e29b303847df8947dfc497f14ba1d4c0[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

e29b303847df8947dfc497f14ba1d4c0.bin
Size

95KB
MD5

e29b303847df8947dfc497f14ba1d4c0
SHA1

74953f2e6a360418e2b6ee4dfc2516a8b8c717c2
SHA256

3f8b655190d79c5fba4af0914c434fbe97c3ad88a950bec32eb69606cf224689
SHA512

e927eabf5509652624d21272e39db4912641281d20321a0c528ebb9141a9389d3ec370a2103e6188aa7e7726c30260fa8e9c10e799541b8b7147b6b4b53ebc0f
SSDEEP

1536:8BsOKU0iyOPVZRn6YY5QMQYwqTfUTqX4e+UrVoXwWPWUlxNiA2bwxD7WevyUN2Ws:csOKUYOPVZR4fQYHMThe3SxNwkxD7We6

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

e29b303847df8947dfc497f14ba1d4c0.bin
.exe windows:4 windows x64 arch:x64

625d13b37d8a758778e822a11c8727db

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d8:ac:d3:e7:fa:84:a0:6c:bb:06:53:49:05:1f:87:97:20:52:23:a6:66:42:ba:22:c6:06:1a:31:95:9b:a7:7a
Signer

Actual PE Digest

d8:ac:d3:e7:fa:84:a0:6c:bb:06:53:49:05:1f:87:97:20:52:23:a6:66:42:ba:22:c6:06:1a:31:95:9b:a7:7a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
__setusermatherr
__dllonexit
_strlwr
_mbsicmp
_purecall
qsort
malloc
strtoul
free
_snprintf
modf
_commode
_fmode
__set_app_type
_onexit
memcmp
_strcmpi
_memicmp
strrchr
strcmp
strchr
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memset
strlen
memcpy
_itoa
atoi
_stricmp
strcpy
strcat
strncat
sprintf

comctl32

ImageList_Create
ImageList_SetImageCount
ord6
CreateToolbarEx
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

ExitProcess
GetCurrentProcessId
DeleteFileA
EnumResourceNamesA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTimeFormatA
GetFileTime
MultiByteToWideChar
GetCurrentProcess
ReadProcessMemory
OpenProcess
GetStartupInfoA
GetFileAttributesA
GetFileSize
GetModuleHandleA
FreeLibrary
FileTimeToLocalFileTime
CompareFileTime
LoadLibraryExA
ExpandEnvironmentStringsA
FileTimeToSystemTime
GetProcAddress
LoadLibraryA
CreateFileA
CloseHandle
GlobalLock
GlobalUnlock
GlobalAlloc
lstrlenA
GetVersionExA
GetLastError
FormatMessageA
GetTempPathA
GetModuleFileNameA
GetWindowsDirectoryA
LocalFree
GetDateFormatA
ReadFile
lstrcpyA
WriteFile
GetSystemDirectoryA
GetTempFileNameA

user32

MessageBeep
EndDeferWindowPos
GetFocus
BeginDeferWindowPos
GetMessageA
RegisterWindowMessageA
SetTimer
PostQuitMessage
TrackPopupMenu
IsDialogMessageA
TranslateMessage
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
LoadCursorA
SetDlgItemTextA
DispatchMessageA
SetWindowTextA
SendDlgItemMessageA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
RegisterClassA
UpdateWindow
GetSystemMetrics
GetWindowRect
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
LoadImageA
LoadStringA
LoadIconA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
GetMenuItemCount
GetSubMenu
GetClassNameA
GetMenuStringA
CloseClipboard
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetClientRect
GetSysColor
MoveWindow
GetMenu
OpenClipboard
CheckMenuItem
EmptyClipboard
EnableMenuItem
ReleaseDC
GetDC
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
GetParent
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
DestroyWindow
GetKeyState
KillTimer
DeferWindowPos

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegDeleteKeyA

shell32

ShellExecuteExA
ShellExecuteA

ole32

OleInitialize
OleUninitialize
DoDragDrop

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

625d13b37d8a758778e822a11c8727db

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

d8:ac:d3:e7:fa:84:a0:6c:bb:06:53:49:05:1f:87:97:20:52:23:a6:66:42:ba:22:c6:06:1a:31:95:9b:a7:7aSigner

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 57KB - Virtual size: 57KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 1024B - Virtual size: 5KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 11KB - Virtual size: 11KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d8:ac:d3:e7:fa:84:a0:6c:bb:06:53:49:05:1f:87:97:20:52:23:a6:66:42:ba:22:c6:06:1a:31:95:9b:a7:7a
Signer

.text
Size: 57KB - Virtual size: 57KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 1024B - Virtual size: 5KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 11KB - Virtual size: 11KB