763b789115183361ec77f88e75d4586f

Sharing

Copy URL Twitter E-mail

General

Target

763b789115183361ec77f88e75d4586f
Size

1.1MB
MD5

763b789115183361ec77f88e75d4586f
SHA1

69e2bad630243dfc47317d6af4a872faeb6ebe1b
SHA256

69be1852895f5397617d57c01eb8c1fb22d059933cc2e6fb632e211e52dd8535
SHA512

5ce4fe37f1fb4998888f8450a46c34055fc96b95d82fae5e3e0118f9e7a4a2b42aa683efc4d23f644fd18b7e444f799c38ed37eaab964c6dc3d23c914b382f7a
SSDEEP

24576:ttph7KFxrhvAyfXsa16+hq2EH7Se+at/v2sn/oEY:t/VKnhAmXDE+hniSJ0v2sDY

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
static1/unpack001/winpirate-master/Tools/Browsinghistoryview/BrowsingHistoryView.exe	Nirsoft
static1/unpack001/winpirate-master/Tools/Browsinghistoryview/BrowsingHistoryView64.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/winpirate-master/Tools/winaudit/WinAudit.exe

Files

763b789115183361ec77f88e75d4586f
.zip
winpirate-master/README.md
winpirate-master/Run.bat
winpirate-master/Stickykeys.sh
.sh linux
winpirate-master/Tools/Browsinghistoryview/BrowsingHistoryView.chm
.chm
winpirate-master/Tools/Browsinghistoryview/BrowsingHistoryView.exe
.exe windows:4 windows x86 arch:x86

bac8bc4a982e15a5481fae4d2ae9ee57

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

aa:92:09:b9:f3:e6:9a:0d:a3:1e:57:6d:2c:de:5c:90:c7:45:a5:a3:1e:c5:dc:1d:74:e1:43:a0:2a:ae:b9:13
Signer

Actual PE Digest

aa:92:09:b9:f3:e6:9a:0d:a3:1e:57:6d:2c:de:5c:90:c7:45:a5:a3:1e:c5:dc:1d:74:e1:43:a0:2a:ae:b9:13

Digest Algorithm

sha256

PE Digest Matches

true

7e:84:cd:5f:94:ec:a0:27:de:ec:2c:ee:0f:06:88:14:39:68:ff:24
Signer

Actual PE Digest

7e:84:cd:5f:94:ec:a0:27:de:ec:2c:ee:0f:06:88:14:39:68:ff:24

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__wgetmainargs
_initterm
wcscat
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strlen
qsort
_itow
strchr
_wcsnicmp
_wcmdln
malloc
free
wcscmp
modf
_c_exit
memcmp
wcstoul
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
_ultow
_purecall
wcslen
exit
_cexit
_XcptFilter
_exit
_wcsupr
abs
_wcsicmp
wcschr
memcpy
_wtoi
wcscpy
memset
_snwprintf
wcsncat
_except_handler3
_onexit
__dllonexit
strftime
strcmp
realloc
_gmtime64
_memicmp
_wcslwr

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache

kernel32

GetFullPathNameW
AreFileApisANSI
EnterCriticalSection
GetSystemTime
LockFileEx
FormatMessageA
GetTempPathA
LockFile
FlushFileBuffers
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
GetDiskFreeSpaceW
DeleteFileA
InitializeCriticalSection
GetFullPathNameA
CreateFileA
GetModuleHandleA
GetStartupInfoW
UnlockFileEx
SetEndOfFile
LeaveCriticalSection
GetSystemInfo
Sleep
GetDiskFreeSpaceA
EnumResourceTypesW
Process32FirstW
SystemTimeToFileTime
FileTimeToSystemTime
CloseHandle
GetFileSize
GetSystemTimeAsFileTime
CompareFileTime
CopyFileW
CreateFileW
DeleteFileW
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SetFilePointerEx
GetLastError
FindFirstFileW
GetTimeFormatW
GetWindowsDirectoryW
GetFileAttributesW
FileTimeToLocalFileTime
SetFilePointer
ReadFile
GetModuleFileNameW
LocalFree
WriteFile
LockResource
MultiByteToWideChar
lstrcpyW
lstrlenW
FindResourceW
LocalFileTimeToFileTime
LoadResource
GlobalAlloc
GlobalUnlock
LoadLibraryExW
GetTempPathW
WideCharToMultiByte
FindNextFileW
SizeofResource
FormatMessageW
GlobalLock
FindClose
GetVersionExW
GetDateFormatW
GetTempFileNameW
DosDateTimeToFileTime
CreateFileMappingW
OpenProcess
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetTickCount
GetStdHandle
ExpandEnvironmentStringsW
SetErrorMode
ReadProcessMemory
ExitProcess
Process32NextW
CreateToolhelp32Snapshot

