WirelessKeyView[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WirelessKeyView.exe
Size

107KB
MD5

a56a0690cb46d684aa5b485d3cec89e4
SHA1

3ed3532c4027c40551cd328873f51fa07aaf9eb8
SHA256

2047070cfb4472abd7f698f14aef2d7902da3ab08d8677ee3184b394325f34d0
SHA512

c5f9767d7f0bec98e7380a3b8a8be3132841516ada25e6cada4de889d197c6ea5e9ffb06c5e353d1a0074ba3983085177331a15199bae84915fd863f3bdb64ed
SSDEEP

1536:gKDH3cIGz51eOYh5jTMwBxSmsclQaLOTpNThqT4epF/bieS:/DXcIi519YDPvbN5QzjThqT4epJdS

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

WirelessKeyView.exe
.exe windows x86

1d7e7846ad75aa9f575074eb1d52195d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cb:ed:e4:ea:df:18:92:5b:0c:e6:4c:94:9c:19:b6:04:1b:9a:79:9a:b8:1c:7f:bf:9a:6c:a8:61:88:c0:73:f9
Signer

Actual PE Digest

cb:ed:e4:ea:df:18:92:5b:0c:e6:4c:94:9c:19:b6:04:1b:9a:79:9a:b8:1c:7f:bf:9a:6c:a8:61:88:c0:73:f9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

10/11/2016, 07:44
Valid: true

Chain 1

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

6a:b3:4c:18:62:83:a8:01:0d:cb:3d:cc:2e:2a:20:77:59:3c:d2:3b
Signer

Actual PE Digest

6a:b3:4c:18:62:83:a8:01:0d:cb:3d:cc:2e:2a:20:77:59:3c:d2:3b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

10/11/2016, 07:44
Valid: false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
CreateToolbarEx
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

msvcrt

_mbschr
strncmp
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_mbsicmp
strtoul
strchr
_memicmp
_mbscmp
strrchr
malloc
_strcmpi
free
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
qsort
_strlwr
_itoa
modf
wcslen
_snprintf
memcmp
memcpy
atoi
_purecall
strcmp
memset
strcpy
strcat
strncat
sprintf
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

kernel32

GetStartupInfoA
OpenFileMappingA
Sleep
GetTickCount
CreateFileMappingA
CopyFileA
UnmapViewOfFile
MapViewOfFile
EnumResourceTypesA
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
GetCurrentProcessId
ReadProcessMemory
ExitProcess
CreateProcessA
SetErrorMode
DeleteFileA
FreeLibrary
GetProcAddress
LoadLibraryA
CompareFileTime
CloseHandle
LocalFree
GetFileSize
GetLastError
LocalAlloc
SystemTimeToFileTime
FileTimeToSystemTime
FindClose
GetCurrentProcess
ReadFile
GetSystemDirectoryA
CreateFileA
GlobalAlloc
GlobalLock
GetVersionExA
FindResourceA
MultiByteToWideChar
LockResource
FileTimeToLocalFileTime
GetTimeFormatA
GetTempPathA
SizeofResource
GlobalUnlock
FindFirstFileA
GetModuleFileNameA
FindNextFileA
GetFileAttributesA
GetModuleHandleA
LoadResource
SystemTimeToTzSpecificLocalTime
LoadLibraryExA
FormatMessageA
GetWindowsDirectoryA
GetDateFormatA
WriteFile
GetTempFileNameA
WideCharToMultiByte
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle

user32

RegisterWindowMessageA
GetMessageA
DrawTextExA
IsDialogMessageA
DispatchMessageA
TranslateMessage
DeferWindowPos
PostQuitMessage
TrackPopupMenu
BeginDeferWindowPos
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
LoadCursorA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
EndDialog
GetDlgItem
CreateWindowExA
RegisterClassA
UpdateWindow
GetSystemMetrics
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
GetWindowRect
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
MoveWindow
OpenClipboard
GetMenu
CheckMenuItem
EmptyClipboard
GetParent
GetClassNameA
EnableMenuItem
CloseClipboard
ReleaseDC
GetDC
GetMenuItemCount
GetSubMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetMenuStringA
GetCursorPos
GetKeyState
GetSysColor
GetWindowTextA
LoadMenuA
LoadStringA
CreateDialogParamA
ModifyMenuA
DialogBoxParamA
DestroyWindow
GetDlgCtrlID
DestroyMenu
EnumChildWindows
GetMenuItemInfoA
EndDeferWindowPos
GetFocus
GetClientRect

gdi32

GetTextExtentPoint32A
SetBkColor
GetStockObject
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA
GetOpenFileNameA

advapi32

RegDeleteValueA
RegEnumValueA
RegCloseKey
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d7e7846ad75aa9f575074eb1d52195d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

cb:ed:e4:ea:df:18:92:5b:0c:e6:4c:94:9c:19:b6:04:1b:9a:79:9a:b8:1c:7f:bf:9a:6c:a8:61:88:c0:73:f9Signer

Signature Validations

Verification

10/11/2016, 07:44 Valid: true

Chain 1

6a:b3:4c:18:62:83:a8:01:0d:cb:3d:cc:2e:2a:20:77:59:3c:d2:3bSigner

Signature Validations

Verification

10/11/2016, 07:44 Valid: false

Headers

File Characteristics

Imports

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 17KB - Virtual size: 17KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

cb:ed:e4:ea:df:18:92:5b:0c:e6:4c:94:9c:19:b6:04:1b:9a:79:9a:b8:1c:7f:bf:9a:6c:a8:61:88:c0:73:f9
Signer

10/11/2016, 07:44
Valid: true

6a:b3:4c:18:62:83:a8:01:0d:cb:3d:cc:2e:2a:20:77:59:3c:d2:3b
Signer

10/11/2016, 07:44
Valid: false

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 17KB - Virtual size: 17KB