fd7f661e4cd382f71c1f24c2fcf929d736239fb50fdb79b695e82d2445b1497c

Sharing

Copy URL Twitter E-mail

General

Target

fd7f661e4cd382f71c1f24c2fcf929d736239fb50fdb79b695e82d2445b1497c
Size

1.5MB
MD5

6394c622fd1b48e92fcc7b89384f28a1
SHA1

a19337143a7fc4952ce3524fbbd87e3ba11ab932
SHA256

fd7f661e4cd382f71c1f24c2fcf929d736239fb50fdb79b695e82d2445b1497c
SHA512

9d7b21a3f33eb1f7ac0c8e5e54cb4219ced66fbd350a886b226948712aa46bc9983bed9e7a10f379b344ee365fed29ece18f06a0f82442d1ea552169c4a44e1f
SSDEEP

24576:jzzbrxTYlojCT9UcIvK0kxnqW/KA/4HbjagNZnsnPjmiTyEk9xSOoRNF7r6cn:3zntxu8C7fx4XjNZXiTuSX6

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
fd7f661e4cd382f71c1f24c2fcf929d736239fb50fdb79b695e82d2445b1497c

Files

fd7f661e4cd382f71c1f24c2fcf929d736239fb50fdb79b695e82d2445b1497c
.exe windows:5 windows x64 arch:x64

85144e73f1c4b880c71a9d4f6a7ec288

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrPBrkW
StrCmpIW
StrCmpNA
wnsprintfW
StrStrA
PathMatchSpecW
StrToIntExW
StrCpyNW
StrStrW
StrStrIW
StrRChrW
StrChrW
StrCmpNW
StrCmpNIA
StrCmpNIW

kernel32

CreateNamedPipeA
SetFilePointer
DuplicateHandle
CreatePipe
CreateThread
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
lstrcmpiA
lstrcmpA
LocalFree
GetVersionExW
CreateMutexA
WideCharToMultiByte
CreateFileA
GetFileSizeEx
DeleteFileW
VirtualFree
TlsSetValue
WriteConsoleW
TlsGetValue
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDriveStringsW
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
SetCurrentDirectoryW
WinExec
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
SetEnvironmentVariableW
ExpandEnvironmentStringsW
HeapReAlloc
GlobalMemoryStatusEx
LockResource
LoadResource
SizeofResource
FindResourceW
GetExitCodeThread
WaitForMultipleObjects
GetCurrentThreadId
RemoveDirectoryW
WriteProcessMemory
SetEndOfFile
FormatMessageW
QueryPerformanceCounter
SetConsoleWindowInfo
GetLargestConsoleWindowSize
GetVolumeNameForVolumeMountPointW
SetFilePointerEx
GetSystemTimeAsFileTime
DefineDosDeviceW
VirtualAlloc
QueryDosDeviceW
SetThreadPriority
GetCurrentThread
CopyFileW
GetProcessTimes
GetLogicalDrives
WaitNamedPipeW
GlobalMemoryStatus
SleepEx
MoveFileW
MoveFileExW
OpenThread
TerminateThread
SetSystemPowerState
GetUserDefaultLCID
RaiseException
FileTimeToSystemTime
SystemTimeToFileTime
GetVolumeInformationW
GetDiskFreeSpaceW
SetNamedPipeHandleState
ResetEvent
DisconnectNamedPipe
lstrcpyA
lstrcpynA
GetHandleInformation
SetLocalTime
SetEnvironmentVariableA
GlobalAddAtomA
GetFileAttributesExW
DeleteVolumeMountPointW
GlobalUnlock
GlobalLock
CreateHardLinkW
VirtualProtect
GetConsoleWindow
SetConsoleScreenBufferSize
AllocConsole
GetFullPathNameW
FileTimeToLocalFileTime
LCMapStringA
GetSystemInfo
GetFileSize
EnumResourceNamesW
GetTempPathW
LCMapStringW
SetVolumeMountPointW
SetVolumeLabelW
FindFirstFileW
GetLongPathNameW
GetTimeZoneInformation
LocalFileTimeToFileTime
GlobalDeleteAtom
Beep
GetFileInformationByHandle
SetFileAttributesW
SetFileTime
OpenEventW
CreateNamedPipeW
CreateMailslotW
OpenMutexW
CreateSemaphoreW
OpenSemaphoreW
VirtualQueryEx
VirtualProtectEx
SetThreadContext
GetThreadContext
CompareStringA
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
HeapCreate
HeapSetInformation
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
LoadLibraryExW
WriteFile
GetShortPathNameW
ConnectNamedPipe
GetOverlappedResult
CreateJobObjectW
AssignProcessToJobObject
ResumeThread
GetExitCodeProcess
TerminateJobObject
GetCommandLineW
GetVersion
ReadProcessMemory
LoadLibraryW
WaitForSingleObject
ExitProcess
lstrcatA
GetModuleHandleA
CreateDirectoryW
CreateProcessW
FlushFileBuffers
FindFirstVolumeW
DeviceIoControl
FindNextVolumeW
FindVolumeClose
GetProcessAffinityMask
HeapFree
GetModuleFileNameW
SearchPathW
CreateFileMappingA
OpenFileMappingA
TerminateProcess
UnmapViewOfFile
GetEnvironmentVariableA
SetErrorMode
GetStdHandle
GetProcessHeap
TlsAlloc
LoadLibraryA
GetProcAddress
CreateFiber
ConvertThreadToFiber
DeleteFiber
SwitchToFiber
GetLocaleInfoW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
GetEnvironmentVariableW
GetEnvironmentStringsW
GetCurrentProcessId
OpenFileMappingW
GetLastError
SetLastError
CreateMutexW
CreateEventW
CreateFileMappingW
MapViewOfFile
GetCurrentDirectoryW
SetEvent
FreeEnvironmentStringsW
OpenProcess
ReleaseMutex
HeapAlloc
lstrlenA
lstrcpynW
lstrcatW
lstrcpyW
lstrcmpW
lstrcmpiW
FindNextFileW
FindClose
ReadFile
CreateFileW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
MulDiv
GetTickCount
GetStartupInfoW
FreeLibrary
lstrlenW
ReleaseSemaphore
CompareStringW

