145eed4d22b5e7a2c9ee1272978aef017432bcf0298b982305247f7776c71e7d

Sharing

Copy URL Twitter E-mail

General

Target

145eed4d22b5e7a2c9ee1272978aef017432bcf0298b982305247f7776c71e7d
Size

96KB
MD5

e714092a882042d2c2c3a4a303febd4b
SHA1

45d154ad12bc29a5be371789feeabf7fdf2040e3
SHA256

145eed4d22b5e7a2c9ee1272978aef017432bcf0298b982305247f7776c71e7d
SHA512

f6b1d77e8f8bf09a91343a3dbacfebd824e847642db408d9f1c3d6958eef3349aa77a1c70876316bed5c3110e67965978c2e2a82416a32ec08e793edf6698a62
SSDEEP

1536:OPtN6keo2BZCOpRcjzTiliTsGdMjFcGJIr4yqnYFmWY+6ROqLGfoCRrIad5z4MMC:Oz6keo26c2TiliTXdMjFcGJQ4yqnYFmW

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

145eed4d22b5e7a2c9ee1272978aef017432bcf0298b982305247f7776c71e7d
.exe windows x64

7a2b5f6c75c26148ecdbe1a2e4da17df

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

waveOutSetVolume
mciSendStringA
mixerGetLineControlsA
waveOutGetVolume
mixerSetControlDetails
mixerOpen
mixerGetLineInfoA
mixerGetControlDetailsA
waveOutGetNumDevs
waveOutGetDevCapsA
mixerClose

msvcrt

_initterm
__getmainargs
__initenv
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
wcslen
_mbsicmp
_strlwr
atof
_itoa
printf
_strnicmp
memcmp
_memicmp
strrchr
strtol
_commode
_fmode
__set_app_type
atoi
_stricmp
strcmp
strtoul
strchr
strcpy
malloc
wcscpy
free
wcscmp
wcsrchr
_wcsicmp
strlen
memcpy
??2@YAPEAX_K@Z
memset
_strcmpi
??3@YAXPEAX@Z
sprintf
strcat

kernel32

DeviceIoControl
GetStdHandle
SetPriorityClass
SetComputerNameA
OutputDebugStringA
GetSystemTime
SetConsoleTextAttribute
CreateProcessA
WritePrivateProfileStringA
DeleteFileA
LocalFileTimeToFileTime
GetEnvironmentVariableA
SetProcessAffinityMask
WinExec
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
Beep
ReadProcessMemory
WaitForSingleObject
GetSystemDirectoryA
OpenProcess
Sleep
WideCharToMultiByte
GetTimeFormatA
FindNextFileA
ReadFile
GetModuleFileNameA
GetFileAttributesA
GetWindowsDirectoryA
CopyFileA
GlobalUnlock
GlobalAlloc
CloseHandle
GlobalSize
GlobalLock
FreeLibrary
SystemTimeToFileTime
GetProcAddress
LoadLibraryA
MultiByteToWideChar
GetModuleHandleA
LoadLibraryExA
FormatMessageA
SetFileTime
CreateDirectoryA
GetFileTime
FindFirstFileA
GetDateFormatA
WriteFile
GetLastError
GetCommandLineA
GetVersionExA
CreateFileA
SetFileAttributesA
GetFileSize
FindClose
SetFilePointer
LocalFree

user32

AttachThreadInput
MessageBeep
TranslateMessage
GetWindowTextA
DefWindowProcA
GetSystemMetrics
IsWindowVisible
SetTimer
SendMessageTimeoutA
DestroyIcon
TrackPopupMenu
GetActiveWindow
GetForegroundWindow
GetDesktopWindow
EnumWindows
GetWindowThreadProcessId
KillTimer
SetWindowPos
PostMessageA
RegisterClassA
ChangeDisplaySettingsA
SendInput
PostQuitMessage
GetMessageA
InvalidateRect
DispatchMessageA
EnumChildWindows
SetDlgItemTextA
DialogBoxParamA
EndDialog
SendMessageA
GetDlgItem
SetWindowTextA
MessageBoxA
GetWindowTextLengthA
GetDlgItemTextA
CreateWindowExA
GetClipboardFormatNameA
EmptyClipboard
RegisterClipboardFormatA
SetClipboardData
CloseClipboard
OpenClipboard
GetWindowLongA
SetWindowLongA
ReleaseDC
GetDC
GetCursorPos
GetWindowRect
SetFocus
MoveWindow
GetClassNameA
SetWindowPlacement
GetClipboardData
SetForegroundWindow
EnableWindow
MapWindowPoints
GetWindowPlacement
ShowWindow
ExitWindowsEx
SetCursorPos
GetParent

gdi32

DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetDeviceCaps
SelectObject
CreateDIBitmap
GetObjectA
DeleteObject

advapi32

RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
RegCreateKeyExA

shell32

ExtractIconExA
SHFileOperationA
SHChangeNotify
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

OleGetClipboard
CoCreateInstance
CoUninitialize
CoInitialize
PropVariantClear
CoTaskMemFree
ReleaseStgMedium

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a2b5f6c75c26148ecdbe1a2e4da17df

Headers

DLL Characteristics

File Characteristics

Imports

winmm

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

Sections

.text Size: 72KB - Virtual size: 71KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 1024B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.text
Size: 72KB - Virtual size: 71KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB