de5e3d0ecf1073c9a72a70e86b703723

General

Target

de5e3d0ecf1073c9a72a70e86b703723
Size

439KB
MD5

de5e3d0ecf1073c9a72a70e86b703723
SHA1

a6db18f4c97493d850184e61f51d40834bc1c095
SHA256

59c0bbda7775e62dbba6a4fdd3726997aa73d27d0b15db45ecf7d406fc967488
SHA512

632f02cef3e2001e00ed9bfdeb813b671b415bba98bb55853124cfb16fc16296608a106784f6b241de1a2944782bde7c87720b4db913735bb131fcfdbd4b62e4
SSDEEP

12288:49l4qI+imdk+kUgp/BmJ4e52AopF7tQiRHFqrA:k40i+knpJmJ4e52AeFJHFmA

Score

10^/10

Malware Config

Signatures

Nirsoft 2 IoCs

resource	yara_rule
sample	Nirsoft
static1/unpack001/RAR Password Cracker v4.12.exe	Nirsoft

NirSoft MailPassView 2 IoCs

Password recovery tool for various email clients

resource	yara_rule
sample	MailPassView
static1/unpack001/RAR Password Cracker v4.12.exe	MailPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RAR Password Cracker v4.12.exe

Files

de5e3d0ecf1073c9a72a70e86b703723
.rar
RAR Password Cracker v4.12.exe
.exe windows:4 windows x86 arch:x86

6621597ac70e541e714b4033aa0f23f6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
realloc
free
strncpy
strlen
strcpy
strcat
sprintf

kernel32

GetModuleHandleA
HeapCreate
HeapDestroy
ExitProcess
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
HeapFree
HeapAlloc
VirtualAlloc
VirtualFree
VirtualProtect
IsBadReadPtr
GetProcessHeap
FreeLibrary
InitializeCriticalSection
GetModuleFileNameA
GetCurrentProcess
DuplicateHandle
CloseHandle
CreatePipe
GetStdHandle
CreateProcessA
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
Sleep
WideCharToMultiByte
HeapSize
DeleteFileA
WriteFile
CreateFileA
ReadFile
SetFilePointer
GetFileSize
HeapReAlloc

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteExA

Sections

.code
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 33B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata2
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6621597ac70e541e714b4033aa0f23f6

Headers

File Characteristics

Imports

msvcrt

kernel32

shell32

Sections

.code Size: 10KB - Virtual size: 9KB

.text Size: 14KB - Virtual size: 14KB

.rdata Size: 512B - Virtual size: 33B

.data Size: 2KB - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 2KB

.idata2 Size: 408KB - Virtual size: 406KB

.code
Size: 10KB - Virtual size: 9KB

.text
Size: 14KB - Virtual size: 14KB

.rdata
Size: 512B - Virtual size: 33B

.data
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 2KB

.idata2
Size: 408KB - Virtual size: 406KB