c64710220e71055b45c17a7cd79d929d3b55a09534a4f6ac6c4d6ef2ec25a507 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

c64710220e71055b45c17a7cd79d929d3b55a09534a4f6ac6c4d6ef2ec25a507
Size

1.8MB
MD5

27331ccb9f9d286a86b41db9f3082302
SHA1

91a428d7116271a5e870075fd7bbc0a05515f741
SHA256

c64710220e71055b45c17a7cd79d929d3b55a09534a4f6ac6c4d6ef2ec25a507
SHA512

6ee5cccbfcd55d7c0b9585316e3669c7f4c17a8cf4fc00c1f9a93d628d93d0e30c9fadd9a1cf9ce8eaddc21b5dd6f1f849614cb5f92d39d3e2a49bdbe9dd3d27
SSDEEP

49152:Yv1FZYeiLxPQ6u4sOEvazaoGleXBWtwvP:8jZmLhQ6zsBneXBWWP

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Files

c64710220e71055b45c17a7cd79d929d3b55a09534a4f6ac6c4d6ef2ec25a507
.exe windows x86

fdbfec85672f73d2a4d49635454936d4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcAddress
GetModuleHandleA
LoadLibraryA
ExitProcess

user32

MessageBoxA

Sections

.text
Size: 68KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.perplex
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE