0b77d42aef82b2edf1a44876fc1f4916 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

0b77d42aef82b2edf1a44876fc1f4916
Size

646KB
MD5

0b77d42aef82b2edf1a44876fc1f4916
SHA1

a96e22e92f6614857d8398dadad8623122290c5f
SHA256

cf1856555988b1f6d22c099fdfd78f7aee95822e41f48b670d3834bcbaea1d8c
SHA512

6441ba109b22390977971be5563f88d344c2db01c8015e17ebb09654a3735e16bc63034c5286c2b8581b953a4c49194418013a8d0c10b02c6a940903c641ca35
SSDEEP

12288:mo8yZgcXr3wRqzFPknH5ClghmWmAm30KZF4pn:mo8yZgWrgRqzFlAmWmAm3nZF4p

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
0b77d42aef82b2edf1a44876fc1f4916

Files

0b77d42aef82b2edf1a44876fc1f4916
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.enigma1
Size: 100KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.enigma2
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE