MailPV[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

MailPV.exe
Size

110KB
MD5

782dd6152ab52361eba2bafd67771fa0
SHA1

5c5ff30a24a3858a8e9bd531dfef885d0b2a00c7
SHA256

26a3395a4115355e897a7daf04551eba5e62da661d8dbae7c99205a2e74d24ba
SHA512

a6d22daa93cf5eb2e57684bc0e3e0c177e4a4fe0cf9e072cab188a99178892eff92241ad6d94b20da487d88ce65f2a3ffc4d6a4dc293bf375d94fbc6b0449f53
SSDEEP

3072:1WSVGdlouHiwfXjObBBDTn991ix689w2KQik:1Wrdl9fzOzTna689V

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Files

MailPV.exe
.exe windows x86

54db291fe92057b8dcd2eca2f82f7be8

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1d:df:68:53:3a:4a:8f:29:c0:84:64:80:ef:dd:f3:0d:7b:59:8a:73:b6:a6:53:77:1f:6a:84:69:b1:5c:d7:e2
Signer

Actual PE Digest

1d:df:68:53:3a:4a:8f:29:c0:84:64:80:ef:dd:f3:0d:7b:59:8a:73:b6:a6:53:77:1f:6a:84:69:b1:5c:d7:e2

Digest Algorithm

sha256

PE Digest Matches

true

8c:8b:24:84:e3:e5:d1:15:8a:b3:8f:f2:e0:82:2c:77:63:a1:5b:43
Signer

Actual PE Digest

8c:8b:24:84:e3:e5:d1:15:8a:b3:8f:f2:e0:82:2c:77:63:a1:5b:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memmove
wcschr
wcslen
wcsncmp
_itoa
_strlwr
strncmp
_mbsnbicmp
_snprintf
_mbsrchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
_strnicmp
_acmdln
__getmainargs
_initterm
_memicmp
malloc
strrchr
_stricmp
free
modf
memcmp
strtoul
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
sprintf
_mbsicmp
atoi
_strcmpi
strlen
strcmp
exit
_adjust_fdiv
wcsstr
log
_mbscmp
strchr
_purecall
strncat
abs
strcat
_ultoa
strcpy
memset
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
__setusermatherr

comctl32

CreateToolbarEx
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon
ord6

rpcrt4

UuidFromStringA

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetModuleHandleA
ExitProcess
GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
GetStdHandle
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
GetComputerNameA
GetFileSize
CreateFileA
GlobalUnlock
GlobalLock
GetTempPathA
GlobalAlloc
CloseHandle
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
DeleteFileA
OpenProcess
GetStartupInfoA
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
ExpandEnvironmentStringsA
LocalFree
WriteFile
GetPrivateProfileSectionA
FreeLibrary
GetProcAddress
LoadLibraryA
GetModuleFileNameA
FindFirstFileA
FindNextFileA
SetFilePointer
GetLastError
LoadLibraryExA
GetFileAttributesA
GetTempFileNameA
FindClose
FormatMessageA
GetWindowsDirectoryA
ReadFile
GetVersionExA

user32

GetClassNameA
TrackPopupMenu
PostMessageA
GetFocus
DispatchMessageA
DrawTextExA
IsDialogMessageA
GetMessageA
TranslateMessage
RegisterWindowMessageA
PostQuitMessage
GetWindowTextA
GetMenuItemInfoA
EnumChildWindows
DestroyMenu
GetDlgCtrlID
DialogBoxParamA
ShowWindow
SetCursor
LoadCursorA
ChildWindowFromPoint
GetSysColorBrush
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SendDlgItemMessageA
SetWindowTextA
GetWindowRect
GetSystemMetrics
GetDlgItemInt
DeferWindowPos
EndPaint
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
BeginDeferWindowPos
EndDeferWindowPos
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetMenuStringA
EnableWindow
DestroyWindow
GetCursorPos
LoadImageA
GetSysColor
MapWindowPoints
GetMenu
CloseClipboard
GetParent
OpenClipboard
GetDC
EmptyClipboard
MoveWindow
GetSubMenu
EnableMenuItem
ReleaseDC
LoadMenuA
LoadStringA
CreateDialogParamA
ModifyMenuA

gdi32

GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject
GetTextExtentPoint32A
SetBkColor
SelectObject

comdlg32

GetOpenFileNameA
GetSaveFileNameA
FindTextA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

54db291fe92057b8dcd2eca2f82f7be8

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

1d:df:68:53:3a:4a:8f:29:c0:84:64:80:ef:dd:f3:0d:7b:59:8a:73:b6:a6:53:77:1f:6a:84:69:b1:5c:d7:e2Signer

8c:8b:24:84:e3:e5:d1:15:8a:b3:8f:f2:e0:82:2c:77:63:a1:5b:43Signer

Headers

File Characteristics

Imports

msvcrt

comctl32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 12KB - Virtual size: 11KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

1d:df:68:53:3a:4a:8f:29:c0:84:64:80:ef:dd:f3:0d:7b:59:8a:73:b6:a6:53:77:1f:6a:84:69:b1:5c:d7:e2
Signer

8c:8b:24:84:e3:e5:d1:15:8a:b3:8f:f2:e0:82:2c:77:63:a1:5b:43
Signer

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 12KB - Virtual size: 11KB