8449e2db479861148bbf6d8097f5ce39e56b5f693d24a085f87386f00259700d

Sharing

Copy URL Twitter E-mail

General

Target

8449e2db479861148bbf6d8097f5ce39e56b5f693d24a085f87386f00259700d
Size

159KB
MD5

afc370184913768ae0b60efbc5ed48e0
SHA1

2879a93a9d087ce6add2397a58be38c3c6302ce9
SHA256

8449e2db479861148bbf6d8097f5ce39e56b5f693d24a085f87386f00259700d
SHA512

310a47cfc01f455fe419449fe8de606f343f45995409770169613f117f513fbe0dd762a9a9accb87395d9db39e7c00898c064a7232ba1d2765e9cad5f149cbc2
SSDEEP

3072:IUEspDxxV8UD7Juawpal/qC7gBUPx3jCbpV+vvZ+c5ZPShWLAY4dwnudWAgSFU:hlh5sUPx3uChzZjRlnyyd

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8449e2db479861148bbf6d8097f5ce39e56b5f693d24a085f87386f00259700d

Files

8449e2db479861148bbf6d8097f5ce39e56b5f693d24a085f87386f00259700d
.exe windows:4 windows x86 arch:x86

85c752489ddb839ec124843b9366f587

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\AppReadWriteCounter\Release\AppReadWriteCounter.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__commode
_onexit
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
wcscmp
free
wcschr
__p__fmode
__set_app_type
_controlfp
_except_handler3
_c_exit
_memicmp
modf
_wtoi
wcstoul
wcsrchr
malloc
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
memcmp
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ImageList_ReplaceIcon
ord17
ImageList_Add
ImageList_Create
ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

Process32NextW
Process32FirstW
ReadProcessMemory
ExitProcess
GetCurrentProcessId
SetErrorMode
ExpandEnvironmentStringsW
DeleteFileW
Sleep
CreateToolhelp32Snapshot
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
GlobalLock
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetSystemTimeAsFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
SizeofResource
GetFileSize
FormatMessageW
GetVersionExW
GetTickCount
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
WriteFile
FindResourceW
ReadFile
GetModuleFileNameW
LoadResource
GetNumberFormatW
CreateFileW
LockResource
LocalFree
GlobalAlloc
LoadLibraryExW
lstrlenW
lstrcpyW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
GetCurrentProcess
GetLocaleInfoW
GetLastError
GetTempFileNameW
WritePrivateProfileStringW

user32

SetForegroundWindow
KillTimer
GetKeyState
BeginDeferWindowPos
EndDeferWindowPos
DrawTextExW
TranslateMessage
SetCursor
ReleaseDC
LoadCursorW
GetSysColorBrush
IsDialogMessageW
ChildWindowFromPoint
GetDC
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
DefWindowProcW
PostMessageW
RegisterClassW
TranslateAcceleratorW
MessageBoxW
SetMenu
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
DestroyIcon
SetFocus
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CheckMenuRadioItem
SetClipboardData
CloseClipboard
EnableWindow
GetCursorPos
MapWindowPoints
GetParent
GetMenu
GetSubMenu
EmptyClipboard
EnableMenuItem
GetClassNameW
MoveWindow
OpenClipboard
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
SetTimer
DispatchMessageW
ShowWindow

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

GetTokenInformation
OpenProcessToken

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

85c752489ddb839ec124843b9366f587

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 46KB - Virtual size: 45KB

.rdata Size: 11KB - Virtual size: 11KB

.data Size: 1024B - Virtual size: 5KB

.rsrc Size: 88KB - Virtual size: 92KB

.text
Size: 46KB - Virtual size: 45KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 1024B - Virtual size: 5KB

.rsrc
Size: 88KB - Virtual size: 92KB