44259368654a2df344d159c906741cef

Sharing

Copy URL Twitter E-mail

General

Target

44259368654a2df344d159c906741cef
Size

330KB
MD5

44259368654a2df344d159c906741cef
SHA1

f9f2f09ab0125bd836d939b32e94f22c449684b7
SHA256

10d9027ff778b7f2878083fb64bb82e8e51b81f952c8b7ee43947cc80aa467a6
SHA512

ed2835ed123ba2ceffdcbc0d08e4eaec1ccf433de6fe8c685a933440df8905fd091e8daa37f1f237cb993c0e2a15153a25c7f65789d995637722ceadd69141e3
SSDEEP

6144:Co1DTdeJG+gP9eEfDEGmY8FfKVXMxK1lAtckihz:C2deJk0Ewu8Ffxcdk8

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Files

44259368654a2df344d159c906741cef
.exe windows:4 windows x86 arch:x86

5b16edfb16bb27ca837a661ae59715bc

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a1:a3:e7:28:0e:0a:2d:f1:2f:84:30:96:49:82:05:19
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

17/09/2012, 00:00

Not After

17/09/2014, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b3:c4:32:f4:e4:65:d7:00:29:8b:07:11:e6:40:25:f6:dd:73:06:3f
Signer

Actual PE Digest

b3:c4:32:f4:e4:65:d7:00:29:8b:07:11:e6:40:25:f6:dd:73:06:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

exit
_wcmdln
__wgetmainargs
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
_gmtime64
strftime
qsort
_itow
_wcslwr
strchr
_cexit
_wcsupr
wcsncmp
malloc
free
modf
_memicmp
wcstoul
__dllonexit
strcpy
wcsrchr
_XcptFilter
_exit
_c_exit
_strlwr
_onexit
_wcsnicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
abs
_purecall
wcslen
log
wcscmp
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
strlen
_snwprintf
wcscat
__set_app_type
_controlfp
_except_handler3
memchr
realloc
strcmp
__p__fmode
__p__commode

comctl32

ord17
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_ReplaceIcon
CreateToolbarEx
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
LeaveCriticalSection
SetEndOfFile
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
Sleep
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileA
UnlockFile
FlushFileBuffers
LockFile
GetTickCount
GetModuleHandleA
GetStartupInfoW
GetFileAttributesA
InitializeCriticalSection
GetFullPathNameA
DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
GetFullPathNameW
CloseHandle
LocalFree
GetFileSize
SystemTimeToFileTime
CopyFileW
CreateFileW
FileTimeToLocalFileTime
DeleteFileW
WideCharToMultiByte
WriteFile
FreeLibrary
LoadLibraryW
GetProcAddress
GetLastError
ExpandEnvironmentStringsW
CompareFileTime
GetCurrentDirectoryW
MultiByteToWideChar
lstrlenW
GlobalAlloc
FindResourceW
GlobalUnlock
LoadResource
GetTempPathW
LoadLibraryExW
FindNextFileW
SizeofResource
GetFileTime
GlobalLock
FormatMessageW
FindClose
GetVersionExW
GetWindowsDirectoryW
GetTempFileNameW
GetFileAttributesW
GetModuleHandleW
FindFirstFileW
ReadFile
SetFilePointer
GetModuleFileNameW
LockResource
lstrcpyW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
GetCurrentProcessId
ExitProcess
GetCurrentProcess
ReadProcessMemory
SetCurrentDirectoryW
OpenProcess
EnumResourceTypesW
UnlockFileEx
GetSystemTimeAsFileTime
GetTempPathA
FormatMessageA
LockFileEx
GetSystemTime
EnterCriticalSection

user32

SetWindowPos
TranslateMessage
IsDialogMessageW
DrawTextExW
GetMessageW
PostQuitMessage
DispatchMessageW
EndDeferWindowPos
TrackPopupMenu
LoadCursorW
ChildWindowFromPoint
ShowWindow
SetCursor
GetSysColorBrush
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
InvalidateRect
SetDlgItemInt
SetWindowTextW
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DefWindowProcW
TranslateAcceleratorW
SendMessageW
SetWindowPlacement
RegisterClassW
MessageBoxW
SetMenu
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
EnableWindow
GetSubMenu
MapWindowPoints
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuItem
GetParent
GetCursorPos
RegisterWindowMessageW
GetMenu
SetClipboardData
EnumChildWindows
LoadStringW
GetSysColor
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DialogBoxParamW
DestroyMenu
CreateDialogParamW
DestroyWindow
BeginDeferWindowPos

gdi32

GetStockObject
GetDeviceCaps
SelectObject
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
SetBkColor
GetTextExtentPoint32W

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b16edfb16bb27ca837a661ae59715bc

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

a1:a3:e7:28:0e:0a:2d:f1:2f:84:30:96:49:82:05:19Certificate

Extended Key Usages

Key Usages

b3:c4:32:f4:e4:65:d7:00:29:8b:07:11:e6:40:25:f6:dd:73:06:3fSigner

Headers

File Characteristics

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 253KB - Virtual size: 252KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 11KB

.rsrc Size: 21KB - Virtual size: 20KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

a1:a3:e7:28:0e:0a:2d:f1:2f:84:30:96:49:82:05:19
Certificate

b3:c4:32:f4:e4:65:d7:00:29:8b:07:11:e6:40:25:f6:dd:73:06:3f
Signer

.text
Size: 253KB - Virtual size: 252KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 21KB - Virtual size: 20KB