dafe133f14780055c8391e9c7ac8bb89037fe18999996d1519c48b2c5b40772b

Sharing

Copy URL

Twitter E-mail

General

Target

dafe133f14780055c8391e9c7ac8bb89037fe18999996d1519c48b2c5b40772b
Size

134KB
MD5

a8ddbe5fa6e2c20f93765c0b064a9302
SHA1

23a4781d3908ee8f674de8dd75396235211d74aa
SHA256

dafe133f14780055c8391e9c7ac8bb89037fe18999996d1519c48b2c5b40772b
SHA512

f9e485a4ef9d0f61ba74eded57f7a549c9d27593d6a88720e3df2bcc0cf7529753d19f067f4f299114c34b1a3fba4c9582e1131e420d5b2069294c01e399c370
SSDEEP

3072:gcqT17/b5b/ntxTgK7NK9aygTD5BAxVpkoBWCbz888R:ghT17/NwEKlg3SWCbm

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

dafe133f14780055c8391e9c7ac8bb89037fe18999996d1519c48b2c5b40772b
.exe windows x64

589fbb8b834dd3acc6ffc01abfe802ef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_onexit
__dllonexit
qsort
_strlwr
_itoa
_atoi64
_mbsicmp
_mbschr
strcmp
strrchr
malloc
free
modf
_exit
_c_exit
_XcptFilter
__C_specific_handler
memcmp
strtoul
_memicmp
strncmp
atoi
strchr
_strcmpi
strlen
memcpy
_purecall
_ultoa
strcpy
??3@YAXPEAX@Z
memset
??2@YAPEAX_K@Z
strncat
sprintf
strcat

ws2_32

inet_addr
WSAGetLastError
WSASetLastError
closesocket
gethostbyaddr
WSAAsyncSelect
htons
connect
getservbyport
WSACleanup
WSAStartup

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ImageList_ReplaceIcon
ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
ord6
ImageList_Add
CreateToolbarEx

kernel32

TerminateProcess
CreateEventA
GetStartupInfoA
GetProcessHeap
GetCurrentThread
GetVersionExA
UnmapViewOfFile
MapViewOfFile
DuplicateHandle
DeviceIoControl
CreateThread
ResumeThread
ReadProcessMemory
GetCurrentProcess
ExitProcess
DeleteFileA
GetCurrentProcessId
WinExec
GetStdHandle
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTempFileNameA
lstrcpyA
GetModuleFileNameA
LocalFree
lstrlenA
FindResourceA
GlobalUnlock
GetTimeFormatA
SetFilePointer
GetLastError
GetThreadSelectorEntry
HeapFree
OpenProcess
GetProcAddress
GetModuleHandleA
Sleep
CompareFileTime
GetFileAttributesA
GetSystemTimeAsFileTime
CloseHandle
FileTimeToLocalFileTime
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FreeLibrary
FileTimeToSystemTime
LoadLibraryA
FormatMessageA
LoadLibraryExA
GetWindowsDirectoryA
ReadFile
LoadResource
GetDateFormatA
WriteFile
GlobalAlloc
CreateFileA
GetFileSize
GlobalLock
LockResource
GetTempPathA

user32

GetCursorPos
EnableWindow
SetForegroundWindow
PostMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetCapture
KillTimer
ReleaseCapture
UpdateWindow
GetMessageA
MessageBeep
WindowFromPoint
SetTimer
RegisterWindowMessageA
PostQuitMessage
TrackPopupMenu
DrawTextExA
GetSysColor
CreateDialogParamA
DestroyMenu
GetDlgCtrlID
LoadStringA
DialogBoxParamA
ModifyMenuA
GetParent
LoadMenuA
DestroyWindow
GetMenuItemInfoA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SendMessageA
GetSystemMetrics
SetWindowPos
GetWindowPlacement
GetDlgItem
EndPaint
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetWindowTextLengthA
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
DeferWindowPos
GetWindowRect
GetDlgItemInt
EndDialog
RegisterClassA
SetMenu
LoadAcceleratorsA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
EnumWindows
IsWindowVisible
GetWindowThreadProcessId
LoadIconA
GetWindowTextA
FindWindowA
DestroyIcon
GetWindowLongA
SetWindowLongA
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
MapWindowPoints
LoadImageA
GetMenu
MoveWindow
OpenClipboard
SetClipboardData
ScreenToClient
EmptyClipboard
GetDC
EnableMenuItem
CheckMenuItem
ReleaseDC
GetClassNameA
GetSubMenu
CloseClipboard
GetMenuItemCount
GetMenuStringA
CheckMenuRadioItem
EnumChildWindows

gdi32

GetTextExtentPoint32A
SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameA
FindTextA

advapi32

RegDeleteKeyA

shell32

ExtractIconExA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

589fbb8b834dd3acc6ffc01abfe802ef

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ws2_32

version

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 90KB - Virtual size: 89KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 2KB - Virtual size: 5KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 19KB

.text
Size: 90KB - Virtual size: 89KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 2KB - Virtual size: 5KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 19KB