11801652282bd50900dd349724e535a5cb80ccee825910dd1c85b721e2da9a65

Sharing

Copy URL Twitter E-mail

General

Target

11801652282bd50900dd349724e535a5cb80ccee825910dd1c85b721e2da9a65
Size

158KB
MD5

63da71f38c8d7198b512930719ea4189
SHA1

b252e763552e40b03843bb1bc809fa38debbe401
SHA256

11801652282bd50900dd349724e535a5cb80ccee825910dd1c85b721e2da9a65
SHA512

a30198176a35350451faa121b1fae19a32be40d4d2080e676016fecd970d73e3979a374a139067d0edb21216b4865eb4a2df44d2f5f9dea34ff622569126f596
SSDEEP

3072:eQWJeD9Obbm7JdpczQ2SzmW2b3CSEICR8Lk0PLmq3vBpUcEhIWiR:emDPx12eR2b3CjuPf

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

11801652282bd50900dd349724e535a5cb80ccee825910dd1c85b721e2da9a65
.exe windows x86

1131e6a7de74c4ae09d0dcb6742dc90c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
_strupr
_wtol
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_vsnwprintf
qsort
_wcslwr
_wcsnicmp
memmove
_memicmp
wcstoul
__set_app_type
_controlfp
_except_handler3
_exit
malloc
free
modf
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
strlen
_wtoi
memcmp
wcscmp
wcsrchr
_wcsicmp
wcschr
wcslen
_ultow
memcpy
_itow
_snprintf
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ord17
CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_ReplaceIcon
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetSystemTimeAsFileTime
GetComputerNameW
Sleep
ReadProcessMemory
GetCurrentProcess
CopyFileW
GetCurrentDirectoryW
SetErrorMode
ExpandEnvironmentStringsW
GetLocalTime
GetStdHandle
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
CloseHandle
CreateThread
CreateFileW
WaitForSingleObject
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FileTimeToLocalFileTime
DeleteFileW
CompareFileTime
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
FormatMessageW
GetVersionExW
FindClose
GetDateFormatW
GetTempFileNameW
GetWindowsDirectoryW
GetFileSize
GetTimeFormatW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
ReadFile
SetFilePointer
LocalFree
GetModuleFileNameW
GetNumberFormatW
LockResource
lstrcpyW
WriteFile
MultiByteToWideChar
lstrlenW
FindResourceW
GlobalAlloc
GlobalUnlock
LoadResource
GetTempPathW
LoadLibraryExW
WideCharToMultiByte

user32

GetClipboardData
DrawTextExW
GetMessageW
GetForegroundWindow
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorW
GetDlgItemTextW
GetSystemMetrics
IsDialogMessageW
CreateWindowExW
GetWindowRect
GetDlgItemInt
GetWindowTextLengthW
SendDlgItemMessageW
EndDialog
SetWindowLongW
EndPaint
GetDlgItem
InvalidateRect
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
BeginPaint
UpdateWindow
GetClientRect
SetDlgItemTextW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PeekMessageW
DispatchMessageW
LoadImageW
LoadIconW
TranslateMessage
GetWindowLongW
SetFocus
GetCursorPos
SetForegroundWindow
GetSubMenu
EndDeferWindowPos
RegisterWindowMessageW
BeginDeferWindowPos
TrackPopupMenu
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuRadioItem
CheckMenuItem
GetParent
GetSysColor
SetClipboardData
GetMenu
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
PostQuitMessage
DeferWindowPos

gdi32

DeleteObject
SetBkMode
CreateFontIndirectW
SetTextColor
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegDeleteValueW
GetUserNameW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW

shell32

SHChangeNotify
DragAcceptFiles
DragQueryFileW
DragFinish
SHGetFileInfoW
ShellExecuteW

ole32

CLSIDFromString
StringFromGUID2

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1131e6a7de74c4ae09d0dcb6742dc90c

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 2KB - Virtual size: 6KB

.rsrc Size: 32KB - Virtual size: 32KB

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 2KB - Virtual size: 6KB

.rsrc
Size: 32KB - Virtual size: 32KB