sys[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

sys.exe
Size

111KB
MD5

d1893679cc3b56d6e2e8bbdef957bec2
SHA1

928c6022f3166fc73ce3baa1f668aef429d70706
SHA256

66226af4c1dbf01c3835efb83e18460598bbaeca062b1c96248ba6445794f9f7
SHA512

fe854c2dbbc2ccd34afa3a5622df69781b84746096f8b239ed133883d880e6d4ccd320b8f8545ec197c2475e07754c6b8115fe8ca1c9b9c53361bf23a3bd4075
SSDEEP

3072:UcC4Dov7AK/M3y8gIAlU8TLiEkY0iDY7JXzL:UbJ7p0PAlU8vi/iGL

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
sys.exe

Files

sys.exe
.exe windows:4 windows x86

8efa91d7eb572938ec47c1aefa0e4b40

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
__p__fmode
__set_app_type
_controlfp
_except_handler3
qsort
_purecall
_wcslwr
_itow
wcsrchr
malloc
wcschr
free
modf
_wtoi
_memicmp
wcstoul
??3@YAXPAX@Z
??2@YAPAXI@Z
_wcsicmp
_ultow
_wcsnicmp
_snwprintf
wcsncat
memset
memcpy

comctl32

ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx
ImageList_ReplaceIcon
ImageList_Create

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Process32FirstW
CreateRemoteThread
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GetModuleFileNameW
CreateToolhelp32Snapshot
Process32NextW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
FreeLibrary
GetProcAddress
GetLastError
LocalAlloc
CloseHandle
LocalFree
GetFileSize
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
WriteFile
CreateFileW
FindResourceW
MultiByteToWideChar
LoadResource
lstrlenW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
LoadLibraryExW
GetTempPathW
WideCharToMultiByte
FindNextFileW
GetLocaleInfoW
GetCurrentProcess
SizeofResource
GlobalLock
FindClose
GetDateFormatW
GetTempFileNameW
FormatMessageW
GetWindowsDirectoryW
GetVersionExW
FileTimeToLocalFileTime
FindFirstFileW
GetTimeFormatW
GetFileAttributesW
GetNumberFormatW
lstrcpyW
LockResource
ReadFile
OpenProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
GetTickCount
WriteProcessMemory
ResumeThread
WaitForSingleObject
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
SetErrorMode
DeleteFileW
GetCurrentProcessId
ExitProcess

user32

GetDC
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
EndDialog
GetWindow
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
DrawFrameControl
InvalidateRect
SetWindowTextW
UpdateWindow
SendMessageW
EndPaint
SetDlgItemTextW
GetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
BeginPaint
DeferWindowPos
GetClientRect
CreateWindowExW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
LoadAcceleratorsW
PostMessageW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
EnableWindow
MapWindowPoints
GetSubMenu
GetMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
ScreenToClient
MoveWindow
GetMenuStringW
CloseClipboard
CheckMenuItem
GetMenuItemCount
GetParent
CheckMenuRadioItem
GetCursorPos
SetClipboardData
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
GetFocus
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW
CallWindowProcW
FillRect
ReleaseCapture
SetCapture
SendDlgItemMessageW

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
CreateSolidBrush
PatBlt
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
GetPixel
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

advapi32

ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
DuplicateTokenEx

shell32

SHGetFileInfoW
SHGetPathFromIDListW
ShellExecuteExW
ShellExecuteW

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8efa91d7eb572938ec47c1aefa0e4b40

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 23KB - Virtual size: 23KB