DevManView[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DevManView.exe
Size

162KB
MD5

33d7a84f8ef67fd005f37142232ae97e
SHA1

1f560717d8038221c9b161716affb7cd6b14056e
SHA256

a1be60039f125080560edf1eebee5b6d9e2d6039f5f5ac478e6273e05edadb4b
SHA512

c059db769b9d8a9f1726709c9ad71e565b8081a879b55d0f906d6927409166e1d5716c784146feba41114a2cf44ee90cf2e0891831245752238f20c41590b3f5
SSDEEP

3072:Bsu8tF17cnGf2pjuvfjBnz6qx2KkTTH4VBJoHSPAOkIDd:asGfYKXjBnu7YVnPd

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

DevManView.exe
.exe windows:4 windows x64 arch:x64

5baa6c7b9e24684d9b409007f190954e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:4c:f9:7c:35:e8:db:d4:2f:03:45:f0:7d:12:f3:3b:52:0c:a4:b6:c5:dd:29:14:62:8b:52:29:6c:9e:c6:0a
Signer

Actual PE Digest

7c:4c:f9:7c:35:e8:db:d4:2f:03:45:f0:7d:12:f3:3b:52:0c:a4:b6:c5:dd:29:14:62:8b:52:29:6c:9e:c6:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
__setusermatherr
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_commode
_fmode
__set_app_type
exit
strlen
qsort
_wcslwr
towupper
wcscmp
_ultow
malloc
_memicmp
free
modf
memcmp
wcstoul
_wcsnicmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcschr
wcsrchr
_itow
wcslen
_purecall
_wtoi
_wcsicmp
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ord17

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Process32FirstW
GetCurrentThreadId
WinExec
EnumResourceTypesW
GetStartupInfoW
CreateToolhelp32Snapshot
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
CompareFileTime
GetLastError
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
CloseHandle
OpenProcess
ExpandEnvironmentStringsW
GetDriveTypeW
GetLogicalDrives
GetTickCount
DeviceIoControl
CreateFileW
QueryDosDeviceW
GetFileAttributesW
WriteFile
ReadFile
FindResourceW
LoadResource
GetWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GlobalAlloc
GetSystemDirectoryW
lstrlenW
LocalFree
LockResource
lstrcpyW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetDateFormatW
GetTempFileNameW
GlobalLock
GetFileSize
SizeofResource
FormatMessageW
GetVersionExW
GetModuleHandleW
GetTimeFormatW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
Sleep
SetErrorMode
CreateProcessW
DeleteFileW
ExitProcess
GetCurrentProcessId
GetCurrentProcess
ReadProcessMemory
Process32NextW

user32

ReleaseDC
GetDC
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetWindow
EndPaint
DrawFrameControl
SetWindowTextW
GetWindowPlacement
SetCursor
SetDlgItemInt
SetDlgItemTextW
GetDlgItemTextW
BeginPaint
GetSystemMetrics
GetClientRect
DeferWindowPos
CreateWindowExW
SetWindowPos
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
SetWindowPlacement
SetMenu
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
LoadImageW
DestroyIcon
LoadIconW
SetWindowLongW
GetWindowLongW
SetFocus
KillTimer
SetTimer
EndDeferWindowPos
BeginDeferWindowPos
GetParent
MapWindowPoints
CloseClipboard
GetMenu
EmptyClipboard
EnableMenuItem
MoveWindow
OpenClipboard
GetSubMenu
GetClassNameW
InsertMenuItemW
CheckMenuItem
GetMenuItemCount
GetMenuStringW
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreatePopupMenu
SetMenuItemInfoW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
DispatchMessageW
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
DrawTextExW
InsertMenuW
RemoveMenu
DeleteMenu
GetMonitorInfoW
MonitorFromWindow
GetWindowThreadProcessId
EnumWindows
AttachThreadInput
SetForegroundWindow
UpdateWindow

gdi32

GetDeviceCaps
DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
SelectObject
CreateFontIndirectW
SetTextColor
SetBkMode

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

CloseServiceHandle
ControlService
OpenSCManagerW
StartServiceW
QueryServiceStatus
OpenServiceW
ChangeServiceConfigW
RegSetKeySecurity
RegLoadKeyW
RegCloseKey
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegConnectRegistryW
RegGetKeySecurity
RegUnLoadKeyW

shell32

ExtractIconExW
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5baa6c7b9e24684d9b409007f190954e

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

7c:4c:f9:7c:35:e8:db:d4:2f:03:45:f0:7d:12:f3:3b:52:0c:a4:b6:c5:dd:29:14:62:8b:52:29:6c:9e:c6:0aSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 104KB - Virtual size: 103KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 7KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 19KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

7c:4c:f9:7c:35:e8:db:d4:2f:03:45:f0:7d:12:f3:3b:52:0c:a4:b6:c5:dd:29:14:62:8b:52:29:6c:9e:c6:0a
Signer

.text
Size: 104KB - Virtual size: 103KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 19KB