69cf6a533a140f868971ca2fd546e418

Sharing

Copy URL Twitter E-mail

General

Target

69cf6a533a140f868971ca2fd546e418
Size

80KB
MD5

69cf6a533a140f868971ca2fd546e418
SHA1

9aa17e93922db9add7a8137621f6f5e5d5ec5498
SHA256

2470a3ec6461436ee507ca0000c1d90445a490ceca8477dfc4dc864110077a8c
SHA512

b2f21ae8fdafb49488fdd52dcfe5faf50864f79d2486a6ff285e3794ac4d78800dac5215aca6c0e166d1b7d2c894ab0d452af719b3b07af8468c10de7d99847f
SSDEEP

1536:ky7zMYyWo8oC8USieDZugfgFEOMC6MWkVX72SNFOSlh:ky7zNyWoTC8zieDZHMfM9MWkViSNFOS

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

69cf6a533a140f868971ca2fd546e418
.exe windows:4 windows x86 arch:x86

e285c17155dc1ed2b242f058b28eb047

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1b:a3:24:87:92:72:ec:bb:12:90:29:43:ae:5b:e8:03:cc:de:0d:7e
Signer

Actual PE Digest

1b:a3:24:87:92:72:ec:bb:12:90:29:43:ae:5b:e8:03:cc:de:0d:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
malloc
wcscmp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_onexit
wcschr
free
modf
_wtoi
_memicmp
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

GetPrivateProfileStringW
GetModuleHandleA
EnumResourceTypesW
OpenProcess
GetStdHandle
GetTickCount
DeleteFileW
SetErrorMode
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
GetStartupInfoW
GetLongPathNameW
GetLogicalDrives
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetDriveTypeW
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
LoadResource
lstrlenW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
QueryDosDeviceW

user32

GetMenuItemInfoW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
SetCursor
GetKeyState
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
GetMenuStringW
CheckMenuItem
GetMenuItemCount
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
ModifyMenuW
LoadCursorW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
IsDialogMessageW
TranslateMessage
DrawTextExW
DispatchMessageW
EndDeferWindowPos

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW

shell32

ShellExecuteW
SHGetFileInfoW

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e285c17155dc1ed2b242f058b28eb047

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

1b:a3:24:87:92:72:ec:bb:12:90:29:43:ae:5b:e8:03:cc:de:0d:7eSigner

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 41KB - Virtual size: 41KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 19KB - Virtual size: 18KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

1b:a3:24:87:92:72:ec:bb:12:90:29:43:ae:5b:e8:03:cc:de:0d:7e
Signer

.text
Size: 41KB - Virtual size: 41KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 19KB - Virtual size: 18KB