8c786436ab630f1757b1ef9ecf67b98d

General

Target

8c786436ab630f1757b1ef9ecf67b98d
Size

404KB
MD5

8c786436ab630f1757b1ef9ecf67b98d
SHA1

ab82dbd870af335cabbff2c847820ff6a0784188
SHA256

84ec5a3f0e053cd89aa8171852739bc8490f095396bf5c226a07fbb3e087d1bc
SHA512

a9a1d42fd2595e954743b5e3c84304e90ce112ed19f70f22188d245b07502f2d64f1cae5a08d28d50a3e08f3fca1f296b739582ea703dcf77b6b64c96c2e6ff4
SSDEEP

12288:36W1T4qI+imdk+kUgp/BmJ4e52AopF7tQiRn:3540i+knpJmJ4e52AeFJ

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8c786436ab630f1757b1ef9ecf67b98d

Files

8c786436ab630f1757b1ef9ecf67b98d
.exe windows:4 windows x86 arch:x86

6621597ac70e541e714b4033aa0f23f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
realloc
free
strncpy
strlen
strcpy
strcat
sprintf

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
HeapFree
HeapAlloc
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
GetProcessHeap
FreeLibrary
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
WideCharToMultiByte
HeapSize
DeleteFileA
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
HeapReAlloc

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA

Sections

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 372KB - Virtual size: 371KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6621597ac70e541e714b4033aa0f23f6

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

Sections

.rdata Size: 10KB - Virtual size: 10KB

.rdata Size: 16KB - Virtual size: 15KB

.rdata Size: 512B - Virtual size: 33B

.data Size: 3KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.idata2 Size: 372KB - Virtual size: 371KB

.rdata
Size: 10KB - Virtual size: 10KB

.rdata
Size: 16KB - Virtual size: 15KB

.rdata
Size: 512B - Virtual size: 33B

.data
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.idata2
Size: 372KB - Virtual size: 371KB