samples[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

samples.zip
Size

538KB
MD5

add78bdf3aaf3dbf33f608c5b895370a
SHA1

7a3b6c2e42e762d940301b677b79460d57c6226e
SHA256

63678e5b056502414873fda9239cc3a24b3156e49368c4353a23324048ee1fbf
SHA512

a71b41e924fb7a98991810f5d0c325372cdeeb7c23f5cde45b73f6b5a1648c89b703acd8d0f82b0da3f40cf60b521dda9be8e9e7a192e593093d0bc6506668b5
SSDEEP

12288:2y2CDSdxEepuwYQ9cfa4dyny6GekGlwVGyiL+lUanK2gmW9RD7ZPY:2/CDuavwYy6a4oJGekGlwV7UCPgm6RvC

Score

10^/10

Malware Config

Signatures

Nirsoft 3 IoCs

resource	yara_rule
static1/unpack001/10f703168cc43f60bfd54c69242d3db63d2d60e1114de74956a2439b8a8b3ed0	Nirsoft
static1/unpack001/2c21fa0fe0c3ad261925eb51f822d48fb107287bf3819cd0dc22a118394d1037	Nirsoft
static1/unpack001/4f6f22b1e21fcb1b48bb34c2f430246d873c7f211a03f3e83d24a560d0ff1a37	Nirsoft

NirSoft MailPassView 2 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/10f703168cc43f60bfd54c69242d3db63d2d60e1114de74956a2439b8a8b3ed0	MailPassView
static1/unpack001/2c21fa0fe0c3ad261925eb51f822d48fb107287bf3819cd0dc22a118394d1037	MailPassView

NirSoft WebBrowserPassView 2 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack001/2c21fa0fe0c3ad261925eb51f822d48fb107287bf3819cd0dc22a118394d1037	WebBrowserPassView
static1/unpack001/4f6f22b1e21fcb1b48bb34c2f430246d873c7f211a03f3e83d24a560d0ff1a37	WebBrowserPassView

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/10f703168cc43f60bfd54c69242d3db63d2d60e1114de74956a2439b8a8b3ed0
unpack001/2c21fa0fe0c3ad261925eb51f822d48fb107287bf3819cd0dc22a118394d1037
unpack001/4f6f22b1e21fcb1b48bb34c2f430246d873c7f211a03f3e83d24a560d0ff1a37
unpack001/9f2d8507d23e9dfea8317f366ae968063e332c93635d1f6d1c75a6d7e5552f52

Files

samples.zip
.zip

Password: infected
10f703168cc43f60bfd54c69242d3db63d2d60e1114de74956a2439b8a8b3ed0
.exe windows x86

17c5866c279c5eb30bd1e33a8a1e2933

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_strnicmp
wcsncmp
wcschr
wcslen
_itoa
_strlwr
qsort
strncmp
_mbsnbicmp
_snprintf
_mbsrchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_acmdln
__getmainargs
_initterm
modf
memcmp
strtoul
strcmp
malloc
_memicmp
strrchr
_stricmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
_mbsicmp
atoi
log
_strcmpi
strcat
free
exit
_adjust_fdiv
wcsstr
_mbscmp
strchr
_purecall
abs
_ultoa
strcpy
memset
strlen
strncat
sprintf
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__setusermatherr

comctl32

ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateToolbarEx

rpcrt4

UuidFromStringA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
ExitProcess
GetStdHandle
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetComputerNameA
GlobalAlloc
GetTempPathA
CloseHandle
GetVersionExA
ReadFile
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
DeleteFileA
OpenProcess
GetStartupInfoA
GetWindowsDirectoryA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
LocalFree
WriteFile
GetPrivateProfileSectionA
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalLock
GlobalUnlock
CreateFileA
GetFileSize
GetModuleFileNameA
FindNextFileA
FindFirstFileA
LoadLibraryExA
SetFilePointer
GetLastError
GetFileAttributesA
GetTempFileNameA
FindClose
FormatMessageA

user32

EnableWindow
GetFocus
DispatchMessageA
DrawTextExA
IsDialogMessageA
GetMessageA
TranslateMessage
RegisterWindowMessageA
PostQuitMessage
TrackPopupMenu
PostMessageA
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
DestroyWindow
ModifyMenuA
CreateDialogParamA
SetCursor
ChildWindowFromPoint
LoadCursorA
GetSysColorBrush
ShowWindow
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
GetWindowRect
GetSystemMetrics
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetWindowPlacement
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
BeginDeferWindowPos
EndDeferWindowPos
GetDC
EmptyClipboard
GetSubMenu
MoveWindow
EnableMenuItem
ReleaseDC
CheckMenuItem
LoadStringA
GetMenuStringA
SetClipboardData
GetMenuItemCount
MapWindowPoints
GetCursorPos
LoadImageA
GetSysColor
GetClassNameA
CloseClipboard
GetMenu
OpenClipboard
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent

