db72e73be5a0b9b8c8005e5ed82428729a6cbfe7c4bbc293fc158e97f90de6a1

General

Target

db72e73be5a0b9b8c8005e5ed82428729a6cbfe7c4bbc293fc158e97f90de6a1
Size

676KB
MD5

4c1a2671bc238bd6415ecf197e5165af
SHA1

1b57b19e34c80ee704626988a8e16294eab637f9
SHA256

db72e73be5a0b9b8c8005e5ed82428729a6cbfe7c4bbc293fc158e97f90de6a1
SHA512

c47af7dd1e8d72c6a9d6354c0f66fb53d0f138a1cad7080346404e3dccf85e4ae2584465bd55cb20007b1f79fc8758ce8910e7872124dc607da90e41090a2ada
SSDEEP

12288:Z2A5R/16kI9pQ4eUWjkAWSd2AopFwX4rYtQwkUC:Z2ATt6kI9pQ4e9j1d2AeFwX4kk

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Files

db72e73be5a0b9b8c8005e5ed82428729a6cbfe7c4bbc293fc158e97f90de6a1
.exe windows x86

3d8c48e43c99fbeac6558d56a768fb8a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

_CIcos
_adj_fptan
__vbaVarMove
__vbaStrI4
__vbaFreeVar
__vbaAryMove
__vbaStrVarMove
__vbaLenBstr
__vbaLateIdCall
__vbaEnd
__vbaFreeVarList
_adj_fdiv_m64
__vbaFreeObjList
ord517
_adj_fprem1
__vbaRecAnsiToUni
ord519
ord626
__vbaStrCat
__vbaForEachCollAd
ord660
__vbaSetSystemError
__vbaHresultCheckObj
__vbaVargVarCopy
_adj_fdiv_m32
ord666
__vbaAryDestruct
__vbaForEachCollObj
__vbaStrBool
__vbaObjSet
__vbaOnError
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
__vbaStrFixstr
__vbaBoolVar
_CIsin
__vbaVargVarMove
ord525
__vbaNextEachCollObj
ord632
__vbaChkstk
ord526
__vbaFileClose
EVENT_SINK_AddRef
ord527
__vbaGenerateBoundsError
ord528
__vbaStrCmp
ord529
__vbaGet3
__vbaVarTstEq
__vbaPutOwner3
ord560
__vbaI2I4
__vbaObjVar
DllFunctionCall
_adj_fpatan
__vbaLateIdCallLd
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
_CIsqrt
EVENT_SINK_QueryInterface
__vbaStrUI1
__vbaExceptHandler
__vbaStrToUnicode
ord712
__vbaPrintFile
ord606
_adj_fprem
_adj_fdivr_m64
__vbaFPException
__vbaVarCat
ord536
__vbaLsetFixstrFree
ord537
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaNew2
__vbaVar2Vec
__vbaR8Str
ord648
ord570
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
_adj_fdivr_m32
_adj_fdiv_r
ord578
ord100
__vbaI4Var
__vbaAryLock
__vbaLateMemCall
__vbaStrToAnsi
__vbaVarDup
ord616
__vbaVarCopy
__vbaVarLateMemCallLd
ord617
__vbaLateMemCallLd
_CIatan
__vbaStrMove
ord618
_allmul
__vbaLateIdSt
_CItan
__vbaNextEachCollAd
__vbaAryUnlock
_CIexp
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 592KB - Virtual size: 591KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d8c48e43c99fbeac6558d56a768fb8a

Headers

File Characteristics

Imports

msvbvm60

Sections

.text Size: 76KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 592KB - Virtual size: 591KB

.text
Size: 76KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 592KB - Virtual size: 591KB