process_3536[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

process_3536.rar
Size

488KB
MD5

0baec3cb63b2fd520c96f7fe4b10afdc
SHA1

d46e80bbcf07b92d868fc6d47f9886b022494d5c
SHA256

bab4d236bd3afde8b68fe7bca1f387ce882c28e69f9d6b51b4547f9230add7ff
SHA512

047eb7915995ea3a2a58d70dc76e8b408a6ffe96c6195b8ed3cfd16746f60a3684bde728810d730e5fb49ca9aa5c432c9daa769c04c8ef66c76ff6fea6e6dd9b
SSDEEP

12288:nfFxnCCN++3iLAkoV1AlO+CooaXDrWM53eLygkyKwKJRMI00c7:nz9NzSAVOlOKsye4Bjc7

Score

10^/10

Malware Config

Signatures

Nirsoft 3 IoCs

resource	yara_rule
static1/unpack001/359f0000.exe	Nirsoft
static1/unpack001/35a70000.exe	Nirsoft
static1/unpack001/35de0000.exe	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
static1/unpack001/35de0000.exe	MailPassView

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
static1/unpack001/359f0000.exe	WebBrowserPassView

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/359f0000.exe
unpack001/35a70000.exe
unpack001/35de0000.exe
unpack001/35e40000.dll

Files

process_3536.rar
.rar

Password: infected
359f0000.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 468KB - Virtual size: 468KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
35a70000.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
35de0000.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Sections

.MPRESS1
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
35e40000.dll
.dll windows x86

Password: infected

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Exports

Exports

FoxMailRecovery

Sections

.MPRESS1
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.MPRESS2
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Headers

File Characteristics

Sections

.MPRESS1 Size: 468KB - Virtual size: 468KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

Password: infected

Headers

File Characteristics

Sections

.MPRESS1 Size: 132KB - Virtual size: 132KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

Password: infected

Headers

File Characteristics

Sections

.MPRESS1 Size: 336KB - Virtual size: 336KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

Password: infected

Headers

DLL Characteristics

File Characteristics

Exports

Exports

Sections

.MPRESS1 Size: 88KB - Virtual size: 88KB

.MPRESS2 Size: 4KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 4KB

.MPRESS1
Size: 468KB - Virtual size: 468KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.MPRESS1
Size: 132KB - Virtual size: 132KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.MPRESS1
Size: 336KB - Virtual size: 336KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB

.MPRESS1
Size: 88KB - Virtual size: 88KB

.MPRESS2
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 4KB