f0541690ebcdf6afc4bd9ffd5b4c97a0825570c740e945a8f8370f68ad2837c0

Sharing

Copy URL

Twitter E-mail

General

Target

f0541690ebcdf6afc4bd9ffd5b4c97a0825570c740e945a8f8370f68ad2837c0
Size

148KB
MD5

e99c1924691b1f3dd6332bcae295556f
SHA1

a3bc027978576bc4e5664ba91a7f2cbd3c8a7b0b
SHA256

f0541690ebcdf6afc4bd9ffd5b4c97a0825570c740e945a8f8370f68ad2837c0
SHA512

7da19ae26f5197e2a4ef985b6bd445ec9dda284b281cc62c4be3e651ff167287a9f7b39309e6c31eb1c4d86ef9d54bd88f50496751bebff4594fa9dae15463d1
SSDEEP

3072:/Zyoz1boXAWoI4UCcbDxNKSKRpw+2j+3HIKMj4PUkz1vJ4R+DrY7ouJ:/scm/jCcum+JKiB4R4m

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

f0541690ebcdf6afc4bd9ffd5b4c97a0825570c740e945a8f8370f68ad2837c0
.exe windows x64

37716a1609703b7e7c6f248a46fc59e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
__setusermatherr
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_commode
_fmode
__set_app_type
_exit
_purecall
_strlwr
strrchr
strcmp
malloc
strtoul
free
modf
memcmp
_mbschr
_memicmp
_itoa
_ultoa
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
memset
_strcmpi
_strnicmp
_stricmp
atoi
strchr
strlen
strcpy
strcat
strncat
sprintf

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

comctl32

ImageList_Create
ImageList_SetImageCount
ord6
CreateToolbarEx
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

ws2_32

WSAStartup
WSACleanup
WSAAsyncSelect
send
closesocket
WSASetLastError
socket
bind
htons
WSAGetLastError
htonl
inet_addr
connect
WSAAsyncGetHostByName

kernel32

GetStartupInfoA
Sleep
WinExec
GlobalUnlock
GetTimeFormatA
lstrlenA
FindFirstFileA
GetCurrentThreadId
ExpandEnvironmentStringsA
OpenProcess
ReadProcessMemory
ExitProcess
GetCurrentProcessId
DeleteFileA
GetCurrentProcess
GetPrivateProfileStringA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetLastError
FileTimeToLocalFileTime
GetFileAttributesA
GetSystemDirectoryA
CompareFileTime
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
FreeLibrary
GetLocaleInfoA
CloseHandle
GetNumberFormatA
GetTempPathA
FormatMessageA
GetModuleFileNameA
FindNextFileA
LocalFree
GetWindowsDirectoryA
ReadFile
GetDateFormatA
GetTempFileNameA
lstrcpyA
GetModuleHandleA
WriteFile
FindClose
LoadLibraryExA
CreateFileA
GetFileSize
GlobalAlloc
GlobalLock
GetFileTime
GetVersionExA

user32

ModifyMenuA
AttachThreadInput
EnumWindows
GetWindowThreadProcessId
SetForegroundWindow
RegisterWindowMessageA
IsDialogMessageA
TranslateMessage
GetMessageA
DispatchMessageA
DeferWindowPos
PostQuitMessage
BeginDeferWindowPos
TrackPopupMenu
EndDeferWindowPos
GetParent
GetSysColorBrush
LoadMenuA
ChildWindowFromPoint
SetCursor
LoadCursorA
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
RegisterClassA
UpdateWindow
GetWindowRect
GetSystemMetrics
SetWindowPlacement
PostMessageA
SetMenu
LoadAcceleratorsA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadIconA
DestroyIcon
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
LoadStringA
CloseClipboard
GetMenuStringA
SetClipboardData
GetClientRect
EnableWindow
GetCursorPos
MapWindowPoints
GetSysColor
MoveWindow
GetMenu
OpenClipboard
CheckMenuItem
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetMenuItemCount
GetSubMenu
GetClassNameA
ShowWindow
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
DestroyWindow
GetMenuItemInfoA
SetWindowPos
GetWindowTextA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameA
FindTextA

advapi32

RegConnectRegistryA
RegUnLoadKeyA
RegCloseKey
RegLoadKeyA
RegDeleteKeyA
RegCreateKeyA
CryptReleaseContext
RegSetValueExA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteExA
ExtractIconExA

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

37716a1609703b7e7c6f248a46fc59e3

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

version

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 99KB - Virtual size: 99KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 5KB - Virtual size: 5KB

.rsrc Size: 18KB - Virtual size: 17KB

.text
Size: 99KB - Virtual size: 99KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 18KB - Virtual size: 17KB