e37f6242ef80ddf84d3bca4166171f92ca860a1f3975ff1d178ac697a6329cce

Sharing

Copy URL Twitter E-mail

General

Target

e37f6242ef80ddf84d3bca4166171f92ca860a1f3975ff1d178ac697a6329cce
Size

364KB
MD5

d3feab17dfbaa06cd72cb21d8805eb2b
SHA1

e72b4e0a58cc138baee524def6368df9b81839bf
SHA256

e37f6242ef80ddf84d3bca4166171f92ca860a1f3975ff1d178ac697a6329cce
SHA512

ecc649ae3727926794ef42f3d095c0bacc2e1cc80aad59171f5ff690c3362971ae60b9d6c5fd5b35746b98139a5234b4428c7e3d824e12a0cd10dc8409c93c56
SSDEEP

6144:4LeF8DtevDIdZZZr7S1TXRKo83D48kEiY5WnG4KAxLJ/1g4jgS+7lnKtI1tfb:4Le6teAkXTGtEnPxLJ+4cSZW/D

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e37f6242ef80ddf84d3bca4166171f92ca860a1f3975ff1d178ac697a6329cce

Files

e37f6242ef80ddf84d3bca4166171f92ca860a1f3975ff1d178ac697a6329cce
.exe windows:4 windows x86 arch:x86

4c17f2a440920f895c1b2cd31b0e2f41

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
calloc
realloc
_msize
strlen
qsort
_wcslwr
_itow
_memicmp
wcstoul
wcsrchr
__set_app_type
_controlfp
_except_handler3
_c_exit
swscanf
_wcsicmp
malloc
_ultow
towupper
wcscmp
free
modf
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
_wtoi
memcmp
_purecall
wcschr
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ord17
ImageList_AddMasked
ImageList_Create

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mpr

WNetGetUniversalNameW

kernel32

GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
Sleep
GlobalFree
CreateProcessW
SetErrorMode
DeleteFileW
GetCurrentDirectoryW
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FileTimeToSystemTime
GetPrivateProfileIntW
WritePrivateProfileStringW
GetTempPathW
WideCharToMultiByte
LoadLibraryExW
GlobalUnlock
GetFileAttributesW
CompareFileTime
GetSystemTimeAsFileTime
FreeLibrary
SystemTimeToFileTime
LoadLibraryW
GetProcAddress
WaitForSingleObject
SetEvent
GetModuleHandleW
CreateFileW
GetLongPathNameW
CreateEventW
CloseHandle
CreateThread
ExpandEnvironmentStringsW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
FormatMessageW
GetDateFormatW
GetTempFileNameW
GetVersionExW
FindClose
GetFileSize
FindFirstFileW
GetTimeFormatW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
GetModuleFileNameW
WriteFile
GetNumberFormatW
LocalFree
LockResource
lstrcpyW
FindResourceW
lstrlenW
LoadResource
GlobalAlloc
SystemTimeToTzSpecificLocalTime

user32

SetForegroundWindow
CallWindowProcW
CreatePopupMenu
RegisterWindowMessageW
KillTimer
GetKeyState
DeleteMenu
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
RegisterClipboardFormatW
SetWindowLongW
EndPaint
GetDlgItem
InvalidateRect
GetWindow
DrawFrameControl
SetDlgItemInt
SetWindowTextW
BeginPaint
UpdateWindow
GetClientRect
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
EnableMenuItem
InsertMenuItemW
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CheckMenuItem
CloseClipboard
GetCursorPos
GetParent
GetSysColor
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
AppendMenuW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
SetTimer
DrawTextExW
ChildWindowFromPoint

gdi32

SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

GetFileSecurityW

shell32

Shell_NotifyIconW
SHGetDesktopFolder
SHBindToParent
SHGetMalloc
ShellExecuteExW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bak
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4c17f2a440920f895c1b2cd31b0e2f41

Headers

File Characteristics

Imports

msvcrt

comctl32

version

mpr

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 50KB - Virtual size: 50KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 18KB - Virtual size: 18KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.bak Size: 6KB - Virtual size: 6KB

.text
Size: 50KB - Virtual size: 50KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 18KB - Virtual size: 18KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB

.bak
Size: 6KB - Virtual size: 6KB