b7200229a40de505c2947c555f372962 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

b7200229a40de505c2947c555f372962
Size

1.1MB
MD5

b7200229a40de505c2947c555f372962
SHA1

080d6b82fc7954d734bfcfbf3557ba43e1ae74db
SHA256

2535c2241b255ee6dfc43e71d13b1feda3998d0afbc0a6a6ec267a8928f3a5f3
SHA512

6eaaf870c731c42fee8c5f32f49680a5dea315b11687e454f1a681b29bf1ca40a67d4f2e71942cc3986b5b1ac9f223200460c38beac94ed746b5f91e73337970
SSDEEP

24576:FhX4wko9GnQ4eh2AeFI+m2Zun3Yij/op7RoA1ynhODXrFnjwA:n9CAee1O8YieyhODXrFjJ

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft MailPassView 1 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b7200229a40de505c2947c555f372962

Files

b7200229a40de505c2947c555f372962
.exe windows:4 windows x86 arch:x86

2dcae75b7afbab3e45a24ab5cadd9efa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
realloc
free
strncpy
sprintf
strlen

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetModuleFileNameA
FindResourceA
LoadResource
LockResource
LoadLibraryA
GetProcAddress
GetEnvironmentVariableA
HeapFree
HeapAlloc
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
GetProcessHeap
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
InitializeCriticalSection
Sleep
WideCharToMultiByte
HeapSize
HeapReAlloc
DeleteFileA
WriteFile
CloseHandle
CreateFileA
GetFileSize
ReadFile
SetFilePointer

comctl32

InitCommonControls

user32

MessageBoxA
GetWindowThreadProcessId
IsWindowVisible
IsWindowEnabled
GetForegroundWindow
EnableWindow
EnumWindows

ole32

CoInitialize

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 597KB - Virtual size: 597KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