RouterPassView[.]exe

Resubmissions

03/10/2023, 22:28

231003-2d4rvafh2x 10

12/03/2023, 05:44

230312-ge7vnsch37 10

Sharing

Copy URL Twitter E-mail

General

Target

RouterPassView.exe
Size

150KB
MD5

10d1d830605db00287a616674ef9154a
SHA1

5e7e1b0f545a4319f4ea74062b261ca2d4550ae1
SHA256

3ee00a42a65d2df9ee571875a11f53b56c8494e90e1e8e60e128aabdb56399c8
SHA512

cb1f5d8492702bff2840d30412412be9c527beaa4d62b1ea4693f3838ae288499caf80659df73935a5148681f66b4a1ce6e7828d0c5a2886e5acf777f90ebadb
SSDEEP

3072:zdLD7vYQsQZCBCwcOn+lSAGHPJzGrpqTo1q5wWDIz1vZ67iE20q5:prpCswcOyGtGio1qTDIz17

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

RouterPassView.exe
.exe windows x86

5e76c806baf2842487c460c964e20ceb

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_stricmp
strtoul
strchr
strncmp
sprintf
qsort
_purecall
_wcslwr
_itow
atoi
_wcsnicmp
memmove
__p__fmode
__set_app_type
_controlfp
_except_handler3
wcscmp
wcschr
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
_wcsicmp
malloc
strcat
strlen
memcpy
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy
memset
strcpy
fclose
wcscat
_snwprintf
wcsncat
fopen
fread
fprintf
ferror
ftell
fseek
_errno

comctl32

ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetCurrentProcessId
ExitProcess
GetCurrentProcess
ReadProcessMemory
OpenProcess
SetErrorMode
DeleteFileW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
EnumResourceNamesW
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GlobalUnlock
GetLastError
GetTempPathW
LoadLibraryExW
LoadLibraryW
GetProcAddress
FreeLibrary
GlobalLock
SizeofResource
FormatMessageW
GetTempFileNameW
GetVersionExW
GetFileSize
GetModuleHandleW
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
WriteFile
CreateFileW
LocalFree
FindResourceW
LockResource
LoadResource
MultiByteToWideChar
lstrcpyW
lstrlenW
GlobalAlloc
WideCharToMultiByte

user32

GetMessageW
DrawTextExW
TranslateMessage
DispatchMessageW
IsDialogMessageW
PostQuitMessage
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
TrackPopupMenu
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
MoveWindow
GetMenuItemCount
GetMenuStringW
CheckMenuItem
CheckMenuRadioItem
CloseClipboard
GetCursorPos
SetClipboardData
EnableWindow
GetParent
GetSysColor
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
SetWindowPos
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
RegisterWindowMessageW
GetDlgItemTextW

gdi32

SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
GetDeviceCaps

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

RegCloseKey
RegOpenKeyExW

shell32

ShellExecuteW
DragAcceptFiles
DragFinish
DragQueryFileW
SHGetFileInfoW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

5e76c806baf2842487c460c964e20ceb

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 94KB - Virtual size: 94KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 11KB - Virtual size: 106KB

.rsrc Size: 15KB - Virtual size: 14KB

.text
Size: 94KB - Virtual size: 94KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 11KB - Virtual size: 106KB

.rsrc
Size: 15KB - Virtual size: 14KB