Overview

overview

10

Static

static

10

nircmd.zip

windows7-x64

1

nircmd.zip

windows10-2004-x64

1

NirCmd.chm

windows7-x64

1

NirCmd.chm

windows10-2004-x64

1

nircmd.exe

windows7-x64

9

nircmd.exe

windows10-2004-x64

9

out.exe

windows7-x64

out.exe

windows10-2004-x64

nircmdc.exe

windows7-x64

9

nircmdc.exe

windows10-2004-x64

9

out.exe

windows7-x64

out.exe

windows10-2004-x64

Sharing

Copy URL
Twitter E-mail

General

  • Target

    nircmd.zip

  • Size

    120KB

  • MD5

    f5cf4d2f919e961a8d06b882bd500e3d

  • SHA1

    8e9b44225ec92b5baa546c6f63e6e5646afea723

  • SHA256

    5071b54669bb1e88422c6c340204b0b3a0ffd07e2ac1d747ccbd1447abc92948

  • SHA512

    10ec088fd7a7681e12a5f5f16c857fd9d3c3f18fb9c8463c0433edb4410f0a9ac31ab978b9796badd79c835fce67c81c539fa9a37d0a046a90ee9f229c201e51

  • SSDEEP

    3072:P2Ex/3ZNNSFCTwEYBE0M5lgN+bZTJfczgALvg4xqOLbvPU:OEx/3LPTwE8EL4WZ1f2rbdqqbvPU

Score
10/10
upx

Malware Config

Signatures

  • Nirsoft 2 IoCs
  • UPX packed file 2 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Unsigned PE 4 IoCs

    Checks for missing Authenticode signature.

Files

  • nircmd.zip
    .zip
  • NirCmd.chm
    .chm
  • nircmd.exe
    .exe windows:4 windows x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86


    Headers

    Sections

  • nircmdc.exe
    .exe windows:4 windows x86


    Headers

    Sections

  • out.upx
    .exe windows:4 windows x86


    Headers

    Sections