380bed02f22d3948fe049756f9bb20ac

Sharing

Copy URL

Twitter E-mail

General

Target

380bed02f22d3948fe049756f9bb20ac
Size

143KB
MD5

380bed02f22d3948fe049756f9bb20ac
SHA1

d2875ea81a5ac252a3913bc9cf0719bfae018ca4
SHA256

43d872c95010e5fba25d5b4ad59419933cb3f64f9f2c39efe781c026852af5b1
SHA512

881adff00a3a1f2d5950dc63ea33c489b32dc4cf6a21ff5acdacf10483cd6e2226222600fc846ffae2303c94ff5d65d698e43f64434d6ccda435849797f4a6f8
SSDEEP

3072:7RB6p4e1iR9OfnK8uTaDFpBeo7OvjB9Jeu7pjo18pxpTf1rCU74k:7RQp4ew2K8uTQFpvOvDl7pjhxh19X

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
static1/unpack001/ChromePass.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ChromePass.exe

Files

380bed02f22d3948fe049756f9bb20ac
.zip
ChromePass.chm
.chm
ChromePass.exe
.exe windows:4 windows x86 arch:x86

d8199d1ceb9095a2f8fb9efefd4d6df1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

atoi
_ftol
toupper
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
isxdigit
_gmtime64
strftime
realloc
_purecall
_wcslwr
_itow
free
modf
wcstoul
_memicmp
tolower
isdigit
isspace
strcmp
isalnum
wcsrchr
malloc
wcschr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
_wcsicmp
wcscmp
wcslen
log
strlen
abs
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

kernel32

LockFileEx
GetTickCount
LockFile
UnlockFile
DeleteFileA
AreFileApisANSI
QueryPerformanceCounter
GetSystemTime
FlushFileBuffers
GetTempPathA
InterlockedIncrement
SetEndOfFile
GetFileAttributesA
LeaveCriticalSection
GetCurrentThreadId
DeleteCriticalSection
CreateFileA
Sleep
GetSystemTimeAsFileTime
InitializeCriticalSection
GetFullPathNameW
GetFullPathNameA
GetModuleHandleA
GetStartupInfoW
EnterCriticalSection
CloseHandle
FileTimeToLocalFileTime
DeleteFileW
LocalFree
SystemTimeToFileTime
CopyFileW
CreateFileW
CompareFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
LocalAlloc
GetFileSize
FileTimeToSystemTime
GlobalLock
GetVersionExW
GetWindowsDirectoryW
GetDateFormatW
GetTimeFormatW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
LockResource
FindFirstFileW
ReadFile
SetFilePointer
GetModuleFileNameW
MultiByteToWideChar
GlobalAlloc
GlobalUnlock
FindResourceW
GetTempPathW
LoadResource
LoadLibraryExW
FindNextFileW
SizeofResource
FormatMessageW
FindClose
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
SetErrorMode
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
OpenProcess
EnumResourceTypesW

user32

TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
BeginDeferWindowPos
TrackPopupMenu
RegisterWindowMessageW
EndDeferWindowPos
DispatchMessageW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
SetFocus
CloseClipboard
MoveWindow
GetMenuItemCount
CheckMenuItem
GetCursorPos
GetSysColor
GetSubMenu
GetMenu
SetClipboardData
EnableWindow
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetParent
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
DrawTextExW

gdi32

SetBkColor
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject
GetTextExtentPoint32W
GetStockObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptCreateHash
CryptReleaseContext
CryptDeriveKey
CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptDecrypt

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ChromePass_lng.ini
SOFT-WARE.NET Download.url
.url
readme.txt

Sharing

General

Malware Config

Signatures

Files

d8199d1ceb9095a2f8fb9efefd4d6df1

Headers

File Characteristics

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 28KB - Virtual size: 28KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 11KB - Virtual size: 11KB