5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6

Sharing

Copy URL

Twitter E-mail

General

Target

5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6
Size

455KB
MD5

56df55ef50e9b9c891437c7148a0764a
SHA1

4b77fa3e1fe5a5d880467418f13ae6cb84366cca
SHA256

5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6
SHA512

90f595753e00f51e3267bbaab9a491aa2ed147f1d1b5c017121b55d249a386fdde9348826eaf8048faa82a6df308720a8ca9d5b6979db9451f97578c2477f507
SSDEEP

12288:szCpKSjFsvqBUO9eH7M0gNLq0OvvCzMZk3u:sgjF0qBnS7bgNLq0OnCzMCu

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6

Files

5498c3eb2fb335aadcaf6c5d60560c5d2525997ba6af39b191f6092cb70a3aa6
.exe windows:4 windows x86 arch:x86

6cde2f49ecf3cc2f14739babaa8fd75f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

comctl32

CreateToolbarEx
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Create
ord17
ImageList_ReplaceIcon
CreateStatusWindowW

wininet

FindFirstUrlCacheEntryW
FindNextUrlCacheEntryW
FindCloseUrlCache

kernel32

GetFileTime
SizeofResource
GlobalLock
FormatMessageW
FindClose
GetDateFormatW
GetTempFileNameW
GetVersionExW
GetWindowsDirectoryW
FindFirstFileW
GetTimeFormatW
GetFileAttributesW
SetFilePointer
lstrcpyW
ReadFile
GetModuleFileNameW
LockResource
FindResourceW
lstrlenW
LoadResource
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
OpenProcess
WritePrivateProfileStringW
SystemTimeToFileTime
EnumResourceNamesW
GetPrivateProfileStringW
FindNextFileW
SetErrorMode
ReadProcessMemory
ExitProcess
GetSystemTimeAsFileTime
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
EnumResourceTypesW
LockFile
UnlockFileEx
GetTempPathA
FormatMessageA
LockFileEx
GetSystemTime
EnterCriticalSection
AreFileApisANSI
GetDiskFreeSpaceW
DeleteFileA
GetFullPathNameW
InitializeCriticalSection
GetFullPathNameA
CreateFileA
GetDiskFreeSpaceA
Sleep
GetSystemInfo
LeaveCriticalSection
SetEndOfFile
GetFileAttributesA
QueryPerformanceCounter
GetFileAttributesExW
DeleteCriticalSection
InterlockedCompareExchange
FlushFileBuffers
UnlockFile
GetTempPathW
GetSystemDirectoryW
GetModuleHandleA
GetStartupInfoW
GlobalAlloc
LoadLibraryExW
GlobalUnlock
SystemTimeToTzSpecificLocalTime
MultiByteToWideChar
SetFilePointerEx
GetTickCount
GetModuleHandleW
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
GetLastError
FreeLibrary
WriteFile
CompareFileTime
WideCharToMultiByte
GetFileSize
LocalFree
DeleteFileW
FileTimeToLocalFileTime
CloseHandle
CreateFileW
GetStdHandle
CopyFileW
GetPrivateProfileIntW

user32

EndDeferWindowPos
GetParent
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuItem
CheckMenuRadioItem
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
MapWindowPoints
GetMenu
GetSubMenu
GetDC
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
IsDialogMessageW
TranslateMessage
DispatchMessageW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DrawTextExW
BeginDeferWindowPos
SetTimer
SetFocus
GetWindowLongW
LoadIconW
LoadImageW
PostMessageW
SendMessageW
DefWindowProcW
LoadAcceleratorsW
GetWindowPlacement
SetMenu
SetWindowPlacement
TranslateAcceleratorW
MessageBoxW
RegisterClassW
GetDlgItemTextW
GetClientRect
SetDlgItemTextW
UpdateWindow
SetWindowTextW
SetDlgItemInt
InvalidateRect
GetWindow
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
GetDlgItemInt
GetWindowRect
CreateWindowExW
GetSystemMetrics
ChildWindowFromPoint
LoadCursorW
SetCursor
ShowWindow
GetSysColorBrush
DeferWindowPos
KillTimer

gdi32

GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
SelectObject
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegEnumValueW
RegQueryValueExW

shell32

SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateGuid

msvcrt

memset
memcpy
_except_handler3
_controlfp
wcsrchr
_snwprintf
wcsncat
wcschr
_wcsicmp
_wtoi
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
_wtoi64
_memicmp
modf
free
malloc
wcstoul
memmove
wcsncmp
strchr
_wcslwr
_wcsupr
_strlwr
_itow
strftime
_gmtime64
realloc
memchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_CIlog

Sections

.text
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6cde2f49ecf3cc2f14739babaa8fd75f

Headers

File Characteristics

Imports

version

comctl32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

msvcrt

Sections

.text Size: 370KB - Virtual size: 370KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 101KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 370KB - Virtual size: 370KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 101KB

.rsrc
Size: 34KB - Virtual size: 34KB