user32

GetMonitorInfoW
MonitorFromWindow
PeekMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
TrackPopupMenu
DispatchMessageW
RegisterWindowMessageW
DrawTextExW
LoadMenuW
GetWindowTextW
GetDesktopWindow
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetWindowPlacement
GetDlgItemInt
DeferWindowPos
SetDlgItemInt
CreateWindowExW
BeginPaint
GetWindow
EndPaint
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetSystemMetrics
GetWindowRect
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetMenuItemCount
CloseClipboard
CheckMenuItem
CheckMenuRadioItem
GetParent
GetCursorPos
SetClipboardData
EnableWindow
GetMenu
MapWindowPoints
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW

gdi32

GetStockObject
GetDeviceCaps
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetTextExtentPoint32W
SetBkColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winpirate-master/Tools/Browsinghistoryview/BrowsingHistoryView64.exe
.exe windows:4 windows x64 arch:x64

8749b9b81f85d79c11a3ee638c91bb9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:76:9c:de:43:8e:04:df:31:a7:d2:8b:0e:81:fa:27:6b:bb:ca:c8:b2:e0:68:41:a0:89:4c:4e:ea:a7:9a:cf
Signer

Actual PE Digest

53:76:9c:de:43:8e:04:df:31:a7:d2:8b:0e:81:fa:27:6b:bb:ca:c8:b2:e0:68:41:a0:89:4c:4e:ea:a7:9a:cf

Digest Algorithm

sha256

PE Digest Matches

true

cc:fd:3c:df:3b:46:e1:52:a7:7f:7f:24:e1:65:77:06:91:83:2d:89
Signer

Actual PE Digest

cc:fd:3c:df:3b:46:e1:52:a7:7f:7f:24:e1:65:77:06:91:83:2d:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_commode
_fmode
__set_app_type
strlen
qsort
_itow
strchr
_wcsnicmp
wcscat
free
modf
memcmp
wcstoul
wcsrchr
__C_specific_handler
wcscmp
malloc
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_purecall
wcslen
_ultow
_cexit
_exit
_c_exit
_memicmp
_XcptFilter
abs
_wcsupr
_wtoi
_wcsicmp
wcschr
memcpy
wcscpy
memset
_snwprintf
wcsncat
_onexit
__dllonexit
strftime
strcmp
realloc
_gmtime64
_wcslwr

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ImageList_ReplaceIcon

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

FindNextUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW

kernel32

UnlockFileEx
DeleteCriticalSection
FlushFileBuffers
GetFileAttributesExW
UnlockFile
QueryPerformanceCounter
GetSystemInfo
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
GetDiskFreeSpaceA
Sleep
DeleteFileA
FormatMessageA
LockFileEx
GetFullPathNameW
InitializeCriticalSection
EnterCriticalSection
GetFullPathNameA
GetStartupInfoW
LockFile
CreateFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetDiskFreeSpaceW
EnumResourceTypesW
Process32FirstW
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
CloseHandle
GetSystemTimeAsFileTime
CompareFileTime
DeleteFileW
CopyFileW
CreateFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
SetFilePointerEx
GetLastError
GetDateFormatW
SizeofResource
GlobalLock
GetTempFileNameW
FormatMessageW
GetVersionExW
FindNextFileW
FindFirstFileW
GetTimeFormatW
FindClose
SetFilePointer
GetFileAttributesW
WriteFile
ReadFile
GetModuleFileNameW
GetWindowsDirectoryW
FileTimeToLocalFileTime
FindResourceW
LoadResource
GlobalAlloc
MultiByteToWideChar
LocalFree
lstrlenW
LoadLibraryExW
lstrcpyW
LockResource
WideCharToMultiByte
LocalFileTimeToFileTime
GlobalUnlock
GetTempPathW
DosDateTimeToFileTime
CreateFileMappingW
OpenProcess
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetCurrentProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
GetTickCount
SetErrorMode
ExpandEnvironmentStringsW
ExitProcess
ReadProcessMemory
Process32NextW
CreateToolhelp32Snapshot

