WebBrowserPassView_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

WebBrowserPassView_JC.exe
Size

393KB
MD5

2024ea60da870a221db260482117258b
SHA1

716554dc580a82cc17a1035add302c0766590964
SHA256

53043bd27f47dbbe3e5ac691d8a586ab56a33f734356be9b8e49c7e975241a56
SHA512

ffcd4436b80169ba18db5b7c818c5da71661798963c0a5f5fbac99a6974a7729d38871e52bc36c766824dd54f2c8fa5711415ec45799db65c11293d8b829693b
SSDEEP

6144:QNV8uoDRSdm3v93UFlssFHgkU9KvKUXr/BAO9N/oXrsAteTQokizYu:eSDRSm3vrugB9KvKk9RO8k3u

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
WebBrowserPassView_JC.exe

Files

WebBrowserPassView_JC.exe
.exe windows x86

4075b51e1d1f053632ccd3a22ae13aa9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
wcsrchr
__p__commode
__p__fmode
__set_app_type
_controlfp
_itow
_strlwr
_wcsupr
_wcslwr
strchr
_wcmdln
memmove
malloc
free
_memicmp
modf
_c_exit
wcstoul
_wtoi64
strcmp
_wcsnicmp
??2@YAPAXI@Z
exit
_cexit
_XcptFilter
wcsncmp
_exit
??3@YAXPAX@Z
strcpy
wcslen
wcscmp
abs
log
_purecall
_wtoi
_wcsicmp
wcschr
wcscpy
strlen
wcsncat
_snwprintf
wcscat
memcmp
memcpy
memset
_except_handler3
_onexit
__dllonexit
memchr
_gmtime64
strftime
realloc
strcat
qsort

comctl32

ord17
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateStatusWindowW
CreateToolbarEx

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

GetFullPathNameA
InitializeCriticalSection
GetFullPathNameW
DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
UnlockFileEx
LockFile
UnlockFile
FlushFileBuffers
InterlockedCompareExchange
DeleteCriticalSection
CreateFileA
GetDiskFreeSpaceA
Sleep
GetSystemInfo
GetModuleHandleA
GetStartupInfoW
GetTempPathA
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
SetEndOfFile
LeaveCriticalSection
EnumResourceTypesW
CreateToolhelp32Snapshot
Process32NextW
CreateFileW
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
LocalFree
SystemTimeToFileTime
CopyFileW
GetFileSize
WriteFile
WideCharToMultiByte
CompareFileTime
FreeLibrary
GetLastError
GetProcAddress
LoadLibraryW
FileTimeToSystemTime
GetModuleHandleW
GetTickCount
SetFilePointerEx
MultiByteToWideChar
FindResourceW
LockResource
LoadResource
SystemTimeToTzSpecificLocalTime
lstrlenW
lstrcpyW
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
GetTempPathW
FindNextFileW
SizeofResource
GetDateFormatW
GlobalLock
GetTempFileNameW
FormatMessageW
GetFileTime
FindFirstFileW
GetVersionExW
FindClose
SetFilePointer
GetTimeFormatW
GetFileAttributesW
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
OpenProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
ExitProcess
ReadProcessMemory
GetSystemTimeAsFileTime
Process32FirstW

user32

GetKeyState
DispatchMessageW
TranslateMessage
IsDialogMessageW
DrawTextExW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
GetDesktopWindow
SetWindowPos
DestroyWindow
LoadStringW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
ShowWindow
SetCursor
LoadCursorW
ChildWindowFromPoint
GetSysColorBrush
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindow
InvalidateRect
SetDlgItemInt
SetWindowTextW
UpdateWindow
SetDlgItemTextW
GetClientRect
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadIconW
LoadImageW
GetWindowLongW
SetFocus
GetParent
SetTimer
BeginDeferWindowPos
EndDeferWindowPos
KillTimer
GetMenu
GetDC
GetSubMenu
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CheckMenuRadioItem
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetSysColor
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu

gdi32

GetTextExtentPoint32W
GetDeviceCaps
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetStockObject
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CoCreateGuid

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4075b51e1d1f053632ccd3a22ae13aa9

Headers

File Characteristics

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 308KB - Virtual size: 308KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 101KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 308KB - Virtual size: 308KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 101KB

.rsrc
Size: 34KB - Virtual size: 34KB