mailpv[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mailpv.exe
Size

499KB
MD5

fc3b93e042de5fa569a8379d46bce506
SHA1

1ba499bafaa369be58e795a150403c8729ef5d95
SHA256

5be325905df8aab7089ab2348d89343f55a2f88dadd75de8f382e8fa026451bd
SHA512

1b802f8cddb1fcab643a2ec00ac139e7e419fc4f7fec5697c8b9f805c1a93ffbdc841438cfdd93c5018ce037fcc61844e392fb421423e88ec7d8dacecb0af08e
SSDEEP

12288:hKEbpRc5EKKppUIkZLCchAaVSO6H0Miqpm/m4CynFOHmt9e:h3dRc94puFmaQH0Miqom41nFOHmq

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mailpv.exe

Files

mailpv.exe
.exe windows x86

4bb731cbb501f2408ea945577453f943

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_endthreadex
_beginthreadex
strftime
realloc
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_msize
_gmtime64
strncmp
_strlwr
wcsncmp
wcschr
memmove
_strnicmp
strtoul
_memicmp
strrchr
_mbsnbcat
malloc
free
modf
_itoa
_stricmp
??2@YAPAXI@Z
??3@YAXPAX@Z
_mbscmp
_purecall
_ultoa
_strcmpi
wcsstr
atoi
strchr
strncat
sprintf
__p__fmode
__set_app_type
_mbsicmp
_controlfp
_except_handler3
_adjust_fdiv
memcpy
memset
_CIlog

comctl32

ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateToolbarEx

rpcrt4

UuidFromStringA

kernel32

GetSystemInfo
GetDiskFreeSpaceA
GetFileAttributesExW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
CreateFileW
GetFileAttributesW
HeapValidate
HeapCreate
HeapDestroy
GetVersionExW
DeleteCriticalSection
GetCurrentThreadId
OutputDebugStringA
DeleteFileW
GetSystemTime
AreFileApisANSI
CreateFileMappingW
GetStartupInfoA
LeaveCriticalSection
FormatMessageW
Sleep
ExpandEnvironmentStringsA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileSectionA
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
SystemTimeToFileTime
GetFileSize
CloseHandle
CreateFileA
SetFilePointer
GlobalLock
FormatMessageA
GetWindowsDirectoryA
GlobalAlloc
GetFileAttributesA
ReadFile
GlobalUnlock
FindFirstFileA
GetTempFileNameA
FindClose
GetModuleFileNameA
FindNextFileA
LoadLibraryExA
GetVersionExA
GetTempPathA
GetComputerNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle
DeleteFileA
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
SetCurrentDirectoryA
GetModuleHandleA
OpenProcess
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
FlushViewOfFile
LockFile
WaitForSingleObjectEx
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
InitializeCriticalSection

user32

GetMenu
GetMessageA
PostQuitMessage
TrackPopupMenu
GetFocus
RegisterWindowMessageA
DrawTextExA
IsDialogMessageA
TranslateMessage
PostMessageA
DispatchMessageA
LoadCursorA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndPaint
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
MoveWindow
CheckMenuItem
SetClipboardData
EnableWindow
MapWindowPoints
LoadImageA
OpenClipboard
GetMenuItemCount
GetMenuStringA
GetCursorPos
GetSysColor
EnableMenuItem
ReleaseDC
EmptyClipboard
GetDC
GetParent
GetSubMenu
GetClassNameA
CloseClipboard
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
EnumChildWindows
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
LoadStringA
CreateDialogParamA
DestroyWindow

gdi32

SelectObject
SetTextColor
GetDeviceCaps
SetBkMode
DeleteObject
SetBkColor
CreateFontIndirectA
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA
FindTextA
GetSaveFileNameA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoTaskMemFree

Sections

.text
Size: 441KB - Virtual size: 441KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4bb731cbb501f2408ea945577453f943

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 441KB - Virtual size: 441KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 441KB - Virtual size: 441KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 11KB