user32

GetMonitorInfoW
MonitorFromWindow
PeekMessageW
TrackPopupMenu
DispatchMessageW
RegisterWindowMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
GetMessageW
PostQuitMessage
LoadMenuW
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetWindowRect
DeferWindowPos
SetDlgItemInt
GetDlgItemInt
CreateWindowExW
BeginPaint
GetWindow
GetClientRect
EndPaint
SendDlgItemMessageW
DrawFrameControl
EndDialog
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadImageW
LoadIconW
GetWindowLongW
GetSysColor
SetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetMenuItemCount
CheckMenuItem
CheckMenuRadioItem
GetMenuStringW
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
GetParent
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetSubMenu
GetClassNameW
OpenClipboard
MoveWindow
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW

gdi32

SetBkColor
GetDeviceCaps
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 354KB - Virtual size: 353KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
winpirate-master/Tools/Browsinghistoryview/readme.txt
winpirate-master/Tools/Chrome/chromepasswords.py
winpirate-master/Tools/mimikittenz/Invoke-mimikittenz.ps1
.ps1
winpirate-master/Tools/mimikittenz/README.md
winpirate-master/Tools/winaudit/WinAudit.exe
.exe windows:5 windows x86 arch:x86

e19c55bfe847669e162190cec2117dd8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
CM_Get_DevNode_Status
SetupDiGetClassDescriptionW
SetupDiGetDeviceInstanceIdW

mpr

WNetOpenEnumW
WNetEnumResourceW
WNetCloseEnum

dbghelp

SymGetModuleBase64
StackWalk64
SymFromAddr
SymInitialize
SymCleanup
SymFunctionTableAccess64

netapi32

NetGroupGetUsers
NetUserGetGroups
NetLocalGroupEnum
NetLocalGroupGetInfo
NetShareGetInfo
NetSessionEnum
NetShareEnum
NetFileEnum
NetUserGetLocalGroups
NetQueryDisplayInformation
NetUserGetInfo
NetLocalGroupGetMembers
NetGroupGetInfo
NetApiBufferFree
NetWkstaGetInfo
DsGetSiteNameW
NetServerGetInfo
NetUserModalsGet

secur32

LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaCallAuthenticationPackage
LsaConnectUntrusted

iphlpapi

GetUdpTable
GetTcpTable
GetExtendedUdpTable
GetIpForwardTable
GetIpAddrTable
GetAdaptersAddresses
GetExtendedTcpTable

psapi

GetProcessMemoryInfo

msi

ord244
ord70
ord181
ord113
ord45

kernel32

CloseHandle
ResumeThread
CreateThread
ExitProcess
InterlockedIncrement
GetModuleFileNameW
ExpandEnvironmentStringsW
SetFilePointer
SetFilePointerEx
WriteFile
GetUserDefaultLangID
ReadFile
FlushFileBuffers
GetFileSizeEx
GetFileTime
DeleteFileW
VirtualQuery
GetCurrentThreadId
MultiByteToWideChar
GetDateFormatW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
FormatMessageW
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
FindResourceW
LoadResource
SizeofResource
GetACP
LockResource
GetSystemInfo
GetEnvironmentVariableW
GetComputerNameW
GetSystemDirectoryW
GetVersionExW
GetComputerNameExW
IsWow64Process
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
GlobalLock
GlobalAlloc
GlobalUnlock
SetLastError
GlobalFree
MulDiv
Module32FirstW
SetCurrentDirectoryW
FreeEnvironmentStringsW
InitializeCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LoadLibraryW
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
GetExitCodeThread
GetModuleFileNameA
GetStdHandle
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetCPInfo
InterlockedDecrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
HeapAlloc
HeapFree
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
HeapValidate
GetStartupInfoW
HeapSetInformation
GetCommandLineA
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
Process32FirstW
OpenProcess
lstrlenW
CompareStringW
GetTickCount
LocalFree
SetUnhandledExceptionFilter
GetCommandLineW
FindNextFileW
FindClose
GetFileAttributesW
FindFirstFileW
GetVolumeInformationW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetLogicalDrives
SetErrorMode
GetDriveTypeW
DeviceIoControl
CreateFileW
lstrcmpiW
SetThreadAffinityMask
QueryPerformanceFrequency
GetProcessAffinityMask
GetThreadPriority
SetThreadPriority
IsProcessorFeaturePresent
GetLocaleInfoW
GetEnvironmentStringsW
GetCurrentProcessId
EnterCriticalSection
GetConsoleCP
GetConsoleMode
Sleep
GetPriorityClass
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetSystemDefaultLangID
CreateToolhelp32Snapshot
SetHandleCount
Process32NextW
RtlUnwind
HeapSize
GetCurrentThread
QueryPerformanceCounter
GetCurrentProcess
GetNativeSystemInfo
SetPriorityClass
GetCurrentDirectoryW
GetSystemTime
GlobalMemoryStatusEx
GetLocalTime
SetStdHandle
WriteConsoleW
GetLastError
TryEnterCriticalSection
lstrcmpW
GetTimeFormatW
HeapReAlloc

