SniffPass64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SniffPass64.exe
Size

96KB
MD5

b68e5f362582d15b2c904133f80bdfa6
SHA1

6638e718501de489649a5a3a7fcd62a92fd7cdc1
SHA256

c92580318be4effdb37aa67145748826f6a9e285bc2426410dc280e61e3c7620
SHA512

92f0d931f3dd8f1ff6c4773d952daf915428562faea3c099eda1b6d3ed919f3edeb431ea215a86b94d176c7f5193375058d2dfce2a81f3fa26a4d55897572e77
SSDEEP

1536:8Ho/j4yWLUVJk8KosYokbsGEKeNsCexwppFxWVyDNDzx3tQimRwJ+Kbs71a:go/j4yWoHOYowsGELsCnbxWVeNnXyuI8

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

SniffPass64.exe
.exe windows x64

fe1703ebe1a11b60b7459b2ce858e5ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSAIoctl
setsockopt
recv
bind
socket
WSASetLastError
closesocket
connect
WSAAsyncSelect
WSAGetLastError
htons
WSACleanup
WSAStartup
inet_ntoa
inet_addr

msvcrt

_memicmp
_ultoa
strcpy
strlen
_stricmp
strcmp
strncat
sprintf
memcmp
modf
free
malloc
strtoul
strchr
_strcmpi
strrchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
strcat
memcpy
memset
_strnicmp
_itoa
_purecall
_strlwr
__dllonexit
_onexit
__C_specific_handler
_XcptFilter
_c_exit
_exit
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_commode
__set_app_type
_fmode

comctl32

CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
ord6

kernel32

OpenProcess
GetTickCount
GlobalFree
ReadProcessMemory
GetCurrentProcess
ExitProcess
DeleteFileA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetDateFormatA
GetVersionExA
GetWindowsDirectoryA
FormatMessageA
ReadFile
GetFileSize
CreateFileA
GetFileAttributesA
GetCurrentProcessId
GetTimeFormatA
GetStartupInfoA
WideCharToMultiByte
GetLocalTime
SystemTimeToFileTime
CompareFileTime
LoadLibraryA
FreeLibrary
FileTimeToSystemTime
GetProcAddress
WinExec
MultiByteToWideChar
WriteFile
CloseHandle
GlobalUnlock
GetTempPathA
LocalFree
GlobalAlloc
GetModuleFileNameA
GetLastError
GetModuleHandleA
LoadLibraryExA
GlobalLock
GetTempFileNameA

user32

SendMessageTimeoutA
CheckMenuItem
KillTimer
GetFocus
GetMessageA
RegisterWindowMessageA
SetTimer
DispatchMessageA
DeferWindowPos
IsDialogMessageA
TranslateMessage
BeginDeferWindowPos
PostQuitMessage
TrackPopupMenu
EndDeferWindowPos
GetWindowTextA
GetMenuItemInfoA
DestroyWindow
EnumChildWindows
CreateDialogParamA
DestroyMenu
GetDlgCtrlID
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
LoadCursorA
SetCursor
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SetDlgItemTextA
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
MessageBeep
LoadIconA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
GetSubMenu
SetClipboardData
GetDC
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
ReleaseDC
OpenClipboard
GetClientRect
MoveWindow
GetMenuItemCount
GetMenuStringA
DialogBoxParamA
GetCursorPos
GetMenu
GetSysColor
GetClassNameA
CloseClipboard
LoadMenuA
GetParent
ModifyMenuA
LoadStringA
PeekMessageA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegCloseKey
RegQueryValueExA

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fe1703ebe1a11b60b7459b2ce858e5ce

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 65KB - Virtual size: 64KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 61KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 65KB - Virtual size: 64KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 61KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 12KB - Virtual size: 11KB