a991cdc4f94c4c28f8e6fc660c92e638 | Triage

Sharing

General

Target

a991cdc4f94c4c28f8e6fc660c92e638
Size

3.0MB
MD5

a991cdc4f94c4c28f8e6fc660c92e638
SHA1

2b0234f2714b4333162e5e6eb1558d690ce5019c
SHA256

ea7d157c45706139f30a4ba9f8e0e35f6340f9ae23c38502ddc5facce682bbad
SHA512

2d32e0e2da926aaeed35823d3f85569b39aeecf3301f1477f67221fd3643a6229ef877d40bd22998c7382a1592fc0a0b328dd9cb006b9e6c474f244a83d2e149
SSDEEP

49152:vrTa4lj432FZYeiLxPQ6u4sOEvazaoGlehS85RdppxLHggdaN0tujgiawdwuC9T:jTa4R434ZmLhQ6zsBneLRdplF

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a991cdc4f94c4c28f8e6fc660c92e638

Files

a991cdc4f94c4c28f8e6fc660c92e638
.exe windows:4 windows x86 arch:x86

3c0e70bfa5f73f1f1cef484e2bcb5bf8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA

user32

MessageBoxA

Sections

.VV2
Size: 22KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VV2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VV2
Size: 1.1MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.VV2
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE