e7460f2641294665c9429d676bab5b51d0b18ce4303cf0eb27720cd29327c5a9

Sharing

Copy URL Twitter E-mail

General

Target

e7460f2641294665c9429d676bab5b51d0b18ce4303cf0eb27720cd29327c5a9
Size

203KB
MD5

c53486f453d4dff4d5cbd9a9d8d86b56
SHA1

cb08a5f9851f99f24d0fb75336ced4e08ceea153
SHA256

e7460f2641294665c9429d676bab5b51d0b18ce4303cf0eb27720cd29327c5a9
SHA512

ceb155c63a21eb1516e3654517476f65ba165f8be7686562af136c4093f4726321d5266e68fae8cf4f185adbc0a28370080a6f6eadee87bbf04c07b7d1c526de
SSDEEP

3072:H3oVt23UGEwSd+6zILjko6WA0wC4lTMMMui/AdITFIEu/qCTezujXsa9jM3A5DWn:7vR60cosOcMMMPT+h/qCTezujR9jEA8n

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
e7460f2641294665c9429d676bab5b51d0b18ce4303cf0eb27720cd29327c5a9

Files

e7460f2641294665c9429d676bab5b51d0b18ce4303cf0eb27720cd29327c5a9
.exe windows:4 windows x86 arch:x86

d72f6373106bb16b0c2788e5b5c07392

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\WebCookiesSniffer\release\WebCookiesSniffer.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
_purecall
_wcslwr
__p__fmode
_itow
sprintf
strlen
malloc
_ultow
wcscmp
free
modf
_memicmp
wcstoul
wcsrchr
_wcsicmp
strtoul
_wtoi
strcpy
__set_app_type
_except_handler3
qsort
_controlfp
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcschr
wcscpy
memset
strcmp
_stricmp
wcsncat
wcscat
_snwprintf

comctl32

CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Create
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

setsockopt
recv
bind
socket
WSAAsyncSelect
WSAStartup
WSACleanup
inet_ntoa
inet_addr
htons
closesocket
WSAIoctl

kernel32

GetCurrentThreadId
WaitForSingleObject
CreateThread
EnumResourceTypesW
lstrlenW
OpenProcess
GetCurrentDirectoryW
SetCurrentDirectoryW
GetModuleHandleA
GetStartupInfoW
GetSystemDirectoryW
lstrcpyW
GlobalFree
GetCurrentProcess
ExitProcess
GetCurrentProcessId
ReadProcessMemory
SetErrorMode
GetStdHandle
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
WritePrivateProfileStringW
GetFileAttributesW
GetFileSize
GetVersionExW
GetTempFileNameW
FormatMessageW
GlobalLock
SizeofResource
GetLocaleInfoW
GetTempPathW
GlobalUnlock
WideCharToMultiByte
FileTimeToSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
FreeLibrary
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateFileMappingW
GetTickCount
CloseHandle
CreateFileW
DeleteFileW
SetFilePointer
GetLastError
MapViewOfFile
UnmapViewOfFile
GetWindowsDirectoryW
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
LockResource
FindResourceW
LocalFree
MultiByteToWideChar
LoadResource
GlobalAlloc
LoadLibraryExW

user32

SetForegroundWindow
ReleaseCapture
FillRect
SetCapture
PeekMessageW
KillTimer
DispatchMessageW
GetFocus
SetTimer
DrawTextExW
GetMessageW
BeginDeferWindowPos
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
TranslateMessage
IsDialogMessageW
EndDeferWindowPos
LoadMenuW
GetWindowTextW
GetDesktopWindow
DestroyWindow
LoadStringW
EnumChildWindows
CreateDialogParamW
DialogBoxParamW
DestroyMenu
GetDlgCtrlID
GetMenuItemInfoW
ModifyMenuW
GetCursorPos
CloseClipboard
ScreenToClient
ChildWindowFromPoint
GetSysColorBrush
ShowWindow
LoadCursorW
SetCursor
InvalidateRect
SetWindowTextW
SetDlgItemInt
UpdateWindow
BeginPaint
SetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
EndPaint
GetWindowPlacement
LoadAcceleratorsW
PostMessageW
DefWindowProcW
SendMessageW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
SetMenu
SetWindowPos
LoadImageW
LoadIconW
GetWindowLongW
SetFocus
GetSysColor
SetClipboardData
GetParent
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
CheckMenuItem
OpenClipboard
MoveWindow
GetMenuStringW
GetMenuItemCount
GetClassNameW

gdi32

GetTextExtentPoint32W
GetStockObject
GetDeviceCaps
PatBlt
CreateSolidBrush
SelectObject
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW
FindTextW

advapi32

RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegQueryInfoKeyW
RegQueryValueExW

shell32

Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 9KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d72f6373106bb16b0c2788e5b5c07392

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

ws2_32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 71KB - Virtual size: 70KB

.rdata Size: 17KB - Virtual size: 17KB

.data Size: 9KB - Virtual size: 74KB

.rsrc Size: 93KB - Virtual size: 96KB

.text
Size: 71KB - Virtual size: 70KB

.rdata
Size: 17KB - Virtual size: 17KB

.data
Size: 9KB - Virtual size: 74KB

.rsrc
Size: 93KB - Virtual size: 96KB