0cb3f594050b73e8925149ddbc276fdd1ad1b15c0c5f63bccefa3abf9af734d1

Sharing

Copy URL Twitter E-mail

General

Target

0cb3f594050b73e8925149ddbc276fdd1ad1b15c0c5f63bccefa3abf9af734d1
Size

114KB
MD5

19b48d92ce544a394e17714caa00072f
SHA1

f3939d415b2abaa9c657499ca6823183b4791deb
SHA256

0cb3f594050b73e8925149ddbc276fdd1ad1b15c0c5f63bccefa3abf9af734d1
SHA512

874f82b0e95b567e1ae1b226fa4d79c8c0674d10c85ef5260f1162a0b915f74f7ce9c36a144a56a39ac76f0764228d466c26904d95c51cb69808664c0af62d52
SSDEEP

3072:YovrYMnxFDVhuQT1xOr6psPZzN1fZJS0ILshA1eV9RVEJ:tY49xn2ZzNlZ46K1eS

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

0cb3f594050b73e8925149ddbc276fdd1ad1b15c0c5f63bccefa3abf9af734d1
.exe windows x64

32605aab5bc16826f74858f95fc38300

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_mbsicmp
_purecall
__setusermatherr
_strlwr
_itoa
wcscpy
wcslen
_wcsicmp
wcschr
malloc
strtoul
free
modf
strcmp
_commode
_fmode
__set_app_type
qsort
atoi
_memicmp
strrchr
_snprintf
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
strchr
strlen
memcmp
_ultoa
strncmp
_strnicmp
memset
_stricmp
_strcmpi
strcpy
strcat
strncat
sprintf

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ord6
CreateToolbarEx
ImageList_ReplaceIcon

kernel32

ExitProcess
ReadProcessMemory
CreateProcessA
SetErrorMode
GlobalFree
GetStdHandle
GetPrivateProfileStringA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetLogicalDrives
ResumeThread
OpenProcess
DeviceIoControl
GetCurrentProcess
TerminateProcess
CreateRemoteThread
GetStartupInfoA
FreeLibrary
FileTimeToLocalFileTime
CompareFileTime
GetCurrentProcessId
GetFileAttributesExA
WideCharToMultiByte
GetProcAddress
LoadLibraryA
FileTimeToSystemTime
DeleteFileA
GetFileAttributesA
GetSystemDirectoryA
MultiByteToWideChar
CloseHandle
GetTempPathA
GetTimeFormatA
CreateFileA
GetFileSize
GetNumberFormatA
ReadFile
FindResourceA
FormatMessageA
GetVersionExA
GetWindowsDirectoryA
LockResource
GetDateFormatA
WriteFile
GetLocaleInfoA
GlobalUnlock
LocalFree
GetModuleFileNameA
LoadResource
GlobalAlloc
GetLastError
GetModuleHandleA
LoadLibraryExA
SizeofResource
GlobalLock
GetTempFileNameA

user32

GetFocus
BeginDeferWindowPos
FindWindowA
GetMessageA
WindowFromPoint
EndDeferWindowPos
SetTimer
RegisterWindowMessageA
PostQuitMessage
TrackPopupMenu
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SetDlgItemTextA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
GetWindowThreadProcessId
EnumWindows
LoadImageA
SetActiveWindow
IsWindowVisible
LoadIconA
SetForegroundWindow
DestroyIcon
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
MoveWindow
GetMenuItemCount
CheckMenuRadioItem
GetMenuStringA
CheckMenuItem
GetCursorPos
GetMenu
GetClassNameA
CloseClipboard
GetSysColor
GetSubMenu
GetDC
SetClipboardData
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
ReleaseDC
OpenClipboard
GetClientRect
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
ReleaseCapture
KillTimer
DeferWindowPos
SetCapture
DispatchMessageA
TranslateMessage
IsDialogMessageA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameA
FindTextA

advapi32

RegCreateKeyExA
RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegDeleteKeyA

shell32

ShellExecuteExA
ShellExecuteA
ExtractIconExA
Shell_NotifyIconA

Sections

.text
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32605aab5bc16826f74858f95fc38300

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 67KB - Virtual size: 67KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 6KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 26KB - Virtual size: 26KB

.text
Size: 67KB - Virtual size: 67KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 26KB - Virtual size: 26KB