04f8f2eed6d1183d232820ae71ac99c2[.]bin

Sharing

Copy URL Twitter E-mail

General

Target

04f8f2eed6d1183d232820ae71ac99c2.bin
Size

247KB
MD5

e31f640c993e459e158da204b47c0235
SHA1

ee65f56975c91479e1f23a760202190274c3faa4
SHA256

3ae4dc3a246895d9f8d9af9bf967ce40e062f2a9ddb65227f6b9b6508fab0199
SHA512

648780b94fe125923ace7dd569f477cc5a2dd8f078204a6e65f3e68513439b8e94f481baf0f99803ef6714ed466108d692d7caef4312a28c4c5e5023790f1c71
SSDEEP

6144:zJ40DcYIKS2JlDTvr7qykGi6Qoa9GymWk7Gbv:Cv2zvr7qyzifU4v

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/7f124b29d79eda2dba165b27ec4227214d59b543d22410d5be91204acd5188d2.exe	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7f124b29d79eda2dba165b27ec4227214d59b543d22410d5be91204acd5188d2.exe

Files

04f8f2eed6d1183d232820ae71ac99c2.bin
.zip

Password: infected
7f124b29d79eda2dba165b27ec4227214d59b543d22410d5be91204acd5188d2.exe
.exe windows:4 windows x86 arch:x86

Password: infected

60ea83bfc68f51dc29de36df975f2611

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\PasswordFox\Command-Line\PasswordFox.pdb

Imports

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ord17
ImageList_ReplaceIcon

msvcrt

qsort
_wcslwr
_purecall
strftime
_gmtime64
realloc
__dllonexit
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_wtoi64
malloc
wcschr
free
modf
_wtoi
memcmp
_memicmp
wcstoul
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
memcpy
wcscmp
strcmp
strcpy
_itow
memmove
_wcsnicmp
log
strlen
abs
_wcsicmp
wcslen
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3

kernel32

GetStartupInfoW
GetModuleHandleA
LockFile
FlushFileBuffers
UnlockFile
InterlockedCompareExchange
DeleteCriticalSection
GetFileAttributesExW
QueryPerformanceCounter
GetFileAttributesA
LeaveCriticalSection
SetEndOfFile
UnmapViewOfFile
GetSystemInfo
MapViewOfFile
Sleep
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileA
InitializeCriticalSection
GetFullPathNameA
DeleteFileA
GetDiskFreeSpaceW
AreFileApisANSI
GetFullPathNameW
EnterCriticalSection
GetSystemTime
LockFileEx
CompareFileTime
WriteFile
WideCharToMultiByte
FreeLibrary
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetLastError
SetFilePointer
LocalFree
ReadFile
LockResource
GetModuleFileNameW
CreateFileW
MultiByteToWideChar
FindResourceW
LoadResource
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GlobalUnlock
GetTempPathW
LoadLibraryExW
FindNextFileW
GetCurrentProcess
GetFileTime
SizeofResource
FormatMessageW
GlobalLock
FindClose
GetVersionExW
GetDateFormatW
CloseHandle
GetTempFileNameW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GetFileSize
GetTimeFormatW
FindFirstFileW
GetModuleHandleW
GetFileAttributesW
EnumResourceNamesW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ExitProcess
ReadProcessMemory
GetCurrentProcessId
GetCurrentDirectoryW
SetCurrentDirectoryW
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
ExpandEnvironmentStringsW
SetErrorMode
DeleteFileW
EnumResourceTypesW
GetTickCount
UnlockFileEx
GetSystemTimeAsFileTime
GetTempPathA
FormatMessageA

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
DrawTextExW
TranslateMessage
IsDialogMessageW
LoadMenuW
GetWindowTextW
LoadStringW
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
EndDialog
EndPaint
GetDlgItem
InvalidateRect
GetWindow
SetDlgItemInt
DrawFrameControl
BeginPaint
SetWindowTextW
GetClientRect
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadIconW
GetParent
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetCursorPos
SetClipboardData
GetSysColor
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
EnumChildWindows
ReleaseDC
GetClassNameW
OpenClipboard
GetMenuStringW
MoveWindow
CloseClipboard
GetMenuItemCount
CheckMenuItem
ModifyMenuW
GetMenuItemInfoW
DialogBoxParamW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DestroyWindow

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
SelectObject
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 387KB - Virtual size: 387KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

60ea83bfc68f51dc29de36df975f2611

Headers

File Characteristics

PDB Paths

Imports

comctl32

msvcrt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 387KB - Virtual size: 387KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 5KB - Virtual size: 19KB

.rsrc Size: 14KB - Virtual size: 14KB

.text
Size: 387KB - Virtual size: 387KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 5KB - Virtual size: 19KB

.rsrc
Size: 14KB - Virtual size: 14KB