b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4N

Sharing

Copy URL

Twitter E-mail

General

Target

b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4N
Size

580KB
MD5

1182aabb11f0c7f51dc8b1ce421ded30
SHA1

7458831466719feacc70fea3c40a8f4e54bff520
SHA256

b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4
SHA512

698cc4fe76c1691e3ab06a1307f7597233b7d48d285d83269480f71067e2dd38a6d645c29efdc0ce9cfa9ca7c4e59ff7b11d4746eb0bbd79eb316a1a90bea338
SSDEEP

12288:BxhJ10GoRCjAK+NbAItxNQlZLujv54pkCiAX:BDTxPSAExNpjvj2X

Score

9^/10

Malware Config

Signatures

Detected Nirsoft tools 1 IoCs

Free utilities often used by attackers which can steal passwords, product keys, etc.

resource	yara_rule
sample	Nirsoft

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4N

Files

b3a0c9616e22a36294fa06345772aeff116f2655c79ab29bf5f474aed7e1d1f4N
.dll windows:6 windows x86 arch:x86

d2c54add4e6bc8d67dd4c4ba10952007

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadConsoleW
SetStdHandle
OutputDebugStringW
WriteConsoleW
LoadLibraryExW
SetFilePointerEx
ReadFile
GetConsoleCP
FlushFileBuffers
HeapReAlloc
GetOEMCP
GetACP
IsValidCodePage
WriteFileGather
CloseHandle
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualAlloc
GetProcAddress
LoadLibraryA
VirtualAllocExNuma
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetNativeSystemInfo
VirtualFree
VirtualProtect
VirtualQuery
FreeLibrary
IsBadReadPtr
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
EncodePointer
DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
GetConsoleMode
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GetCommandLineA
GetCurrentThreadId
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
GetStartupInfoW
GetModuleHandleW
IsProcessorFeaturePresent
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleExW
HeapSize
IsDebuggerPresent
CreateFileW
GetStdHandle
WriteFile
GetModuleFileNameW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter

user32

MessageBoxA
ShowWindow

Exports

Exports

RunDLL

Sections

.text
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d2c54add4e6bc8d67dd4c4ba10952007

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 108KB - Virtual size: 108KB

.rdata Size: 34KB - Virtual size: 34KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 118KB - Virtual size: 117KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 108KB - Virtual size: 108KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 118KB - Virtual size: 117KB

.reloc
Size: 7KB - Virtual size: 6KB