9f2eddae4a684bd2454b9f3c7cf16f5d343576dbe5b4413b110462d26ef5fb2e

General

Target

9f2eddae4a684bd2454b9f3c7cf16f5d343576dbe5b4413b110462d26ef5fb2e
Size

1.7MB
MD5

4574ea4dd9cd01a42dbce2c8369e9ecf
SHA1

b1e3ff7e29323331d377053f175a86868b0c1d32
SHA256

9f2eddae4a684bd2454b9f3c7cf16f5d343576dbe5b4413b110462d26ef5fb2e
SHA512

fd062c9cec001597269efcf5d11cff4e6c12b4367a02a795a86e1b8f30aeb40b01642abeb117c0e0ee18d491a769c74d5d44e198acbe54c4dce8e829acd3779d
SSDEEP

49152:kv5vsFZYeiLxPQ6u4sOEvazaoGleXJmtO:Y9OZmLhQ6zsBneXJm4

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Files

9f2eddae4a684bd2454b9f3c7cf16f5d343576dbe5b4413b110462d26ef5fb2e
.exe windows x86

75dc5a1621e56c2dfc97d0ce0d792dca

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaFreeVar
__vbaAryMove
__vbaLateIdCall
__vbaLenBstr
__vbaStrVarMove
__vbaEnd
__vbaFreeVarList
__vbaPut3
_adj_fdiv_m64
__vbaFreeObjList
__vbaGetFxStr3
__vbaGetFxStr4
ord516
ord517
_adj_fprem1
ord519
ord626
__vbaStrCat
__vbaForEachCollAd
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
__vbaLateMemSt
__vbaExitProc
__vbaOnError
__vbaObjSet
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaBoolVar
__vbaStrFixstr
__vbaFpR8
_CIsin
ord631
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
__vbaStrCmp
ord529
__vbaGet3
__vbaPutOwner3
__vbaVarTstEq
__vbaObjVar
__vbaI2I4
DllFunctionCall
__vbaLbound
_adj_fpatan
__vbaR4Var
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
EVENT_SINK_QueryInterface
__vbaExceptHandler
ord711
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord608
ord716
__vbaFPException
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaI2Var
ord537
_CIlog
__vbaErrorOverflow
__vbaFileOpen
ord648
__vbaNew2
ord570
__vbaVar2Vec
__vbaInStr
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
ord681
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord100
__vbaVarTstNe
ord579
__vbaI4Var
__vbaLateMemCall
__vbaAryLock
__vbaVarDup
__vbaStrToAnsi
ord616
__vbaVarLateMemCallLd
__vbaFpI4
__vbaLateMemCallLd
ord617
_CIatan
__vbaStrMove
__vbaAryCopy
ord618
ord619
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaMidStmtBstr
__vbaFreeObj
__vbaFreeStr
ord580

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75dc5a1621e56c2dfc97d0ce0d792dca

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 116KB - Virtual size: 112KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 1.5MB - Virtual size: 1.5MB

.text
Size: 116KB - Virtual size: 112KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 1.5MB - Virtual size: 1.5MB