348ba4c56ed53aff9c0b72a8c6898865b05f25db33bc5c4b4f06fb3973a2f421[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

348ba4c56ed53aff9c0b72a8c6898865b05f25db33bc5c4b4f06fb3973a2f421.exe
Size

459KB
MD5

80852c7c0f8b233c14728a2ab7af1027
SHA1

042e9a53e1f53d6fdab327f467d71db02673e6b8
SHA256

348ba4c56ed53aff9c0b72a8c6898865b05f25db33bc5c4b4f06fb3973a2f421
SHA512

17d73231978f882e6c1662bca79ea3c1fbb84ca8de86e4f35739097dea8fd2cdb9056dec4774d79e8a352c25c3096a784f4709e402b89c442a534ebf2b65c02b
SSDEEP

12288:/38LUKZp2WDqHIbwMUUjLZUJtUp23vqmkg:/OTp2CqHczjlUJtUp23vt

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

NirSoft WebBrowserPassView 1 IoCs

Password recovery tool for various web browsers

resource	yara_rule
sample	WebBrowserPassView

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
348ba4c56ed53aff9c0b72a8c6898865b05f25db33bc5c4b4f06fb3973a2f421.exe

Files

348ba4c56ed53aff9c0b72a8c6898865b05f25db33bc5c4b4f06fb3973a2f421.exe
.exe windows:4 windows x86 arch:x86

53d7a472d17725cd3f06b8ab4297b1ea

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

comctl32

ImageList_Add
CreateStatusWindowW
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Create
ord17
ImageList_ReplaceIcon
CreateToolbarEx

wininet

FindNextUrlCacheEntryW
FindCloseUrlCache
FindFirstUrlCacheEntryW

kernel32

ReadFile
GetModuleFileNameW
lstrlenW
FindResourceW
GlobalUnlock
LoadResource
GetTempPathW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
LoadLibraryExW
GetSystemDirectoryW
FindNextFileW
GetFileTime
SizeofResource
FindClose
FormatMessageW
GlobalLock
GetWindowsDirectoryW
GetVersionExW
GetDateFormatW
DuplicateHandle
GetCurrentProcessId
OpenProcess
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetCurrentProcess
GetPrivateProfileStringW
WritePrivateProfileStringW
SetFilePointer
EnumResourceNamesW
GetStdHandle
ExitProcess
ReadProcessMemory
GetSystemTimeAsFileTime
Process32NextW
CreateToolhelp32Snapshot
Process32FirstW
EnumResourceTypesW
GetFullPathNameW
InitializeCriticalSection
GetFullPathNameA
CreateFileA
GetDiskFreeSpaceA
Sleep
GetSystemInfo
LeaveCriticalSection
SetEndOfFile
GetFileAttributesA
QueryPerformanceCounter
GetFileAttributesExW
DeleteCriticalSection
InterlockedCompareExchange
FlushFileBuffers
UnlockFile
LockFile
UnlockFileEx
GetTempPathA
FormatMessageA
LockFileEx
GetSystemTime
EnterCriticalSection
AreFileApisANSI
GetDiskFreeSpaceW
DeleteFileA
LockResource
GetModuleHandleA
GetStartupInfoW
GetFileAttributesW
FindFirstFileW
lstrcpyW
GetTimeFormatW
GetTempFileNameW
SetFilePointerEx
GetTickCount
GetModuleHandleW
FileTimeToSystemTime
LoadLibraryW
GetProcAddress
GetLastError
FreeLibrary
CompareFileTime
WideCharToMultiByte
WriteFile
GetFileSize
MultiByteToWideChar
CreateFileW
CopyFileW
LocalFree
DeleteFileW
FileTimeToLocalFileTime
CloseHandle
SetErrorMode
SystemTimeToFileTime
GetPrivateProfileIntW

user32

BeginDeferWindowPos
EndDeferWindowPos
KillTimer
GetMenuItemCount
CheckMenuRadioItem
CheckMenuItem
GetCursorPos
SetClipboardData
GetSubMenu
GetMenu
EnableWindow
MapWindowPoints
EmptyClipboard
EnableMenuItem
GetClassNameW
GetMenuStringW
OpenClipboard
CloseClipboard
MoveWindow
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
DrawTextExW
GetMessageW
DispatchMessageW
TranslateMessage
GetKeyState
MonitorFromWindow
GetMonitorInfoW
GetParent
SetFocus
GetWindowLongW
GetSysColor
LoadIconW
LoadImageW
SetMenu
SetWindowPlacement
TranslateAcceleratorW
MessageBoxW
RegisterClassW
PostMessageW
SendMessageW
DefWindowProcW
LoadAcceleratorsW
CreateWindowExW
DeferWindowPos
GetSystemMetrics
GetClientRect
BeginPaint
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemInt
UpdateWindow
GetWindowPlacement
SetWindowTextW
DrawFrameControl
InvalidateRect
GetWindow
EndPaint
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
GetDlgItemInt
GetWindowRect
ChildWindowFromPoint
LoadCursorW
SetCursor
ShowWindow
ReleaseDC
GetSysColorBrush
GetDC
SetWindowPos
SetTimer

gdi32

GetObjectW
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleBitmap
SetStretchBltMode
CreateFontIndirectW
StretchBlt
DeleteDC
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor

comdlg32

GetSaveFileNameW
FindTextW
GetOpenFileNameW

advapi32

RegSetValueExW
RegCloseKey
RegEnumValueW
RegDeleteValueW
RegQueryValueExW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetMalloc
SHGetFileInfoW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoTaskMemFree
CoUninitialize
CoInitialize
CoCreateGuid

msvcrt

memset
memcpy
_except_handler3
_controlfp
wcsrchr
_snwprintf
wcsncat
_wtoi
wcschr
_wcsicmp
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
_wtoi64
_memicmp
wcstoul
modf
free
malloc
memmove
wcsncmp
_wcsupr
_strlwr
strchr
_wcslwr
_itow
_gmtime64
realloc
strftime
memchr
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_CIlog

Sections

.text
Size: 374KB - Virtual size: 373KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

53d7a472d17725cd3f06b8ab4297b1ea

Headers

File Characteristics

Imports

version

comctl32

wininet

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

msvcrt

Sections

.text Size: 374KB - Virtual size: 373KB

.rdata Size: 44KB - Virtual size: 43KB

.data Size: 5KB - Virtual size: 101KB

.rsrc Size: 34KB - Virtual size: 34KB

.text
Size: 374KB - Virtual size: 373KB

.rdata
Size: 44KB - Virtual size: 43KB

.data
Size: 5KB - Virtual size: 101KB

.rsrc
Size: 34KB - Virtual size: 34KB