c:\Projects\VS2005\CredentialsFileView\x64\Release\CredentialsFileView.pdb
Static task
static1
2 signatures
General
-
Target
credentialsfileview-x64.zip
-
Size
94KB
-
MD5
0115f052c0a03c7a604ba46f50ccc783
-
SHA1
347bce91f693ebf7ae40a00dcd20d06f17a4901d
-
SHA256
b5ca584efa62dead9de9ba28b7be87c7d810c4063af5e7e14312474e0ae29bb0
-
SHA512
310ec25a68316047a1a8dc056e6c34f5d3e88c6c7cf15ecccd30b9f4fe47d9c047d2d284a5e2493a0317222801ebdd268158bce6a18f60dbed90b57e1e2076d1
-
SSDEEP
1536:xKQibwFZhjyNA9jfrARJNGqYOo05EjUWssuxJ5LSxwwXXA/kEW6D3y/sjB8aFel9:Y+FZhjGA9jfuGqY058RNuP5yVHA/kEV6
Score
10/10
Malware Config
Signatures
-
Nirsoft 1 IoCs
resource yara_rule static1/unpack001/CredentialsFileView.exe Nirsoft -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/CredentialsFileView.exe
Files
-
credentialsfileview-x64.zip.zip
-
CredentialsFileView.chm.chm
-
CredentialsFileView.exe.exe windows:4 windows x64 arch:x64
855d3fa0c439cdc35d305642c8a694d4
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
msvcrt
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
qsort
__setusermatherr
_commode
_fmode
__set_app_type
_purecall
_wcslwr
_itow
malloc
_ultow
free
wcschr
modf
_memicmp
_wtoi
wcstoul
wcsrchr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
wcsncmp
_wcsicmp
_wcsnicmp
_snwprintf
wcsncat
memcpy
memset
memcmp
comctl32
CreateToolbarEx
CreateStatusWindowW
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
crypt32
CryptUnprotectData
kernel32
Process32NextW
CreateToolhelp32Snapshot
CreateRemoteThread
EnumResourceTypesW
GetStartupInfoW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
MultiByteToWideChar
LocalFree
FreeLibrary
GetProcAddress
GetLastError
LocalAlloc
CloseHandle
GetFileSize
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
GetTimeFormatW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileAttributesW
lstrcpyW
WriteFile
ReadFile
GetModuleFileNameW
CreateFileW
GetNumberFormatW
FindResourceW
LockResource
LoadResource
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GetSystemDirectoryW
lstrlenW
LoadLibraryExW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetCurrentProcess
GetLocaleInfoW
GetDateFormatW
GetTempFileNameW
SizeofResource
FindNextFileW
GlobalLock
FormatMessageW
GetVersionExW
FindClose
FindFirstFileW
OpenProcess
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetTickCount
GetStdHandle
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
WaitForSingleObject
WriteProcessMemory
ResumeThread
SetErrorMode
DeleteFileW
ExitProcess
GetCurrentProcessId
Process32FirstW
user32
ChildWindowFromPoint
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SendDlgItemMessageW
GetWindow
EndDialog
GetDC
DrawFrameControl
SetWindowTextW
InvalidateRect
UpdateWindow
GetWindowRect
SendMessageW
SetDlgItemTextW
GetDlgItemInt
GetDlgItemTextW
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
SetWindowPlacement
GetSystemMetrics
EndPaint
DeferWindowPos
BeginPaint
GetClientRect
CreateWindowExW
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetCursorPos
SetClipboardData
EnableWindow
GetParent
MapWindowPoints
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
ScreenToClient
CloseClipboard
CheckMenuRadioItem
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
RegisterWindowMessageW
TrackPopupMenu
DispatchMessageW
PostQuitMessage
IsDialogMessageW
GetMessageW
TranslateMessage
CallWindowProcW
DrawTextExW
GetFocus
GetKeyState
MonitorFromWindow
GetMonitorInfoW
SetCapture
FillRect
ReleaseCapture
GetDlgItem
gdi32
GetTextExtentPoint32W
GetStockObject
SetStretchBltMode
StretchBlt
SetBkColor
CreateCompatibleBitmap
PatBlt
CreateSolidBrush
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
comdlg32
FindTextW
GetSaveFileNameW
advapi32
DuplicateTokenEx
RevertToSelf
OpenProcessToken
GetTokenInformation
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
ImpersonateLoggedOnUser
shell32
ShellExecuteW
ShellExecuteExW
SHGetFileInfoW
SHGetPathFromIDListW
Sections
.text Size: 114KB - Virtual size: 114KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 23KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
readme.txt