MDE_File_Sample_4f91d8d3d21a03b9594ec7d70bde3208d49176ad[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

MDE_File_Sample_4f91d8d3d21a03b9594ec7d70bde3208d49176ad.zip
Size

290KB
MD5

eaa81d6003d728034d20e5d17fb00605
SHA1

1de08c82a76e4f09d3760121e53fb67eef7eb954
SHA256

c23e47d21f149892f986b26f7d3415a1d6ceea4467111fc4eaf514c91cda756b
SHA512

67902019f4cdb3ff5da7e9ff90309b3fe97e49e925d16b3e70ce6ad6d94d829385616fe03a6e7fecb96bfac08e3ca487e5f93dc3002bbfc61fefeffcc4450752
SSDEEP

6144:qyNeb4UL0tpTcveZTOlUn1JV+wJa94dNbJHnRt9sGY7URh:JUMbtpTXZTRrFkGPbJxt9K7Uf

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack002/mailpv.exe	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack002/mailpv.exe	MailPassView

Files

MDE_File_Sample_4f91d8d3d21a03b9594ec7d70bde3208d49176ad.zip
.zip

Password: Cis0@2023
mailpv.zip
.zip

Password: Cis0@2023
mailpv.chm
.chm
mailpv.exe
.exe windows x86

Password: Cis0@2023

4bb731cbb501f2408ea945577453f943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_endthreadex
_beginthreadex
strftime
realloc
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_msize
_gmtime64
strncmp
_strlwr
wcsncmp
wcschr
memmove
_strnicmp
strtoul
_memicmp
strrchr
_mbsnbcat
malloc
free
modf
_itoa
_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbscmp
_purecall
_ultoa
_strcmpi
wcsstr
atoi
strchr
strncat
sprintf
__p__fmode
__set_app_type
_mbsicmp
_controlfp
_except_handler3
_adjust_fdiv
memcpy
memset
_CIlog

comctl32

ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateToolbarEx

rpcrt4

UuidFromStringA

kernel32

GetSystemInfo
GetDiskFreeSpaceA
GetFileAttributesExW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
CreateFileW
GetFileAttributesW
HeapValidate
HeapCreate
HeapDestroy
GetVersionExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
DeleteFileW
GetSystemTime
AreFileApisANSI
CreateFileMappingW
GetStartupInfoA
LeaveCriticalSection
FormatMessageW
Sleep
ExpandEnvironmentStringsA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileSectionA
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
SystemTimeToFileTime
GetFileSize
CloseHandle
CreateFileA
SetFilePointer
GlobalLock
FormatMessageA
GetWindowsDirectoryA
GlobalAlloc
GetFileAttributesA
ReadFile
GlobalUnlock
FindFirstFileA
GetTempFileNameA
FindClose
GetModuleFileNameA
FindNextFileA
LoadLibraryExA
GetVersionExA
GetTempPathA
GetComputerNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle
DeleteFileA
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
SetCurrentDirectoryA
GetModuleHandleA
OpenProcess
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
InitializeCriticalSection

user32

GetMenu
GetMessageA
PostQuitMessage
TrackPopupMenu
GetFocus
RegisterWindowMessageA
DrawTextExA
IsDialogMessageA
TranslateMessage
PostMessageA
DispatchMessageA
LoadCursorA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndPaint
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
MoveWindow
CheckMenuItem
SetClipboardData
EnableWindow
MapWindowPoints
LoadImageA
OpenClipboard
GetMenuItemCount
GetMenuStringA
GetCursorPos
GetSysColor
EnableMenuItem
ReleaseDC
EmptyClipboard
GetDC
GetParent
GetSubMenu
GetClassNameA
CloseClipboard
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
LoadStringA
CreateDialogParamA
DestroyWindow

gdi32

SelectObject
SetTextColor
GetDeviceCaps
SetBkMode
DeleteObject
SetBkColor
CreateFontIndirectA
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA
FindTextA
GetSaveFileNameA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree

Sections

.text
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

Password: Cis0@2023

Password: Cis0@2023

Password: Cis0@2023

4bb731cbb501f2408ea945577453f943

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 441KB - Virtual size: 441KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 441KB - Virtual size: 441KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 11KB