user32

GetKeyState
GetForegroundWindow
GetScrollInfo
EqualRect
CopyRect
CreatePopupMenu
InsertMenuW
CreateMenu
AppendMenuW
SetMenu
DrawMenuBar
RemoveMenu
DestroyMenu
CreateAcceleratorTableW
EnableMenuItem
GetMenuState
CheckMenuItem
SetRect
SetLayeredWindowAttributes
LoadBitmapW
TranslateAcceleratorW
GetMessageW
IsIconic
GetLastActivePopup
SetForegroundWindow
BringWindowToTop
EndPaint
ClientToScreen
DestroyWindow
GetWindowTextLengthW
CloseClipboard
GetWindowDC
GetMenuBarInfo
DestroyAcceleratorTable
SetParent
SetScrollInfo
SetMenuItemInfoW
MoveWindow
MessageBoxW
RedrawWindow
EndDialog
InvalidateRect
EnumDisplaySettingsW
ReleaseDC
GetDC
EnumDisplayDevicesW
PostMessageW
IsWindowEnabled
GetMenuItemInfoW
BeginPaint
GetClassInfoExW
TranslateMessage
RegisterClassExW
GetMenuItemRect
PeekMessageW
EmptyClipboard
GetSysColorBrush
GetMenuItemCount
CreateWindowExW
OpenClipboard
RegisterClipboardFormatW
UpdateWindow
SetClipboardData
SetWindowTextW
DefWindowProcW
GetWindow
IsChild
DispatchMessageW
LoadIconW
FillRect
DrawTextW
CopyImage
DrawIcon
CopyIcon
DestroyIcon
GetWindowRect
DialogBoxIndirectParamW
GetCapture
GetWindowLongW
GetWindowTextW
GetClassNameW
SetWindowLongW
GetDesktopWindow
SetWindowPos
GetDialogBaseUnits
SetTimer
ScreenToClient
SetCapture
KillTimer
GetFocus
GetSystemMetrics
GetParent
GetClientRect
PtInRect
ReleaseCapture
GetKeyboardType
OffsetRect
SendMessageW
ShowWindow
EnableWindow
CharUpperW
SetCursor
PostQuitMessage
LoadCursorW
MessageBeep
IsWindowVisible
MessageBoxA
TrackPopupMenu
SetFocus
SystemParametersInfoW
GetSysColor
GetCursorPos

gdi32

Polygon
CreateFontIndirectW
GetCurrentObject
ExcludeClipRect
BeginPath
Arc
GetTextExtentPoint32W
GetDeviceCaps
GetStockObject
GetPixel
SetPixelV
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
DeleteObject
DeleteDC
GetTextMetricsW
BitBlt
SetDCPenColor
LineTo
MoveToEx
CreateSolidBrush
RestoreDC
PathToRegion
CreatePen
CreateRectRgn
EndPath
SaveDC
SetMapMode
SelectClipRgn
SetBkMode
SetBkColor
SetTextColor
TextOutW

winspool.drv

OpenPrinterW
ClosePrinter
GetPrinterDriverW
EnumPrintersW
EnumPortsW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseFontW
CommDlgExtendedError

