a45b8108b502953749b5912ede858637

Sharing

Copy URL Twitter E-mail

General

Target

a45b8108b502953749b5912ede858637
Size

139KB
MD5

a45b8108b502953749b5912ede858637
SHA1

656a2c65ab0261e3e63774bce198238e9eb31340
SHA256

8790715c086c346bd0154fad3c286cc698704f301372ab78ec9a7d14843d4458
SHA512

f1bd3f291a84bf57d0bc0ce25215dde7b9b6faaabc1afd8c6b3fd8a4d99111f9710abb44667fb586f083ed3b9206936835e3f8628e1c8fe0c55e7b4ceb0feb6f
SSDEEP

1536:oCvsdtnXKEkBXXkAezxToSgpAGz1lSk482h+NiCt7J9guQNEt:ozaE8Xk9zFoSgKSek43ciCt7J9guQ

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a45b8108b502953749b5912ede858637

Files

a45b8108b502953749b5912ede858637
.exe windows:4 windows x86 arch:x86

795d2def1f21118f57c3347990a6c98f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\TimeZonesView\Release\TimeZonesView.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__dllonexit
_purecall
_wcslwr
strlen
qsort
_itow
_wcsnicmp
wcstoul
wcsrchr
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
_ultow
malloc
wcscmp
_wcsicmp
free
wcschr
modf
_memicmp
_wtoi
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ReadProcessMemory
ExitProcess
GetCurrentProcessId
DeleteFileW
SetErrorMode
GetStdHandle
OpenProcess
EnumResourceTypesW
GetTimeZoneInformation
GetModuleHandleA
GetStartupInfoW
LoadLibraryW
GetTickCount
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
FileTimeToSystemTime
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
CompareFileTime
GetSystemTime
FreeLibrary
GetModuleHandleW
GetProcAddress
FindResourceW
GetModuleFileNameW
LoadResource
CreateFileW
LockResource
LocalFree
GlobalAlloc
lstrlenW
LoadLibraryExW
lstrcpyW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetCurrentProcess
GetLastError
GetDateFormatW
GetTempFileNameW
SizeofResource
GlobalLock
GetFileSize
FormatMessageW
GetVersionExW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
WriteFile
ReadFile
GetPrivateProfileStringW

user32

DrawTextExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
SetTimer
GetMessageW
PostQuitMessage
TrackPopupMenu
SetCursor
LoadCursorW
GetSysColorBrush
RegisterWindowMessageW
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
GetClientRect
CreateWindowExW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
TranslateAcceleratorW
MessageBoxW
SetMenu
SetWindowPos
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
SetFocus
GetMenu
GetSubMenu
EmptyClipboard
GetDC
EnableMenuItem
ReleaseDC
GetClassNameW
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetParent
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
EndDeferWindowPos
BeginDeferWindowPos
GetKeyState
KillTimer
ShowWindow

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
GetPixel
DeleteDC
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegEnumKeyExW

shell32

SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

795d2def1f21118f57c3347990a6c98f

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 40KB - Virtual size: 40KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 30KB - Virtual size: 30KB

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 30KB - Virtual size: 30KB