DevManView[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

DevManView.exe
Size

170KB
MD5

7bee8d68caa05ef708e2416eadfdf6a9
SHA1

19e0dd8f252de8e8a67f17e352c1c537ee95d40e
SHA256

269f9c9a117508eb62b1e5c4f0aa5ab75307a36fadefca3dacd39c1c9bb56343
SHA512

d141b26a38b28ad40099b3d25d26e6cbfe18d29a87a0082ef33055adddb26520d0d23035e84a213bf4e6faa6a676f70209692bb89fba3fce84623d63e2124873
SSDEEP

3072:LT24zn7hjIVoXK+XPw7nkTJ+KkOVPlVBJ8HSi+Xv84:h76M7XPS6PlVZfV

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Files

DevManView.exe
.exe windows:4 windows x64 arch:x64

61a3748aff34d5baf30cf571c2d310e9

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:89:ae:bc:d6:cb:c5:4b:04:31:4f:50:af:8a:42:36:51:51:79:6f:48:61:9e:52:b9:d5:ba:36:e2:8d:e7:b6
Signer

Actual PE Digest

36:89:ae:bc:d6:cb:c5:4b:04:31:4f:50:af:8a:42:36:51:51:79:6f:48:61:9e:52:b9:d5:ba:36:e2:8d:e7:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\Projects\VS2005\DevManView\x64\Release\DevManView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
__setusermatherr
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_commode
_fmode
__set_app_type
_wcmdln
_onexit
__dllonexit
_wcslwr
strlen
qsort
memmove
_memicmp
free
modf
memcmp
wcstoul
towupper
wcscmp
_ultow
malloc
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
_itow
wcschr
wcsrchr
_wcsnicmp
_purecall
_wtoi
wcslen
_wcsicmp
memcpy
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Create
ord17
ImageList_SetOverlayImage
ImageList_ReplaceIcon
ImageList_Add

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetStartupInfoW
EnumResourceTypesW
SetEnvironmentVariableW
GetProcAddress
FreeLibrary
GetModuleFileNameW
LoadLibraryExW
CompareFileTime
GetLastError
GetModuleHandleW
LoadLibraryW
FileTimeToSystemTime
SystemTimeToFileTime
OpenProcess
ExpandEnvironmentStringsW
CloseHandle
GetDriveTypeW
GetLogicalDrives
GetTickCount
CreateFileW
QueryDosDeviceW
DeviceIoControl
GetFileSize
FormatMessageW
GetVersionExW
GetTimeFormatW
GetFileAttributesW
WriteFile
ReadFile
GetWindowsDirectoryW
FindResourceW
FileTimeToLocalFileTime
LoadResource
SystemTimeToTzSpecificLocalTime
GlobalAlloc
LocalFree
GetSystemDirectoryW
lstrlenW
LockResource
lstrcpyW
WideCharToMultiByte
GlobalUnlock
GetTempPathW
GetDateFormatW
GetTempFileNameW
GlobalLock
SizeofResource
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
CreateProcessW
DeleteFileW
Sleep
ExitProcess
GetCurrentProcessId
GetCurrentProcess
ReadProcessMemory
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
GetCurrentThreadId

user32

ChildWindowFromPoint
GetWindow
EndPaint
DrawFrameControl
SetWindowTextW
GetWindowPlacement
UpdateWindow
SetDlgItemInt
ShowWindow
GetDlgItemTextW
BeginPaint
GetSystemMetrics
GetClientRect
DeferWindowPos
CreateWindowExW
SetWindowPos
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
SetWindowPlacement
SetMenu
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
LoadImageW
DestroyIcon
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
GetParent
KillTimer
SetTimer
EndDeferWindowPos
BeginDeferWindowPos
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetSysColorBrush
SetClipboardData
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetSubMenu
GetClassNameW
OpenClipboard
MoveWindow
InsertMenuItemW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
GetKeyState
CreatePopupMenu
SetMenuItemInfoW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
GetMessageW
TranslateMessage
InsertMenuW
DrawTextExW
RemoveMenu
DeleteMenu
DispatchMessageW
MonitorFromWindow
GetMonitorInfoW
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
EnumWindows
LoadCursorW
SetCursor
ReleaseDC
GetDC
GetCursorPos
SetDlgItemTextW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
SetBkColor
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
GetPixel
GetDeviceCaps
SetBkMode
SetTextColor
DeleteObject
GetObjectW
SelectObject
SetPixel
DeleteDC
GetStockObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW
GetOpenFileNameW

advapi32

StartServiceW
ControlService
CloseServiceHandle
OpenSCManagerW
QueryServiceStatus
OpenServiceW
ChangeServiceConfigW
RegLoadKeyW
RegCloseKey
RegUnLoadKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
GetTokenInformation
OpenProcessToken
RegSetKeySecurity
RegConnectRegistryW
RegGetKeySecurity

shell32

ExtractIconExW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHGetFileInfoW

ole32

CoUninitialize
CoInitialize
CoCreateInstance

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

61a3748aff34d5baf30cf571c2d310e9

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

36:89:ae:bc:d6:cb:c5:4b:04:31:4f:50:af:8a:42:36:51:51:79:6f:48:61:9e:52:b9:d5:ba:36:e2:8d:e7:b6Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 20KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

36:89:ae:bc:d6:cb:c5:4b:04:31:4f:50:af:8a:42:36:51:51:79:6f:48:61:9e:52:b9:d5:ba:36:e2:8d:e7:b6
Signer

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 20KB