ab176354b7b806342656280d6b383eafb77c37c543542200bb2b18126481ebff | Triage

Sharing

Copy URL Twitter E-mail

General

Target

ab176354b7b806342656280d6b383eafb77c37c543542200bb2b18126481ebff
Size

19KB
MD5

8ad3ae3451e63a34bf44b4cff89ee3df
SHA1

6a70d965a1aa3ee51e8cd3e7c81c41be81d0ef56
SHA256

ab176354b7b806342656280d6b383eafb77c37c543542200bb2b18126481ebff
SHA512

6886bd3efe9bc3242fdbc9b388cb71ebc91cd76b9339a4f060623382bd230205707948117161aab53f7d97f29447fdea9190f359ab704f4aba3e68fe4bff87fb
SSDEEP

384:B6+WwztUBYkshu4b9QU58w7zvjkSL1mx1zhOMspyAIgf0S:B6iUBYFFbDj3wSgvlONptTx

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

ab176354b7b806342656280d6b383eafb77c37c543542200bb2b18126481ebff
.exe windows x64

31712a793e664db336e8f23298ac5bab

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_strcmpi
memset
strrchr
strcat
_memicmp
??2@YAPEAX_K@Z
wcslen
strncat
printf
_mbsicmp
_snprintf
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__initenv
__getmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
memcpy
strlen
??3@YAXPEAX@Z
strtoul
strchr
sprintf
_c_exit
strcpy

kernel32

GetFileSize
CreateRemoteThread
GetCurrentProcess
VirtualAllocEx
WaitForSingleObject
ResumeThread
WriteProcessMemory
ReadProcessMemory
VirtualFreeEx
OpenProcess
WideCharToMultiByte
MultiByteToWideChar
CloseHandle
GetWindowsDirectoryA
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetLastError
CreateFileA
GetVersionExA
ReadFile

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