gdi32

SelectObject
DeleteObject
SetTextColor
CreateFontIndirectA
SetBkMode
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegQueryValueExA
RegEnumKeyExA
RegCloseKey
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoUninitialize
CoTaskMemFree
CoInitialize

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
2c21fa0fe0c3ad261925eb51f822d48fb107287bf3819cd0dc22a118394d1037
.exe windows x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 507KB - Virtual size: 506KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
4f6f22b1e21fcb1b48bb34c2f430246d873c7f211a03f3e83d24a560d0ff1a37
.exe windows x86

db7acb6caf8f6393ad85ffeaffc49cf6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_adjust_fdiv
__p__commode
__p__fmode
wcscat
__set_app_type
_controlfp
_gmtime64
strftime
qsort
_itow
_wcsupr
_wcslwr
__setusermatherr
_strlwr
wcsncmp
free
modf
_memicmp
wcstoul
_cexit
malloc
strcmp
strcpy
wcsrchr
_initterm
__wgetmainargs
_wcmdln
strchr
exit
_wcsnicmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcmp
wcscmp
abs
log
_purecall
wcslen
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
strlen
wcsncat
_snwprintf
_except_handler3
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
memchr
realloc

comctl32

ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetSystemInfo
Sleep
CreateFileA
InitializeCriticalSection
GetFullPathNameA
DeleteFileA
UnlockFile
FlushFileBuffers
LockFile
GetTickCount
GetModuleHandleA
GetStartupInfoW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetSystemTimeAsFileTime
GetTempPathA
UnlockFileEx
LocalFree
GetFileSize
SystemTimeToFileTime
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
CopyFileW
CreateFileW
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
SetFilePointerEx
CompareFileTime
GetCurrentDirectoryW
ExpandEnvironmentStringsW
MultiByteToWideChar
GlobalLock
FormatMessageW
GetVersionExW
FindClose
GetTempFileNameW
FindFirstFileW
GetFileAttributesW
GetWindowsDirectoryW
GetModuleHandleW
SetFilePointer
ReadFile
GetModuleFileNameW
LockResource
lstrcpyW
lstrlenW
FindResourceW
LoadResource
GlobalAlloc
GlobalUnlock
LoadLibraryExW
GetTempPathW
FindNextFileW
SizeofResource
GetFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetCurrentProcess
DuplicateHandle
OpenProcess
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
ReadProcessMemory
ExitProcess
SetCurrentDirectoryW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnumResourceTypesW

user32

TrackPopupMenu
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
BeginDeferWindowPos
TranslateMessage
IsDialogMessageW
DrawTextExW
GetMessageW
PostQuitMessage
SetWindowPos
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
SendDlgItemMessageW
GetDlgItemInt
EndDialog
SetWindowLongW
GetDlgItem
InvalidateRect
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
GetSysColor
EnableWindow
GetMenu
MapWindowPoints
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW

gdi32

GetStockObject
SelectObject
GetDeviceCaps
SetBkMode
SetTextColor
DeleteObject
CreateFontIndirectW
SetBkColor
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
9f2d8507d23e9dfea8317f366ae968063e332c93635d1f6d1c75a6d7e5552f52
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

17c5866c279c5eb30bd1e33a8a1e2933

Headers

File Characteristics

Imports

msvcrt

comctl32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 66KB - Virtual size: 66KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 11KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 507KB - Virtual size: 506KB

.rsrc Size: 12KB - Virtual size: 12KB

.reloc Size: 512B - Virtual size: 12B

db7acb6caf8f6393ad85ffeaffc49cf6

Headers

File Characteristics

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 263KB - Virtual size: 263KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 22KB - Virtual size: 21KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 4KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 824B

.reloc Size: 512B - Virtual size: 12B

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 11KB

.text
Size: 507KB - Virtual size: 506KB

.rsrc
Size: 12KB - Virtual size: 12KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 263KB - Virtual size: 263KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 22KB - Virtual size: 21KB

.text
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 824B

.reloc
Size: 512B - Virtual size: 12B