dc74b2433715c4f34825559ea9f30860b83835fc7db81abe9a4eafceda17d924

Sharing

Copy URL Twitter E-mail

General

Target

dc74b2433715c4f34825559ea9f30860b83835fc7db81abe9a4eafceda17d924
Size

107KB
MD5

5467db59d4c3337d9d8311e2f882dc57
SHA1

36f8e98c741687e295a83c64f0d53b8df90bb5ea
SHA256

dc74b2433715c4f34825559ea9f30860b83835fc7db81abe9a4eafceda17d924
SHA512

a20619595d66dab013ffd5c7ab9f0dea0f4b55b7c1ea4d9b210ff9daedc445362ba2d82a7d532f6f5e9d913015eb8b78443f6b06552d1fd319b15234c3aa2315
SSDEEP

1536:q2C0TX6lOPL05KqyUJ7pdsmIfsctD4E5D2soCFdJOsc/oj7yaMkBiMB0JrHXz:q2C0TX1oYwSJ0sZnPyaMkzB0JrHXz

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

dc74b2433715c4f34825559ea9f30860b83835fc7db81abe9a4eafceda17d924
.exe windows x64

c00e386809a3cfd00ae9707bb95940f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wtol
_purecall
_wcslwr
strlen
_itow
free
__setusermatherr
_commode
_fmode
__set_app_type
_memicmp
modf
_wtoi
memcmp
wcstoul
malloc
wcscmp
strcpy
wcsrchr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcslen
memcpy
_ultow
_wcsicmp
wcschr
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ord17

psapi

GetModuleInformation
EnumProcessModules
GetModuleFileNameExW

kernel32

WideCharToMultiByte
SetErrorMode
GetCurrentProcessId
ExitProcess
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetLocaleInfoW
GlobalUnlock
CreateRemoteThread
EnumResourceTypesW
GetStartupInfoW
LoadLibraryExW
GlobalAlloc
LoadResource
GetFileAttributesW
GetCurrentProcess
GetModuleHandleW
ReadProcessMemory
FreeLibrary
LoadLibraryW
GetProcAddress
Sleep
FlushFileBuffers
GetTempPathW
GetLastError
VirtualAllocEx
CreateProcessW
WaitForSingleObject
CloseHandle
DeleteFileW
WriteProcessMemory
OpenProcess
ResumeThread
VirtualFreeEx
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
GetFileSize
GetVersionExW
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
WriteFile
CreateFileW
LocalFree
GetNumberFormatW
FindResourceW
LockResource

user32

IsDialogMessageW
SetTimer
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
GetMessageW
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
PeekMessageW
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
CloseClipboard
SetClipboardData
GetSysColor
EnableWindow
MapWindowPoints
GetMenu
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
GetParent
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetWindowTextW
LoadMenuW
DestroyIcon
LoadIconW
TranslateMessage
DispatchMessageW
DrawTextExW
KillTimer
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
EndPaint

gdi32

SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
GetDeviceCaps

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

shell32

DragQueryFileW
DragAcceptFiles
DragFinish
SHGetFileInfoW
ShellExecuteW
ExtractIconExW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c00e386809a3cfd00ae9707bb95940f4

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

psapi

kernel32

user32

gdi32

comdlg32

shell32

ole32

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 25KB - Virtual size: 24KB

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 25KB - Virtual size: 24KB