shexview[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

shexview.exe
Size

178KB
MD5

5e5aae895a43f786ed98fe64382e4785
SHA1

cfcd3146454e827a18f36f2bf321463d1fdc7a21
SHA256

c388af0018fa47383090a6fe112aabaf59ab2fc8579c814f66b71879c397d957
SHA512

9b04618cc70d1e19da05c90ae0288d71c9483a5f355157106544465c57403ae1c7801aad53fef3f0fab81d3ce1febeb489d3bb18787412f179210b0befcdff4b
SSDEEP

3072:NHbiGXK/Q3yOwxLK0KueOZmB1uaE50ad9FyAAZxuUTHtsWR+6IY7DdDMVxgY:NO/oCp9ZypCgTHqWRk+67

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Files

shexview.exe
.exe windows:4 windows x64 arch:x64

0e1c46fb3ecf96d42e33c3490e165c5b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24/08/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/09/2014, 00:00

Not After

12/09/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30/03/2016, 00:00

Not After

30/06/2019, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:3d:cc:8c:68:53:bf:22:c1:f9:24:05:6e:6d:94:ff:7b:49:dd:a1:90:4f:ea:7f:ae:1b:59:8a:51:9a:64:52
Signer

Actual PE Digest

e6:3d:cc:8c:68:53:bf:22:c1:f9:24:05:6e:6d:94:ff:7b:49:dd:a1:90:4f:ea:7f:ae:1b:59:8a:51:9a:64:52

Digest Algorithm

sha256

PE Digest Matches

true

92:1f:a2:9a:9e:60:3d:52:bf:cb:ed:be:e5:14:f7:95:89:b8:ee:41
Signer

Actual PE Digest

92:1f:a2:9a:9e:60:3d:52:bf:cb:ed:be:e5:14:f7:95:89:b8:ee:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\shexview\x64\Release\shexview.pdb

Imports

msvcrt

_initterm
__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
_purecall
_strlwr
modf
memcmp
_mbschr
_memicmp
strrchr
strcmp
malloc
strtoul
free
_ultoa
_itoa
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
atoi
memset
strchr
_strcmpi
_strnicmp
_stricmp
strlen
strcpy
strcat
strncat
sprintf

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

comctl32

ord17
ImageList_AddMasked
ImageList_Create
ImageList_SetImageCount
ord6
CreateToolbarEx
ImageList_ReplaceIcon

ws2_32

WSASetLastError
closesocket
send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
WSAStartup
WSACleanup
socket
bind

kernel32

GetStartupInfoA
WinExec
GetCurrentThreadId
FindNextFileA
LocalFree
ReadFile
GetTempFileNameA
GetDateFormatA
lstrcpyA
ExpandEnvironmentStringsA
GetCurrentProcessId
ReadProcessMemory
ExitProcess
DeleteFileA
GetPrivateProfileStringA
GetPrivateProfileIntA
EnumResourceNamesA
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
WriteFile
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetCurrentProcess
CompareFileTime
WaitForSingleObject
GetFileAttributesA
CreateProcessA
GetSystemDirectoryA
CloseHandle
GetWindowsDirectoryA
FileTimeToLocalFileTime
MultiByteToWideChar
OpenProcess
FileTimeToSystemTime
CreateFileA
GlobalAlloc
GlobalUnlock
GlobalLock
GetFileSize
GetFileTime
GetTimeFormatA
lstrlenA
FindFirstFileA
GetVersionExA
GetLastError
GetLocaleInfoA
GetNumberFormatA
GetTempPathA
FormatMessageA
GetModuleFileNameA
FindClose

user32

GetMenuItemInfoA
SetWindowPos
GetWindowTextA
TranslateMessage
IsDialogMessageA
TrackPopupMenu
PostQuitMessage
RegisterWindowMessageA
GetMessageA
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
AttachThreadInput
SetForegroundWindow
DispatchMessageA
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
DestroyWindow
LoadCursorA
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
SetDlgItemInt
SetDlgItemTextA
GetDlgItemTextA
SetWindowTextA
SendDlgItemMessageA
PostMessageA
SetMenu
LoadAcceleratorsA
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
GetWindowRect
GetSystemMetrics
SetWindowPlacement
IsWindowVisible
EnumWindows
GetWindowThreadProcessId
LoadIconA
DestroyIcon
FindWindowA
LoadImageA
GetWindowLongA
SetWindowLongA
InvalidateRect
SetFocus
LoadStringA
MoveWindow
OpenClipboard
EmptyClipboard
CheckMenuItem
GetDC
EnableMenuItem
ReleaseDC
GetParent
GetMenuItemCount
GetSubMenu
GetClassNameA
CloseClipboard
GetMenuStringA
GetClientRect
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetSysColor
GetMenu
LoadMenuA
ModifyMenuA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
EnumChildWindows
SetCursor

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
GetDeviceCaps
SetTextColor
CreateFontIndirectA
SetBkMode
DeleteObject

comdlg32

FindTextA
GetSaveFileNameA

advapi32

RegDeleteValueA
RegCreateKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegLoadKeyA
RegCloseKey
CryptHashData
CryptGetHashParam
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
CryptDestroyHash
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
RegDeleteKeyA

shell32

ExtractIconExA
ShellExecuteA
ShellExecuteExA
Shell_NotifyIconA

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e1c46fb3ecf96d42e33c3490e165c5b

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4bCertificate

Key Usages

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19Certificate

Extended Key Usages

Key Usages

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bbCertificate

Extended Key Usages

Key Usages

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49Certificate

Extended Key Usages

Key Usages

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8Certificate

Extended Key Usages

Key Usages

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17Certificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

e6:3d:cc:8c:68:53:bf:22:c1:f9:24:05:6e:6d:94:ff:7b:49:dd:a1:90:4f:ea:7f:ae:1b:59:8a:51:9a:64:52Signer

92:1f:a2:9a:9e:60:3d:52:bf:cb:ed:be:e5:14:f7:95:89:b8:ee:41Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

version

comctl32

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 24KB - Virtual size: 24KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 19KB - Virtual size: 18KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

e6:3d:cc:8c:68:53:bf:22:c1:f9:24:05:6e:6d:94:ff:7b:49:dd:a1:90:4f:ea:7f:ae:1b:59:8a:51:9a:64:52
Signer

92:1f:a2:9a:9e:60:3d:52:bf:cb:ed:be:e5:14:f7:95:89:b8:ee:41
Signer

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 24KB - Virtual size: 24KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 19KB - Virtual size: 18KB