FolderChangesView[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

FolderChangesView.exe
Size

104KB
MD5

689007f96d9119f41fc7bf97a7933be9
SHA1

7819530d1602b37f8a1f2f09b386254b3116bb2a
SHA256

02c50d25084638628cb65dc7f307c039d5e6c8bc259d15503063d5a39df24ae8
SHA512

23c2b9139fcd0661dcdd122f81ac19232cbb94c112c647e7293f6a6d58f3da0e14b805aa01285dd1d615f3021a8495df21d33229c58a7673f74ecc1de00594b3
SSDEEP

3072:cTtj9TDR01qDBTzeJ6iILcDkiYkMcZZZOdO970nT6+CBhP:+61q9TiJ6rSZZZyUP

Score

10^/10

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
FolderChangesView.exe

Files

FolderChangesView.exe
.exe windows:4 windows x86 arch:x86

2e8dda6dc0182083dfa1d041699a9023

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\FolderChangesView\Release\FolderChangesView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
__p__fmode
_c_exit
_onexit
__dllonexit
_msize
calloc
realloc
_wcslwr
strlen
qsort
_itow
memmove
wcsrchr
swscanf
__set_app_type
_controlfp
_except_handler3
_exit
malloc
_ultow
free
towupper
wcscmp
modf
_memicmp
wcstoul
??3@YAXPAX@Z
??2@YAPAXI@Z
wcslen
_purecall
_wtoi
memcmp
_wcsicmp
wcschr
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
CreateToolbarEx
ImageList_Add
ord17
ImageList_Create
ImageList_AddMasked
CreateStatusWindowW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

mpr

WNetGetUniversalNameW

winmm

mciSendStringW

kernel32

ExitProcess
GetCurrentProcess
ReadProcessMemory
GlobalFree
DeleteFileW
GetCurrentDirectoryW
SetErrorMode
Sleep
GetLocalTime
GetCurrentProcessId
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
LoadLibraryW
GetStdHandle
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetFileAttributesW
CreateFileW
CreateProcessW
CompareFileTime
GetSystemTimeAsFileTime
CloseHandle
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToFileTime
GetModuleHandleW
GetOverlappedResult
GetLongPathNameW
CreateEventW
CreateThread
ExpandEnvironmentStringsW
WaitForSingleObject
SetEvent
GetTickCount
lstrlenW
FindResourceW
GlobalAlloc
LoadResource
GetSystemDirectoryW
GlobalUnlock
SystemTimeToTzSpecificLocalTime
GetTempPathW
LoadLibraryExW
WideCharToMultiByte
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
FormatMessageW
FindClose
GetDateFormatW
GetTempFileNameW
GetVersionExW
GetFileSize
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetTimeFormatW
FindFirstFileW
ReadFile
GetNumberFormatW
LocalFree
GetModuleFileNameW
LockResource
WriteFile
lstrcpyW

user32

SetForegroundWindow
CallWindowProcW
MonitorFromWindow
GetMonitorInfoW
RemoveMenu
DrawTextExW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
InsertMenuW
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
SetWindowPos
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
EndPaint
InvalidateRect
GetWindow
DrawFrameControl
GetWindowPlacement
SetWindowTextW
SetDlgItemInt
UpdateWindow
PostMessageW
DefWindowProcW
TranslateAcceleratorW
SendMessageW
RegisterClassW
MessageBoxW
SetMenu
LoadAcceleratorsW
MessageBeep
LoadImageW
GetWindowLongW
GetSysColor
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
GetDC
EmptyClipboard
InsertMenuItemW
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuItem
CheckMenuRadioItem
GetCursorPos
SetClipboardData
EnableWindow
GetMenu
MapWindowPoints
GetSubMenu
CreateDialogParamW
DestroyWindow
EnumChildWindows
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreatePopupMenu
LoadIconW
SetMenuItemInfoW
GetKeyState
DestroyIcon
DeleteMenu
DispatchMessageW
AppendMenuW
RegisterWindowMessageW
RegisterClipboardFormatW
IsDialogMessageW
TrackPopupMenu
TranslateMessage
PostQuitMessage
GetMessageW
BeginPaint

gdi32

SetBkMode
CreateFontIndirectW
DeleteObject
GetTextExtentPoint32W
SetBkColor
GetStockObject
SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
GetDeviceCaps
GetObjectW
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor

comdlg32

FindTextW
GetOpenFileNameW
GetSaveFileNameW

advapi32

GetFileSecurityW

shell32

SHGetDesktopFolder
SHBindToParent
SHGetMalloc
ShellExecuteExW
SHGetFileInfoW
Shell_NotifyIconW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2e8dda6dc0182083dfa1d041699a9023

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

mpr

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1024B - Virtual size: 6KB

.rsrc Size: 23KB - Virtual size: 23KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1024B - Virtual size: 6KB

.rsrc
Size: 23KB - Virtual size: 23KB