c:\Projects\VS2005\FileTypesMan\x64\Release\FileTypesMan.pdb
Static task
static1
2 signatures
General
-
Target
FileTypesMan.exe
-
Size
167KB
-
MD5
2bbda0a5ed77a22f4aa4e7f0d9b29bb2
-
SHA1
83d6e3e6f3e2d7c606d4e0ff121a63efc385f23a
-
SHA256
813e89e6b52cde6f9dd2ab2d65e13f4d9934c2021ea18a40cd07dff75cd5df5b
-
SHA512
c1429fc2a0a9e4e156e69f4fa29a30e45131cdb408469f5c3cc08a368f9da14cc0e9fcd0d17025cee3c4d2edafe78e1c1effbe92da611fc6b79b3f809f77eec3
-
SSDEEP
3072:lDPupAeE7lRz5BDaJZxFAty/y7e4htrkf3h1+fSV90gQ4T:9TpaJZrC65h1+Kj
Score
9/10
Malware Config
Signatures
-
Detected Nirsoft tools 1 IoCs
Free utilities often used by attackers which can steal passwords, product keys, etc.
resource yara_rule sample Nirsoft -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource FileTypesMan.exe
Files
-
FileTypesMan.exe.exe windows:4 windows x64 arch:x64
d7d08887152084de283f050b69f6a821
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
msvcrt
__wgetmainargs
_wcmdln
exit
_cexit
_initterm
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__setusermatherr
_commode
_fmode
__set_app_type
_exit
__dllonexit
strlen
qsort
_wcslwr
_itow
memmove
malloc
_memicmp
free
modf
memcmp
wcstoul
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wcsicmp
wcsrchr
wcschr
wcscmp
_wtoi
_purecall
wcscpy
memset
wcsncat
wcscat
_snwprintf
comctl32
ImageList_Create
ImageList_AddMasked
ImageList_SetImageCount
ImageList_ReplaceIcon
CreateToolbarEx
CreateStatusWindowW
ord17
version
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
ws2_32
WSASetLastError
closesocket
connect
send
socket
WSAAsyncGetHostByName
inet_addr
htonl
WSAGetLastError
htons
WSACleanup
WSAStartup
bind
WSAAsyncSelect
kernel32
GetTimeFormatW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStartupInfoW
EnumResourceTypesW
Sleep
WinExec
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
OpenProcess
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
ExitProcess
DeleteFileW
SetErrorMode
GetStdHandle
WideCharToMultiByte
FreeLibrary
GetProcAddress
CompareFileTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
LoadLibraryW
FileTimeToSystemTime
GetModuleHandleW
LoadLibraryExW
GetFileAttributesW
WriteFile
ReadFile
GetModuleFileNameW
CloseHandle
CreateFileW
GetWindowsDirectoryW
FindResourceW
GlobalAlloc
LoadResource
LocalFree
GetSystemDirectoryW
lstrlenW
lstrcpyW
LockResource
GlobalUnlock
GetTempPathW
SizeofResource
GetDateFormatW
GlobalLock
GetLastError
GetTempFileNameW
FormatMessageW
GetFileSize
GetVersionExW
GetPrivateProfileStringW
user32
PostQuitMessage
IsDialogMessageW
TranslateMessage
DrawTextExW
InsertMenuW
RemoveMenu
GetFocus
GetKeyState
EnumWindows
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
SetCapture
FillRect
ReleaseCapture
GetMessageW
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetCursor
SetWindowTextW
BeginPaint
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
SetDlgItemInt
DrawFrameControl
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
UpdateWindow
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadImageW
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetSysColor
LoadStringW
ScreenToClient
SetClipboardData
EnableWindow
CloseClipboard
MapWindowPoints
GetMenu
GetParent
EmptyClipboard
EnableMenuItem
GetDC
ReleaseDC
GetClassNameW
GetSubMenu
OpenClipboard
InsertMenuItemW
MoveWindow
GetMenuItemCount
CheckMenuItem
GetMenuStringW
GetCursorPos
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
GetWindowTextW
LoadMenuW
CreatePopupMenu
LoadIconW
SetMenuItemInfoW
DestroyIcon
GetClipboardData
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
gdi32
CreateFontIndirectW
GetStockObject
GetTextExtentPoint32W
PatBlt
CreateSolidBrush
SelectObject
GetDeviceCaps
SetBkColor
SetBkMode
DeleteObject
SetTextColor
comdlg32
FindTextW
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW
advapi32
RegGetKeySecurity
RegOpenKeyW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
CloseServiceHandle
RevertToSelf
ImpersonateLoggedOnUser
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegQueryValueExW
RegCreateKeyExW
RegCloseKey
shell32
ShellExecuteW
ExtractIconExW
SHGetFileInfoW
SHChangeNotify
Sections
.text Size: 109KB - Virtual size: 108KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 25KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