16c5f5a72507ad2188529fdd686c7ca7b691588a9f50dcb6dcdc96d4c08e3931

Sharing

Copy URL

Twitter E-mail

General

Target

16c5f5a72507ad2188529fdd686c7ca7b691588a9f50dcb6dcdc96d4c08e3931
Size

282KB
MD5

bfb11eeb84fd66e0f43ee8f25fbc5e42
SHA1

a029f4493c10c64aa43c4573f1f1d55268a06051
SHA256

16c5f5a72507ad2188529fdd686c7ca7b691588a9f50dcb6dcdc96d4c08e3931
SHA512

de0fe4a7d83c23909be68174210f9480664383465743bdd4aee7ca029fe08894bb36317637c6b714379f29f6d4491b95c1d170a56d103920a8a13d5bd906678e
SSDEEP

6144:R8RUWlhho5ggeXfaiT2qiRai6NI0ebAtb84:R+UWSyXlT2qHe084

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

16c5f5a72507ad2188529fdd686c7ca7b691588a9f50dcb6dcdc96d4c08e3931
.exe windows x86

f14e7174edd7ad544a0105a9e261d5c3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsncat
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
_wcslwr
qsort
_purecall
_itow
_XcptFilter
wcsrchr
_wcsicmp
malloc
wcschr
realloc
free
modf
_memicmp
_wtoi
memcmp
wcstoul
memcpy
_exit
_c_exit
_onexit
__dllonexit
wcslen
strtoul
strlen
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
wcscpy
memset
wcscat
_snwprintf
__p__fmode
__set_app_type
_controlfp
_except_handler3
_gmtime64
strftime
wcscmp
strcmp

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

UnmapViewOfFile
MapViewOfFile
Sleep
CreateFileMappingW
CreateFileA
InitializeCriticalSection
DeleteFileA
GetFullPathNameA
GetDiskFreeSpaceW
AreFileApisANSI
EnterCriticalSection
GetFullPathNameW
GetSystemTime
LockFileEx
FormatMessageA
GetSystemInfo
SetEndOfFile
LeaveCriticalSection
GetFileAttributesA
GetModuleHandleA
GetStartupInfoW
GetDiskFreeSpaceA
GetTempPathA
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
SystemTimeToFileTime
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
MultiByteToWideChar
lstrcpyW
FindResourceW
lstrlenW
LoadResource
GlobalAlloc
LoadLibraryExW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetLastError
SizeofResource
GlobalLock
FormatMessageW
GetDateFormatW
GetVersionExW
GetTempFileNameW
GetFileSize
GetTimeFormatW
GetModuleHandleW
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
SetFilePointer
ReadFile
GetModuleFileNameW
WriteFile
CreateFileW
LocalFree
LockResource
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
DeleteFileW
GetCurrentProcessId
ExitProcess
GetCurrentProcess
ReadProcessMemory
OpenProcess
EnumResourceTypesW
QueryPerformanceCounter
GetFileAttributesExW
InterlockedCompareExchange
DeleteCriticalSection
UnlockFile
FlushFileBuffers
LockFile

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
SetWindowPos
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
EndDialog
SetWindowLongW
EndPaint
GetDlgItem
InvalidateRect
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
BeginPaint
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
GetSysColor
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW

gdi32

SetBkColor
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetStockObject

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f14e7174edd7ad544a0105a9e261d5c3

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 227KB - Virtual size: 227KB

.rdata Size: 35KB - Virtual size: 35KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 227KB - Virtual size: 227KB

.rdata
Size: 35KB - Virtual size: 35KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 15KB - Virtual size: 14KB