58bb56c8474babf2f64d50fb8c5cfb3b | Triage

Sharing

Copy URL Twitter E-mail

General

Target

58bb56c8474babf2f64d50fb8c5cfb3b
Size

75KB
MD5

58bb56c8474babf2f64d50fb8c5cfb3b
SHA1

802159c8e26dc64192b1064ba80b4173c5ecd8cb
SHA256

0d79ff3b37ad2c6f24e065ce579c2dd2f81df599c72437d66f2d4edade3fa45f
SHA512

5c1e559c464b8ac5732f2d0792c3dc52f90c33243ab81b493c68fb1d3bc902bee26fb75459a84ad174e9d91b82a5f25de21e8b735f6950e0f67b741e507223c8
SSDEEP

1536:+3GmC+nXIn+2dGWqW8c/PMwrY1oqaQLn:xmJ6dGj0BY1oqJ

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58bb56c8474babf2f64d50fb8c5cfb3b

Files

58bb56c8474babf2f64d50fb8c5cfb3b
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