advapi32

LsaFreeMemory
LsaNtStatusToWinError
LsaClose
LookupAccountNameW
LsaEnumerateAccountRights
LsaOpenPolicy
CloseEventLog
ReadEventLogW
OpenEventLogW
CryptCreateHash
CryptDestroyHash
CryptHashData
ConvertSidToStringSidW
GetSidIdentifierAuthority
CryptAcquireContextW
GetSidSubAuthority
GetSidSubAuthorityCount
EqualSid
CloseServiceHandle
OpenSCManagerW
OpenServiceW
EnumServicesStatusW
QueryServiceConfigW
GetAce
RegQueryValueExW
AllocateAndInitializeSid
IsValidSid
FreeSid
InitializeSid
IsTextUnicode
RegEnumKeyExW
CryptGetHashParam
RegCloseKey
LookupPrivilegeDisplayNameW
ImpersonateAnonymousToken
RegOpenKeyExW
RevertToSelf
RegEnumValueW
RegQueryInfoKeyW
GetUserNameW
LsaEnumerateAccountsWithUserRight
LsaQueryInformationPolicy
AdjustTokenPrivileges
ImpersonateSelf
LookupPrivilegeValueW
GetTokenInformation
OpenThreadToken
OpenProcessToken
LookupPrivilegeNameW
GetSecurityDescriptorDacl
GetSecurityDescriptorOwner
GetNamedSecurityInfoW
LookupAccountSidW
CryptReleaseContext

shell32

ExtractIconW
FindExecutableW
ShellExecuteW
SHGetFolderPathW

ole32

CoCreateGuid
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CLSIDFromString
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
StringFromGUID2
CLSIDFromProgID

oleaut32

VariantInit
GetErrorInfo
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SafeArrayGetLBound
VariantTimeToSystemTime
SysFreeString
SysAllocString
VariantClear

odbc32

ord31
ord24
ord171
ord176
ord139
ord108
ord78
ord20
ord141
ord18
ord13
ord9
ord29
ord132
ord147
ord30
ord145
ord173
ord16
ord4
ord136
ord127
ord157
ord138
ord75
ord111

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msimg32

GradientFill
TransparentBlt

Sections

.text
Size: 617KB - Virtual size: 617KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 489KB - Virtual size: 488KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
winpirate-master/WinPirate.bat
winpirate-master/hide.vbs
.vbs

Sharing

General

Malware Config

Signatures

Files

bac8bc4a982e15a5481fae4d2ae9ee57

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

aa:92:09:b9:f3:e6:9a:0d:a3:1e:57:6d:2c:de:5c:90:c7:45:a5:a3:1e:c5:dc:1d:74:e1:43:a0:2a:ae:b9:13Signer

7e:84:cd:5f:94:ec:a0:27:de:ec:2c:ee:0f:06:88:14:39:68:ff:24Signer

Headers

File Characteristics

Imports

msvcrt

comctl32

version

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 260KB - Virtual size: 260KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 34KB - Virtual size: 33KB

8749b9b81f85d79c11a3ee638c91bb9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

53:76:9c:de:43:8e:04:df:31:a7:d2:8b:0e:81:fa:27:6b:bb:ca:c8:b2:e0:68:41:a0:89:4c:4e:ea:a7:9a:cfSigner

cc:fd:3c:df:3b:46:e1:52:a7:7f:7f:24:e1:65:77:06:91:83:2d:89Signer

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

comctl32

version

wininet

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

aa:92:09:b9:f3:e6:9a:0d:a3:1e:57:6d:2c:de:5c:90:c7:45:a5:a3:1e:c5:dc:1d:74:e1:43:a0:2a:ae:b9:13
Signer

7e:84:cd:5f:94:ec:a0:27:de:ec:2c:ee:0f:06:88:14:39:68:ff:24
Signer

.text
Size: 260KB - Virtual size: 260KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 34KB - Virtual size: 33KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

53:76:9c:de:43:8e:04:df:31:a7:d2:8b:0e:81:fa:27:6b:bb:ca:c8:b2:e0:68:41:a0:89:4c:4e:ea:a7:9a:cf
Signer

cc:fd:3c:df:3b:46:e1:52:a7:7f:7f:24:e1:65:77:06:91:83:2d:89
Signer

.text
Size: 354KB - Virtual size: 353KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 5KB - Virtual size: 11KB

.pdata
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 34KB - Virtual size: 33KB

.text
Size: 617KB - Virtual size: 617KB

.rdata
Size: 444KB - Virtual size: 443KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 489KB - Virtual size: 488KB

.reloc
Size: 59KB - Virtual size: 58KB