c27d0c63d1c9d96401b3220d1ccd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
LocalAlloc
lstrlenA
LoadLibraryA
VirtualAlloc
VirtualFree
VirtualQuery
InterlockedExchange
InterlockedCompareExchange
FlushInstructionCache
VirtualProtect
HeapCreate
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetThreadContext
SetThreadContext
SuspendThread
ResumeThread
Sleep
CloseHandle
GetModuleHandleW
CreateToolhelp32Snapshot
Thread32First
Thread32Next
EnterCriticalSection
LeaveCriticalSection
GetWindowsDirectoryA
DeleteFileA
GetProcessHeap
IsWow64Process
GetTickCount
OpenMutexA
GetFileSize
ReadFile
CreateFileA

Sections

.text
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 449KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