2d7e1e9431940101661a72d7eee6efa0N

Sharing

Copy URL Twitter E-mail

General

Target

2d7e1e9431940101661a72d7eee6efa0N
Size

121KB
MD5

2d7e1e9431940101661a72d7eee6efa0
SHA1

c1d6ddee54ef6a4b9e904aeb28e551be05ba3b0b
SHA256

abbc0a863f3b89719b26e19d5ab783f2e3197fe0a18c098164ba4913a7c08ee9
SHA512

00484f84cb802e3ee0f20556b0585536f65e0d5a5ae201611dc92ff11358436f99139dba09c6e8ac687889d031c9e5429f4e981139a9531d6fe2a97a6f8e17b0
SSDEEP

3072:MpZv0rmmIt9nk557JfbvrIyocdt1GI++DkIJ+WbVh:O0ymIt9kNbzdoejG1+u8

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
2d7e1e9431940101661a72d7eee6efa0N

Files

2d7e1e9431940101661a72d7eee6efa0N
.exe windows:4 windows x86 arch:x86

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\VNCPassView\Release\VNCPassView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_purecall
_mbslwr
strtoul
_mbschr
_memicmp
_mbscmp
__set_app_type
_controlfp
_c_exit
_except_handler3
malloc
_mbsicmp
memset
free
modf
_mbsrchr
memcmp
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_itoa
strcpy
strcat
_mbsnbcat
_snprintf

comctl32

ImageList_Create
ImageList_SetImageCount
CreateToolbarEx
ord6
ImageList_AddMasked
ord17
ImageList_ReplaceIcon

kernel32

GetCurrentProcess
ExitProcess
ReadProcessMemory
GetCurrentProcessId
DeleteFileA
SetErrorMode
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA
GetPrivateProfileStringA
OpenProcess
EnumResourceTypesA
GetStartupInfoA
GetWindowsDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
WriteFile
GetTempFileNameA
ReadFile
GlobalAlloc
GetVersionExA
CreateFileA
GlobalLock
GetFileSize
CloseHandle
LockResource
FindResourceA
GetTempPathA
SizeofResource
GlobalUnlock
LocalFree
GetModuleFileNameA
GetFileAttributesA
GetLastError
GetModuleHandleA
LoadLibraryExA
FormatMessageA
LoadResource

user32

PostQuitMessage
TrackPopupMenu
EndDeferWindowPos
RegisterWindowMessageA
GetSysColorBrush
LoadCursorA
ShowWindow
ChildWindowFromPoint
SetCursor
SetDlgItemTextA
SendDlgItemMessageA
GetDlgItemInt
SetWindowTextA
SetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
DefWindowProcA
RegisterClassA
TranslateAcceleratorA
GetWindowRect
MessageBoxA
UpdateWindow
GetWindowPlacement
GetSystemMetrics
PostMessageA
SendMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
LoadImageA
LoadIconA
GetWindowLongA
SetWindowLongA
SetFocus
InvalidateRect
GetSysColor
OpenClipboard
MoveWindow
GetMenu
EmptyClipboard
GetClassNameA
EnableMenuItem
CloseClipboard
CheckMenuItem
ReleaseDC
GetDC
GetMenuItemCount
GetSubMenu
SetClipboardData
GetMenuStringA
EnableWindow
MapWindowPoints
GetCursorPos
GetClientRect
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
GetParent
LoadStringA
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
GetWindowTextA
DestroyMenu
DestroyWindow
BeginDeferWindowPos
TranslateMessage
GetMessageA
IsDialogMessageA
DeferWindowPos
DispatchMessageA
DrawTextExA

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
SelectObject
GetDeviceCaps
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectA

comdlg32

GetSaveFileNameA

advapi32

RegDeleteKeyA
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.text
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 77KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

14ccc05e3f89d437c608fcb108c4d108

Headers

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 32KB - Virtual size: 31KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 3KB - Virtual size: 5KB

.rsrc Size: 77KB - Virtual size: 80KB

.text
Size: 32KB - Virtual size: 31KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 77KB - Virtual size: 80KB