user32

GetScrollRange
SubtractRect
GetIconInfo
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
GetFocus
GetScrollPos
GetActiveWindow
CreateDialogParamW
SetMenuItemBitmaps
EnumWindows
UpdateWindow
SetCapture
ReleaseCapture
ShowCursor
GetWindowInfo
ScrollWindow
ChildWindowFromPointEx
CreateIconFromResource
GetScrollInfo
WindowFromPoint
IsChild
DestroyCursor
CreateIconIndirect
FindWindowExW
DrawIcon
SetMenu
CreateMenu
SetWindowRgn
FindWindowW
LoadStringA
CharUpperA
IsWindowVisible
GetClipboardData
SwitchToThisWindow
GetClassNameW
IsWindowEnabled
CreateIconFromResourceEx
MessageBoxW
IsRectEmpty
EnumChildWindows
PtInRect
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
FindWindowExA
GetForegroundWindow
AttachThreadInput
IsDialogMessageW
GetSysColor
CopyImage
LoadCursorW
SetCursor
GetWindowThreadProcessId
SetScrollInfo
SetScrollPos
SetScrollRange
SetFocus
GetWindowDC
IsIconic
GetMessageW
DialogBoxParamW
RegisterClassExW
LockWorkStation
mouse_event
EnumDisplayDevicesW
ChangeDisplaySettingsExW
DialogBoxIndirectParamW
SetParent
BeginPaint
EndPaint
GetWindowLongPtrW
SetLayeredWindowAttributes
GetMenu
GetMenuItemCount
DefWindowProcW
LoadMenuW
RemoveMenu
InsertMenuW
InvalidateRect
GetDlgItemTextW
EndDialog
FillRect
RedrawWindow
CallWindowProcW
GetKeyState
EnumDisplaySettingsW
GetSubMenu
GetMenuItemID
GetMenuStringW
ModifyMenuW
UnregisterHotKey
RegisterHotKey
ExitWindowsEx
PostMessageW
SendMessageW
SetTimer
KillTimer
LoadBitmapW
LoadImageW
DestroyIcon
UnhookWindowsHookEx
SetWindowsHookExW
GetAsyncKeyState
PostQuitMessage
CallNextHookEx
GetKeyboardState
keybd_event
RegisterDeviceNotificationW
SendMessageTimeoutW
CharUpperW
IsWindow
ScreenToClient
GetWindowTextLengthW
OffsetRect
OpenDesktopW
SetThreadDesktop
SwitchDesktop
CloseDesktop
GetCursorPos
CreatePopupMenu
TrackPopupMenu
DestroyMenu
wsprintfA
LoadStringW
AppendMenuW
RegisterWindowMessageW
FindWindowA
GetLastInputInfo
PeekMessageW
TranslateMessage
DispatchMessageW
SystemParametersInfoW
WaitForInputIdle
GetSystemMenu
EnableMenuItem
GetWindowLongW
SetWindowLongW
GetClientRect
wsprintfW
DrawTextW
GetSystemMetrics
ShowScrollBar
EnableWindow
GetDesktopWindow
SetActiveWindow
SetForegroundWindow
BringWindowToTop
GetWindowTextW
SetWindowTextW
ClientToScreen
MoveWindow
CreateWindowExW
SetWindowLongPtrW
GetDlgCtrlID
GetParent
LoadIconW
ReleaseDC
GetDC
SetDlgItemTextW
DestroyWindow
GetDlgItem
SetWindowPos
ShowWindow
GetWindowRect
MsgWaitForMultipleObjects

