Static task
static1
Behavioral task
behavioral1
Sample
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643.exe
Resource
win7-20221111-en
Behavioral task
behavioral2
Sample
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643.exe
Resource
win10v2004-20221111-en
General
-
Target
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643
-
Size
540KB
-
MD5
f2571f7e309c77d1bf9c042fdbb0fd43
-
SHA1
2e6b1ceaa2d9febaf3a174c16cc946a53a618d1c
-
SHA256
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643
-
SHA512
58e3a48e07740a1c041c7e15fcb110583e44def278d696fa3fc5ef5c66ec80c4d488459d7582b6bfc501a410b4294651189ac7efd82bc07284a1ab8c748b7c51
-
SSDEEP
12288:I6Jq+QtqB5urTIoYWBQk1E+VF9mOx9E1O:pQtqBorTlYWBhE+V3mO
Malware Config
Signatures
-
Nirsoft 1 IoCs
Processes:
resource yara_rule sample Nirsoft -
NirSoft MailPassView 1 IoCs
Password recovery tool for various email clients
Processes:
resource yara_rule sample MailPassView -
NirSoft WebBrowserPassView 1 IoCs
Password recovery tool for various web browsers
Processes:
resource yara_rule sample WebBrowserPassView
Files
-
c07da50d1493840d29d161cc24f5e03e73ff63348c5445cd5e5aa6cced921643.exe windows x86
f34d5f2d4577ed6d9ceec516c1f5a744
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
mscoree
_CorExeMain
Sections
.text Size: 527KB - Virtual size: 526KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 12B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