winprefetchview-x64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

winprefetchview-x64.zip
Size

67KB
MD5

ad62076fa68c147aaf7df16766fc4b5c
SHA1

ee48cdf413748fd3f3a2425354c10cc4a92275e4
SHA256

a266a6750ab1b3078168b9b306befa9ad5a3069340e87fe0de609f417f0f1f18
SHA512

50d04884cb39e0e5e2924f90bd862fb958380ca8ad997fc6d957b927bdfcb4f2fe16d923c94c3446d9b264590151ec55439f5b73594b12cdb588253a08114a3d
SSDEEP

1536:lGu0FpztnYmqbnYXKBDr2XCK8V4m+irFJoqSoXN1uUN:sui1qbnYXvX0d+iB5SAPL

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
static1/unpack001/WinPrefetchView.exe	Nirsoft

Files

winprefetchview-x64.zip
.zip
WinPrefetchView.chm
.chm
WinPrefetchView.exe
.exe windows:4 windows x64 arch:x64

89421e1903928ddf253a9167e7b060ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/09/2019, 00:00

Not After

09/09/2023, 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99
Signer

Actual PE Digest

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\Projects\VS2005\WinPrefetchView\x64\Release\WinPrefetchView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__setusermatherr
_onexit
__dllonexit
strlen
qsort
_wcslwr
wcstoul
wcsrchr
wcscmp
_ultow
_memicmp
_commode
_fmode
__set_app_type
__C_specific_handler
malloc
_wcsicmp
free
modf
wcschr
memcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_itow
_wcsnicmp
_purecall
_wtoi
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ord17
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetDriveTypeW
GetVolumeInformationW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDrives
GetCurrentProcessId
ExitProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GlobalAlloc
ReadProcessMemory
GetCurrentProcess
SetErrorMode
GlobalFree
CompareFileTime
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToTzSpecificLocalTime
CreateFileW
LoadLibraryExW
CloseHandle
GetSystemDirectoryW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
lstrlenW
LocalFree
GetNumberFormatW
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetLocaleInfoW
GetTempPathW
GlobalLock
GetFileSize
SizeofResource
FormatMessageW
FindFirstFileW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
FindNextFileW
GetFileAttributesW
FindClose
WriteFile
FindResourceW
ReadFile
LoadResource
GetModuleFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
DeleteFileW

user32

FillRect
SetCapture
ReleaseCapture
RegisterClipboardFormatW
DrawTextExW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
DispatchMessageW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CloseClipboard
GetMenu
GetParent
EmptyClipboard
MoveWindow
EnableMenuItem
GetDC
OpenClipboard
ReleaseDC
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetSysColor
GetMenuStringW
ScreenToClient
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
LoadIconW
DestroyIcon
GetFocus
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
SetDlgItemInt

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
PatBlt
SelectObject
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
readme.txt

Sharing

General

Malware Config

Signatures

Files

89421e1903928ddf253a9167e7b060ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

shell32

ole32

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1024B - Virtual size: 61KB

.pdata Size: 3KB - Virtual size: 2KB

.rsrc Size: 18KB - Virtual size: 18KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1024B - Virtual size: 61KB

.pdata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 18KB - Virtual size: 18KB