16ed0992428ea7896120017f82c6262caf100ba34d250ff9d5c1839859ffa642

Sharing

Copy URL Twitter E-mail

General

Target

16ed0992428ea7896120017f82c6262caf100ba34d250ff9d5c1839859ffa642
Size

116KB
MD5

d5e6c9ed0fce826e0c2b6b996d9fe2e5
SHA1

8be7301acf7d5daab7effe78993f8626cf87bc96
SHA256

16ed0992428ea7896120017f82c6262caf100ba34d250ff9d5c1839859ffa642
SHA512

62848cbc5f42236c99d5e19e31b2e702d01517d5f41e4690371ff555e8fecf7f7783e9b32fbcd1c681ffebb701b5e5a9445ba2da9496cddfebdd1ea391c88a9d
SSDEEP

3072:bLz4Z6/uVq0B/kwXp5W2vrdzk4mYRNYVBJpHIZ:MZYux7f5x4YkVU

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

16ed0992428ea7896120017f82c6262caf100ba34d250ff9d5c1839859ffa642
.exe windows x64

a58a8fb4bdf0c47819c043378b3fd073

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wcslwr
strlen
qsort
modf
memcmp
wcstoul
__setusermatherr
_commode
_fmode
__set_app_type
wcscmp
malloc
_memicmp
free
_wcsnicmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcsrchr
wcschr
_itow
wcslen
_wtoi
_purecall
_wcsicmp
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetOverlayImage
ImageList_ReplaceIcon
ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ReadProcessMemory
GetCurrentProcess
OpenProcess
GetCurrentThreadId
WinExec
EnumResourceTypesW
GetStartupInfoW
GetDriveTypeW
GetCurrentProcessId
ExitProcess
DeleteFileW
Sleep
FileTimeToLocalFileTime
CompareFileTime
FreeLibrary
LoadLibraryExW
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
ExpandEnvironmentStringsW
GetLogicalDrives
CreateFileW
GetLastError
QueryDosDeviceW
DeviceIoControl
WideCharToMultiByte
lstrcpyW
LockResource
GlobalUnlock
GetTempPathW
GetDateFormatW
GetTempFileNameW
GlobalLock
SizeofResource
GetFileSize
FormatMessageW
GetVersionExW
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
WriteFile
ReadFile
GetModuleFileNameW
FindResourceW
CloseHandle
GetWindowsDirectoryW
LoadResource
GlobalAlloc
GetSystemDirectoryW
lstrlenW
LocalFree
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
SetErrorMode
CreateProcessW

user32

ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
SetDlgItemInt
SetForegroundWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
LoadIconW
DestroyIcon
GetWindowLongW
SetWindowLongW
SetFocus
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
OpenClipboard
GetClassNameW
GetSubMenu
MoveWindow
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
SetClipboardData
GetSysColor
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
GetParent
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
DestroyWindow
GetWindowTextW
LoadMenuW
BeginDeferWindowPos
KillTimer
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
SetTimer
IsDialogMessageW
DispatchMessageW
TranslateMessage
DrawTextExW
EndDeferWindowPos
GetWindowThreadProcessId
EnumWindows
AttachThreadInput
UpdateWindow

gdi32

SetBkColor
GetStockObject
GetTextExtentPoint32W
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegSetValueExW
RegConnectRegistryW
RegSetKeySecurity
RegLoadKeyW
RegCloseKey
RegUnLoadKeyW
RegQueryValueExW
RegQueryInfoKeyW
RegGetKeySecurity
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetFileInfoW
ExtractIconExW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a58a8fb4bdf0c47819c043378b3fd073

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 75KB - Virtual size: 75KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 15KB - Virtual size: 15KB

.text
Size: 75KB - Virtual size: 75KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 15KB - Virtual size: 15KB