b94403e4b78f6180f5503ca717b4245d8ae7c6caa066bc40eb631f36ba50423b

Sharing

Copy URL Twitter E-mail

General

Target

b94403e4b78f6180f5503ca717b4245d8ae7c6caa066bc40eb631f36ba50423b
Size

138KB
MD5

98001bc375e7907fe4142b0b43a8c504
SHA1

d6e6cc8f42a0ec7dc9172774f9e349e8bfaa7028
SHA256

b94403e4b78f6180f5503ca717b4245d8ae7c6caa066bc40eb631f36ba50423b
SHA512

9c8104138649b22f207106dc8c5159b8a74c2e7bd6afe855f8b8ccbb7b9625bd89fa065a9b1fa73a7971acdd26aed0c5bbba4b6e9a0280b0622f53a5b19a3852
SSDEEP

3072:iWDds5LDp73v7nqm8SDVTmVvwWMZnh0kEX9ogAu/vHPLe3Fy:8hzq0EwWWhYtPAuXb

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

b94403e4b78f6180f5503ca717b4245d8ae7c6caa066bc40eb631f36ba50423b
.exe windows x64

da2996b64183a7d834cbf013c60c7dee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
__setusermatherr
__C_specific_handler
_onexit
__dllonexit
_wcslwr
strlen
qsort
free
_memicmp
wcschr
_commode
_fmode
__set_app_type
_XcptFilter
modf
memcmp
wcstoul
wcsrchr
malloc
_wcsicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_purecall
_wtoi
wcslen
_itow
wcscpy
memset
wcscmp
memcpy
_snwprintf
wcsncat
wcscat

comctl32

ImageList_AddMasked
CreateStatusWindowW
ord17
ImageList_Create
ImageList_SetImageCount
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

OpenProcess
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
ExitProcess
DeleteFileW
GlobalFree
EnumResourceTypesW
GetTickCount
GetLocalTime
LocalFileTimeToFileTime
SetFilePointerEx
GetStartupInfoW
CompareFileTime
CreateProcessW
SetErrorMode
GetStdHandle
GetPrivateProfileStringW
GetProcAddress
CloseHandle
GetModuleHandleW
CreateFileW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
MultiByteToWideChar
GetLastError
MoveFileW
FileTimeToSystemTime
FreeLibrary
SystemTimeToFileTime
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
GetDateFormatW
SizeofResource
GlobalLock
GetTempFileNameW
FormatMessageW
GetFileSize
FindNextFileW
GetVersionExW
FindFirstFileW
FindClose
GetTimeFormatW
GetFileAttributesW
WriteFile
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
LocalFree
FindResourceW
lstrcpyW
LoadResource
GetNumberFormatW
GlobalAlloc
lstrlenW
LockResource
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetLocaleInfoW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW

user32

SetTimer
GetMessageW
ChangeClipboardChain
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
UpdateWindow
SetDlgItemTextW
KillTimer
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
PeekMessageW
LoadImageW
DispatchMessageW
IsDialogMessageW
GetForegroundWindow
TranslateMessage
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
GetSysColor
SetClipboardData
CloseClipboard
EnableWindow
MapWindowPoints
GetMenu
EmptyClipboard
GetDC
GetSubMenu
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
GetParent
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
DestroyWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
SetClipboardViewer
DrawTextExW
RegisterClipboardFormatW
IsWindowVisible
SetForegroundWindow
BeginPaint

gdi32

SetBkMode
DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW
SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da2996b64183a7d834cbf013c60c7dee

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 92KB - Virtual size: 92KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 19KB - Virtual size: 19KB

.text
Size: 92KB - Virtual size: 92KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 19KB - Virtual size: 19KB