b283f4260779cb9696e0f54cceb1e4c07d225233f0359c10f8dcac7f6d565df8

Sharing

Copy URL Twitter E-mail

General

Target

b283f4260779cb9696e0f54cceb1e4c07d225233f0359c10f8dcac7f6d565df8
Size

146KB
MD5

dac50692323f16f4f54570da831a009c
SHA1

327ca20533cc74d7f9a21a1fd677b42b1186f310
SHA256

b283f4260779cb9696e0f54cceb1e4c07d225233f0359c10f8dcac7f6d565df8
SHA512

ac933366b96e1b50785af60ddaa22f594fd3791eecae53225926ceafca2e704dab3dd7cdbc873fd623749c880cdeafb4ade2be322705dc9a182a51182362e82a
SSDEEP

3072:Af0UMNshb1IRuKfou1aJd1dOhFbTlDTbJkNKSFk5Bs0zKk9:O+shb074AGkp

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

b283f4260779cb9696e0f54cceb1e4c07d225233f0359c10f8dcac7f6d565df8
.exe windows x64

4869ad86f4ae6cb2f6ebac5568628516

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__set_app_type
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
_fmode
_wcslwr
strlen
qsort
_purecall
_itow
memmove
_commode
__setusermatherr
_wcmdln
_initterm
__wgetmainargs
__dllonexit
free
_memicmp
modf
memcmp
wcstoul
malloc
_wtoi
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
memcpy
_wcsicmp
wcschr
wcsrchr
wcscmp
wcscpy
memset
wcsncat
wcscat
_snwprintf

comctl32

ImageList_SetImageCount
ord17
ImageList_ReplaceIcon
ImageList_Create
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ws2_32

WSAStartup
WSACleanup
WSAAsyncSelect
send
connect
closesocket
WSASetLastError
socket
bind
htons
WSAGetLastError
htonl
inet_addr
WSAAsyncGetHostByName

kernel32

GetModuleFileNameW
CloseHandle
EnumResourceTypesW
WinExec
GetCurrentThreadId
Sleep
GetWindowsDirectoryW
CreateFileW
LocalFree
FindResourceW
GlobalAlloc
GetStartupInfoW
OpenProcess
GetCurrentProcessId
ExitProcess
ReadProcessMemory
GetCurrentProcess
SetErrorMode
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetTempPathW
GlobalUnlock
LockResource
GetSystemDirectoryW
LoadResource
lstrlenW
FileTimeToLocalFileTime
CompareFileTime
ExpandEnvironmentStringsW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
LoadLibraryW
GetModuleHandleW
LoadLibraryExW
SizeofResource
GetLastError
GlobalLock
GetDateFormatW
FormatMessageW
GetTempFileNameW
GetFileSize
GetVersionExW
GetTimeFormatW
GetFileAttributesW
ReadFile
WriteFile
lstrcpyW

user32

EmptyClipboard
SetForegroundWindow
AttachThreadInput
EnumWindows
DrawTextExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetFocus
DestroyIcon
LoadIconW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
GetParent
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ReleaseCapture
FillRect
SetCapture
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
GetWindow
SetDlgItemInt
DrawFrameControl
SetWindowTextW
BeginPaint
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
UpdateWindow
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetSysColor
LoadStringW
MoveWindow
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
ScreenToClient
CloseClipboard
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
ModifyMenuW
GetDC
EnableMenuItem
GetSubMenu
ReleaseDC
GetClassNameW
OpenClipboard
DestroyWindow
GetWindowTextW
LoadMenuW
GetWindowThreadProcessId

gdi32

CreateFontIndirectW
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
SelectObject
GetDeviceCaps
PatBlt
SetBkColor
SetBkMode
DeleteObject
SetTextColor

comdlg32

GetSaveFileNameW
ChooseFontW
FindTextW
GetOpenFileNameW

advapi32

RegQueryValueExW
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegSetValueExW

shell32

ShellExecuteW
SHGetFileInfoW
ExtractIconExW
SHChangeNotify

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4869ad86f4ae6cb2f6ebac5568628516

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 24KB - Virtual size: 23KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 24KB - Virtual size: 23KB