a19f4c3f978c05d612f19c4397ff08297849328593968e6b5b22aa73de8b5ccf

Sharing

Copy URL Twitter E-mail

General

Target

a19f4c3f978c05d612f19c4397ff08297849328593968e6b5b22aa73de8b5ccf
Size

92KB
MD5

43e0a7e8759663a3fc1720ee7b2e74bd
SHA1

663b81aae3e4b65da10c3d5671cc5c0ae788b006
SHA256

a19f4c3f978c05d612f19c4397ff08297849328593968e6b5b22aa73de8b5ccf
SHA512

bc1293739a7a4a0e0614d7902a607f5fe737aef0d675df67302ad7e0faacaab7be429d3ca509cf0e9eb0a93ca60e0e9cb8353e77d6c1f1862b3ede4c6f801d9b
SSDEEP

1536:JeCZFtVE5TnkPuj78Xch3sSk23z6w4kY3GNlEk1yz5Zu:JXZ5E5TnkPQ78MhO2j6w45GNlEk1yz58

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

a19f4c3f978c05d612f19c4397ff08297849328593968e6b5b22aa73de8b5ccf
.exe windows x86

850c27e1727382be95b1ec69b638e5d5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
__p__fmode
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_wtol
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
__set_app_type
_controlfp
_except_handler3
_cexit
wcsrchr
_wcsicmp
malloc
wcschr
wcscmp
free
modf
_memicmp
memcmp
wcstoul
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
ord17
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

DeleteFileW
GetCurrentProcessId
ExitProcess
ReadProcessMemory
CreateProcessW
SetErrorMode
CopyFileW
EnumResourceNamesW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FileTimeToSystemTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetModuleFileNameW
GetCurrentProcess
CompareFileTime
FileTimeToLocalFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
WriteFile
CreateFileW
LocalFree
LockResource
MultiByteToWideChar
lstrcpyW
FindResourceW
lstrlenW
LoadResource
GlobalAlloc
GetSystemDirectoryW
LoadLibraryExW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetLastError
FindNextFileW
SizeofResource
GlobalLock
FormatMessageW
GetDateFormatW
GetVersionExW
GetTempFileNameW
FindClose
GetFileSize
FindFirstFileW
GetTimeFormatW
GetModuleHandleW
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
SetFilePointer
ReadFile

user32

SetForegroundWindow
SetMenuItemInfoW
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
TranslateMessage
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
InsertMenuItemW
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CheckMenuRadioItem
CloseClipboard
GetCursorPos
GetParent
GetSysColor
SetClipboardData
LoadStringW
SetWindowPos
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
DestroyIcon
DrawTextExW
CreatePopupMenu
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
UpdateWindow

gdi32

DeleteObject
SetTextColor
CreateFontIndirectW
SetBkMode
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
GetStockObject
SetBkColor
DeleteDC
GetPixel
GetDeviceCaps
GetObjectW
CreateSolidBrush
SetPixel

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW

shell32

SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteExW
DragQueryFileW
DragAcceptFiles
ShellExecuteW
DragFinish

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

850c27e1727382be95b1ec69b638e5d5

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 24KB - Virtual size: 24KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 24KB - Virtual size: 24KB