gdi32

GetBkColor
DeleteObject
SelectObject
DeleteDC
SetTextColor
SetBkMode
GetStockObject
AddFontResourceW
RemoveFontResourceW
CreateSolidBrush
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectW
GetDeviceCaps
Rectangle
MoveToEx
LineTo
GetTextMetricsW
Polyline
CreateEllipticRgn
CreatePen
Ellipse
SetPixel
ExtTextOutW
GetPixel
CreateBitmap
SetBkColor
SetDIBits
CreateFontW
CreateRectRgn
CombineRgn
SelectPalette
RealizePalette
GetDIBits
CreateDCW
StretchBlt

advapi32

StartServiceCtrlDispatcherW
CreateRestrictedToken
AllocateAndInitializeSid
OpenProcessToken
CreateProcessWithLogonW
CreateProcessAsUserW
AdjustTokenPrivileges
SetTokenInformation
LookupPrivilegeValueW
DuplicateTokenEx
GetTokenInformation
StartServiceW
OpenServiceW
CloseServiceHandle
CreateServiceW
OpenSCManagerW
SetSecurityInfo
SetEntriesInAclW
GetSecurityInfo
LookupAccountSidW
RegCloseKey
RegCreateKeyExW
ChangeServiceConfig2W
ChangeServiceConfigW
InitiateSystemShutdownW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExA
SetNamedSecurityInfoW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
LookupAccountNameW
GetUserNameW
RegUnLoadKeyW
RegLoadKeyW
CryptDestroyHash
CryptReleaseContext
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptGetProvParam
CryptEnumProviderTypesW
CheckTokenMembership
RegisterServiceCtrlHandlerW
AbortSystemShutdownW
SetServiceStatus
ControlService
DeleteService
FreeSid

shell32

SHGetSpecialFolderPathW
SHChangeNotify
SHAppBarMessage
SHGetPathFromIDListW
SHBrowseForFolderW
Shell_NotifyIconW
SHFileOperationW
DragAcceptFiles
ShellExecuteExW
SHGetSpecialFolderPathA
DragQueryFileW

oleaut32

OleLoadPicture

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

setupapi

SetupDiClassNameFromGuidA
CM_Get_DevNode_Status
CM_Request_Device_EjectW
CM_Query_And_Remove_SubTreeW
CM_Get_Device_IDW
SetupDiOpenClassRegKey
SetupDiGetDeviceInfoListDetailW
CM_Get_DevNode_Status_Ex
SetupDiEnumDeviceInterfaces
CM_Get_Parent
SetupDiClassGuidsFromNameW
CM_Reenumerate_DevNode
CM_Locate_DevNodeW
SetupDiGetDeviceInterfaceDetailW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstanceIdW
SetupDiClassNameFromGuidW
SetupDiEnumDriverInfoW
SetupDiGetDriverInfoDetailW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiChangeState
SetupDiSetClassInstallParamsW
SetupDiDestroyDeviceInfoList

Exports

Exports

LoadEnvi
MemoryCompare
MemoryCopy
MemorySet
WndProc1
WndProc1_
WndProc2
WndProc2_
WndProc3
WndProc3_
dllMain_Name
main
main1
main5
mainB
mainB_
mainW
main_

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

flag_dat
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 285KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

85144e73f1c4b880c71a9d4f6a7ec288

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

user32

gdi32

advapi32

shell32

oleaut32

version

setupapi

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 118KB - Virtual size: 118KB

.data Size: 10KB - Virtual size: 25KB

.pdata Size: 22KB - Virtual size: 22KB

flag_dat Size: 512B - Virtual size: 24B

.rsrc Size: 285KB - Virtual size: 288KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 118KB - Virtual size: 118KB

.data
Size: 10KB - Virtual size: 25KB

.pdata
Size: 22KB - Virtual size: 22KB

flag_dat
Size: 512B - Virtual size: 24B

.rsrc
Size: 285KB - Virtual size: 288KB