215e57b470c53a88da040aa9fe1af90aa3bded0b4bfa3da8abac8b1ebc6c9158

Sharing

Copy URL Twitter E-mail

General

Target

215e57b470c53a88da040aa9fe1af90aa3bded0b4bfa3da8abac8b1ebc6c9158
Size

84KB
MD5

e893136b3eaf2a195af0379376fd0779
SHA1

b3d3e033aa0a5a42340e11bb009b059c0d926330
SHA256

215e57b470c53a88da040aa9fe1af90aa3bded0b4bfa3da8abac8b1ebc6c9158
SHA512

fa479b4d11d27ac601e681ebc57cce21068be12cee478e047a1d8e85cdffeddcffed3281b6dfa488c7b4f842ade2b925d63a233431e7be254e2d99307205d839
SSDEEP

1536:ZyfAGU5jP3qQgZaK3MEbewr1FoxbJLxbJrNr9yIl/NFIpZ+N:ZAAGUI30mMEbrIf7nIpZ+N

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

215e57b470c53a88da040aa9fe1af90aa3bded0b4bfa3da8abac8b1ebc6c9158
.exe windows x64

361c39acdf88ae87cbc2db37fa1d12ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
_initterm
_wcslwr
strlen
qsort
_purecall
_itow
wcscmp
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
malloc
_wcsicmp
free
_memicmp
wcschr
modf
_wtoi
memcmp
wcstoul
wcsrchr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ImageList_AddMasked
ord17
ImageList_Create
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

kernel32

ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
ExitProcess
DeleteFileW
SetErrorMode
WideCharToMultiByte
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
EnumResourceNamesW
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GetTempPathW
GetFileAttributesW
FreeLibrary
LoadLibraryW
GetProcAddress
ReadFile
CloseHandle
WriteFile
GetModuleFileNameW
GetWindowsDirectoryW
CreateFileW
FindResourceW
LoadResource
LocalFree
GlobalAlloc
LockResource
LoadLibraryExW
GetSystemDirectoryW
GlobalUnlock
GetLastError
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
GetFileSize
GetVersionExW
GetModuleHandleW

user32

EndDeferWindowPos
DrawTextExW
DispatchMessageW
TranslateMessage
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
CreateWindowExW
SendDlgItemMessageW
GetDlgItemInt
EndDialog
IsDialogMessageW
SetDlgItemInt
SetWindowTextW
UpdateWindow
SetDlgItemTextW
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
GetSystemMetrics
RegisterClassW
MessageBoxW
GetWindowRect
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
InvalidateRect
GetCursorPos
SetClipboardData
GetSysColor
EnableWindow
CloseClipboard
MapWindowPoints
GetMenu
GetDC
EmptyClipboard
GetSubMenu
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetClientRect
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetDlgCtrlID
DestroyMenu
GetParent
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
DestroyIcon
LoadIconW
BeginDeferWindowPos
DeferWindowPos
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
GetDlgItem

gdi32

DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

ShellExecuteExW
SHGetFileInfoW
SHGetSpecialFolderLocation
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

361c39acdf88ae87cbc2db37fa1d12ed

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 53KB - Virtual size: 52KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 6KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 10KB

.text
Size: 53KB - Virtual size: 52KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 6KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 10KB