SecuriteInfo[.]com[.]FileRepPup[.]14413[.]21024[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

SecuriteInfo.com.FileRepPup.14413.21024.exe
Size

446KB
MD5

04f8f2eed6d1183d232820ae71ac99c2
SHA1

a7f5c588b989b89ea364c31a1c76831decea0806
SHA256

7f124b29d79eda2dba165b27ec4227214d59b543d22410d5be91204acd5188d2
SHA512

88b0e2370c27d7f37eef845df30e14589c4492fc15300f4628224cfd8c6a8568a017a8b23eb448ef600ea5630ad5d81a2b3aed5553912ac82309c33093db022c
SSDEEP

12288:9tx+BUrP9xatV09r9DgCbolBDizSTojOgINAgY:9tMvV0PpolBBToCNAgY

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
SecuriteInfo.com.FileRepPup.14413.21024.exe

Files

SecuriteInfo.com.FileRepPup.14413.21024.exe
.exe windows:4 windows x86 arch:x86

60ea83bfc68f51dc29de36df975f2611

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\PasswordFox\Command-Line\PasswordFox.pdb

Imports

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

msvcrt

qsort
_wcslwr
_purecall
strftime
_gmtime64
realloc
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_wtoi64
malloc
wcschr
free
modf
_wtoi
memcmp
_memicmp
wcstoul
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcscmp
strcmp
strcpy
_itow
memmove
_wcsnicmp
log
strlen
abs
_wcsicmp
wcslen
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

kernel32

GetStartupInfoW
GetModuleHandleA
LockFile
FlushFileBuffers
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
Sleep
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileA
InitializeCriticalSection
GetFullPathNameA
DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
GetFullPathNameW
EnterCriticalSection
GetSystemTime
LockFileEx
CompareFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetLastError
SetFilePointer
LocalFree
ReadFile
LockResource
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
FindResourceW
LoadResource
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
GetTempPathW
LoadLibraryExW
FindNextFileW
GetCurrentProcess
GetFileTime
SizeofResource
FormatMessageW
GlobalLock
FindClose
GetVersionExW
GetDateFormatW
CloseHandle
GetTempFileNameW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileSize
GetTimeFormatW
FindFirstFileW
GetModuleHandleW
GetFileAttributesW
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ExitProcess
ReadProcessMemory
GetCurrentProcessId
GetCurrentDirectoryW
SetCurrentDirectoryW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ExpandEnvironmentStringsW
SetErrorMode
DeleteFileW
EnumResourceTypesW
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
GetTempPathA
FormatMessageA

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
LoadMenuW
GetWindowTextW
LoadStringW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadIconW
GetParent
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetCursorPos
SetClipboardData
GetSysColor
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
EnumChildWindows
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuItem
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DestroyWindow

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

60ea83bfc68f51dc29de36df975f2611

Headers

File Characteristics

PDB Paths

Imports

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 14KB - Virtual size: 14KB