nitro-gen[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nitro-gen.exe
Size

4.6MB
MD5

4078a12e2564e42868109965e5f620fb
SHA1

6dd6ea7719dffe622ee1b7c3d2fc15a86c704e85
SHA256

3979c98a43f1adec5855dba2a5222d19ec9eb77eea643aa5f534ab1b156adc19
SHA512

8f5794040e3a30b97d827ce3e5eeaaba8b8d6c30ac94448c212b129f49f21619406930d31c61b28accbb19c7d55e00c7d0686ef4e5059e488dc894838279f020
SSDEEP

98304:vQf3s64R9ybzUcwti78OqJ7TPBF3ZlHHgkWJ0P39qXSaDv:+zUcwti7TQlF3ZxxWJSUnDv

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Files

nitro-gen.exe
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