7766f501d84871334b9d365f9dbec36d

General

Target

7766f501d84871334b9d365f9dbec36d
Size

187KB
MD5

7766f501d84871334b9d365f9dbec36d
SHA1

5457cadf4a88ef4f5f087cb034b4b84bdedf7a84
SHA256

cb8e8299a28c10372823cd6dd8adab49321f0754f70ea75be0315c8129e55218
SHA512

a6e6fca2fb1754c3d1b58544b76cdcccb8f356802502a281fefe515df85e323ca9d4f26fcec9f3ce6109abaf4beeaf463bfb31326a9da285499b085a83a8bf33
SSDEEP

3072:FfkKlQfMT3fw/hvgEVQjjg7dnBzRchTUC6nvHrWzZ/kvKp9d2KUnk:FsBMfnjSRHnazZ396k

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7766f501d84871334b9d365f9dbec36d

Files

7766f501d84871334b9d365f9dbec36d
.exe windows:4 windows x86 arch:x86

12bcb85277512903b62fdea4caff0842

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

msvcr71

strncpy
sprintf

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
GetACP
RtlUnwind
TerminateProcess
GetModuleHandleA
GetOEMCP
InterlockedExchange
VirtualAllocEx
HeapReAlloc
VirtualFree
ExitProcess
GetStringTypeW
GetStringTypeA
VirtualQuery
GetSystemInfo
VirtualAlloc
Sleep
GlobalFree
CloseHandle
WriteFile
CreateFileW
LockResource
GlobalAlloc
LoadResource
SizeofResource
FindResourceA
DeleteFileA
ReadFile
CreateFileA
DeleteFileW
WinExec
GetModuleFileNameA
GetProcAddress
LoadLibraryA
VirtualProtect
WriteProcessMemory
OpenProcess
CreateRemoteThread
CreateToolhelp32Snapshot
Process32Next
Process32First
GetTickCount
HeapFree
HeapAlloc
GetCurrentProcessId
GetLastError
GetCurrentProcess
GetCurrentThreadId
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
GetLocaleInfoA
GetCPInfo

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12bcb85277512903b62fdea4caff0842

Headers

File Characteristics

Imports

advapi32

msvcr71

kernel32

Sections

.text Size: 12KB - Virtual size: 12KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 3KB - Virtual size: 3KB

.rsrc Size: 167KB - Virtual size: 166KB

.text
Size: 12KB - Virtual size: 12KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 167KB - Virtual size: 166KB