mailpv[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

mailpv.exe
Size

354KB
MD5

0ceb38f7c3d464a8268f67559755b216
SHA1

793e43699602c78105abd265fbbb00a4cfe03755
SHA256

bc7bd27e94e24a301edb3d3e7fad982225ac59430fc476bda4e1459faa1c1647
SHA512

8b272403a174972ddd10b0fe83c2d766f8bc292b4f1aa4ce6e5ef50b4bfcc7c6082e7e3af6a2c0a2a14eef43bb6feb398186244c59151bccda6579ee469b91e9
SSDEEP

6144:xImGyIPaWmBzyORQC0w9MuM/SDdpHk0z7fk8D0vyuvgypYK0C0x9e:xImGFPmEORLN+SDHEYfkS0v7vP2K0T9e

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
mailpv.exe

Files

mailpv.exe
.exe windows:5 windows x86

edbebcb3d81b9962644fd5d7ba42a971

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
memmove
wcschr
wcslen
wcsncmp
_strlwr
qsort
strncmp
_gmtime64
_msize
_endthreadex
_beginthreadex
strftime
realloc
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_strnicmp
strtoul
_memicmp
strrchr
strcmp
_mbsnbcat
malloc
free
modf
_itoa
_stricmp
memcmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
_mbscmp
strcat
abs
_purecall
_ultoa
_strcmpi
wcsstr
atoi
strchr
log
strncat
sprintf
_mbsicmp
strcpy
memset
strlen
__p__fmode
__set_app_type
_controlfp
_except_handler3
_adjust_fdiv

comctl32

ord6
ImageList_SetImageCount
ImageList_Create
ImageList_AddMasked
ord17
ImageList_ReplaceIcon
CreateToolbarEx

rpcrt4

UuidFromStringA

kernel32

GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
GetDiskFreeSpaceW
EnterCriticalSection
LockFileEx
GetFileAttributesExW
GetTempPathW
FlushFileBuffers
CreateFileW
GetFileAttributesW
HeapValidate
HeapCreate
LeaveCriticalSection
HeapDestroy
GetVersionExW
FormatMessageW
Sleep
InitializeCriticalSection
GetSystemTimeAsFileTime
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
DeleteCriticalSection
OutputDebugStringA
DeleteFileW
GetSystemTime
AreFileApisANSI
GetStartupInfoA
HeapSize
GetCurrentThreadId
GetProcessHeap
FlushViewOfFile
UnlockFile
ExpandEnvironmentStringsA
WriteFile
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileStringA
GetPrivateProfileSectionA
LocalFree
FreeLibrary
GetProcAddress
LoadLibraryA
GetLastError
SystemTimeToFileTime
GetFileSize
CloseHandle
CreateFileA
SetFilePointer
GlobalLock
FormatMessageA
GetWindowsDirectoryA
GlobalAlloc
GetFileAttributesA
ReadFile
GlobalUnlock
FindFirstFileA
GetTempFileNameA
FindClose
GetModuleFileNameA
FindNextFileA
LoadLibraryExA
GetVersionExA
GetTempPathA
GetComputerNameA
GetPrivateProfileIntA
WritePrivateProfileStringA
EnumResourceNamesA
GetStdHandle
DeleteFileA
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
SetCurrentDirectoryA
GetModuleHandleA
OpenProcess
FindResourceA
LoadResource
EnumResourceTypesA
SizeofResource
LockResource
GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateMutexW
HeapCompact
TryEnterCriticalSection
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
HeapAlloc
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange

user32

GetMessageA
PostQuitMessage
TrackPopupMenu
GetFocus
RegisterWindowMessageA
DrawTextExA
IsDialogMessageA
TranslateMessage
PostMessageA
DispatchMessageA
DestroyWindow
CreateDialogParamA
LoadStringA
LoadMenuA
GetWindowTextA
GetMenuItemInfoA
EnumChildWindows
DestroyMenu
GetDlgCtrlID
LoadCursorA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
GetWindow
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
GetClientRect
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndPaint
RegisterClassA
UpdateWindow
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
MoveWindow
CheckMenuItem
SetClipboardData
EnableWindow
MapWindowPoints
LoadImageA
OpenClipboard
DialogBoxParamA
GetMenuStringA
GetCursorPos
GetSysColor
GetMenuItemCount
EmptyClipboard
EnableMenuItem
ReleaseDC
GetMenu
GetDC
GetParent
GetSubMenu
GetClassNameA
CloseClipboard
ModifyMenuA

gdi32

SelectObject
GetDeviceCaps
CreateFontIndirectA
SetBkMode
DeleteObject
SetBkColor
SetTextColor
GetTextExtentPoint32A

comdlg32

GetOpenFileNameA
FindTextA
GetSaveFileNameA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
GetUserNameA
RegCloseKey

shell32

SHGetPathFromIDListA
SHGetMalloc
SHBrowseForFolderA
ShellExecuteA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize

Sections

.text
Size: 297KB - Virtual size: 296KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

edbebcb3d81b9962644fd5d7ba42a971

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

rpcrt4

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 297KB - Virtual size: 296KB

.rdata Size: 38KB - Virtual size: 37KB

.data Size: 6KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 297KB - Virtual size: 296KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 6KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 11KB