Static Analysis

PE Compile Time

2013-06-04 08:42:23

PE Imphash

e8e771a6af2684c43e1bb25b455085f1

PEiD Signatures

UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
UPX0 0x00001000 0x0000d000 0x00000000 0.0
UPX1 0x0000e000 0x00009000 0x00008400 7.87557843845
.rsrc 0x00017000 0x00002000 0x00001800 3.87331943462

Resources

Name Offset Size Language Sub-language File type
RT_CURSOR 0x000125c8 0x00000134 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_BITMAP 0x00012bbc 0x000000d8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_BITMAP 0x00012bbc 0x000000d8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_BITMAP 0x00012bbc 0x000000d8 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ICON 0x00017e78 0x00000128 LANG_HEBREW SUBLANG_DEFAULT Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_ICON 0x00017e78 0x00000128 LANG_HEBREW SUBLANG_DEFAULT Device independent bitmap graphic, 16 x 32 x 4, image size 192
RT_MENU 0x0001397c 0x000001c4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MENU 0x0001397c 0x000001c4 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00014174 0x00000336 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00014174 0x00000336 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00014174 0x00000336 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00014174 0x00000336 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_DIALOG 0x00014174 0x00000336 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00014860 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00014860 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00014860 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00014860 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00014860 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_STRING 0x00014860 0x00000068 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_ACCELERATOR 0x000148c8 0x00000048 LANG_HEBREW SUBLANG_DEFAULT data
RT_GROUP_CURSOR 0x00014910 0x00000014 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_GROUP_ICON 0x00017fbc 0x00000014 LANG_HEBREW SUBLANG_DEFAULT data
RT_GROUP_ICON 0x00017fbc 0x00000014 LANG_HEBREW SUBLANG_DEFAULT data
RT_VERSION 0x00017fd4 0x000002d8 LANG_HEBREW SUBLANG_DEFAULT data
RT_MANIFEST 0x000182b0 0x0000016a LANG_ENGLISH SUBLANG_ENGLISH_US ASCII text, with CRLF line terminators

Imports

Library KERNEL32.DLL:
0x4184f8 LoadLibraryA
0x4184fc GetProcAddress
0x418500 VirtualProtect
0x418504 VirtualAlloc
0x418508 VirtualFree
0x41850c ExitProcess
Library ADVAPI32.dll:
0x418514 RegCloseKey
Library COMCTL32.dll:
0x41851c None
Library comdlg32.dll:
0x418524 FindTextW
Library GDI32.dll:
0x41852c SetBkMode
Library msvcrt.dll:
0x418534 abs
Library ole32.dll:
0x41853c CoInitialize
Library SHELL32.dll:
0x418544 DragFinish
Library USER32.dll:
0x41854c GetDC
Library VERSION.dll:
0x418554 VerQueryValueW
!This program cannot be run in DOS mode.
m%@P=
4XT>5x
FiwS63
:Y;~lVV9e
ebZRJ.
7to|we
@sL5v{s
Q=m ND
5BVSyS
T2R@\$
0vpSW<
=FP*xS
@y7C3G
Xruz##
6]QPPV
~`2tWC
7*F,S3W
G\(n07
4Rx=1u
9ju4SN
;P%sMX
Z!r@`p;
^0W~.S
ulO!Ky
`A^<T2
EL^-cj
`/Ps`V
{taj2xh`
~{VPb$
!~5""0
~3Z9W:
#,I012
fDEFGH
~E$?WV
rovM_tD6
H=t2j\$
uj=sXK
)u3SSh#
Cddd|xp
6`gp_`
?t0j@_+
>QZ^&}k;
60kh(S
-0j<|X
L.E`P~K
~dNv%:W
m*q4P:,T5
680W0;
.#h"b0j;
$ZCT0{
@pB=Ye
A&dW(#
o,20Q<u _$*]
YtRfV
qhTf3)8
Ylb3?e
ccount","Login Name
Password
Web Sit
nl<]te
sk=us)>
YrolsEx
:Su]7FC
 ##%%&&))*
*,,//1122447788;;==>>@@CCEEFFIIJ
JLLOOQQRRTTWWXX[[]]^^aabbddgghhk
nnpppuuvvyyzz||
4M((((((
wo CsK
cp_i=9mAcc
&I/sE;
6KKkd/
IKO?8e_
E2fCpU
"M88q
i7reateToolhelp32Snaps
ho4Module
NexProcess
MGetFBase`7t
s'FilEx/{
s)+&'In
SpecialFT
c'f:/U
2005\O
Cr+x@
)A%t'E
-)jve+D
fl!OgKa)hK
UaU/e;
1'<7e;a
.:3=3O
Memory%Sm
kw9iva
GlobalUn
%aTypb
Lartuprmi
ToM'tiByt
LoKtAl
8eLibrKyA
Lasdpd
F4MSag
VersEV
Atjbut>
z_\!tBk
4lfjc_!l
0:mchrVslw
1 x|%f-
YAPAXI@Z
lR3Ws|8S
A(d[Je
>,*IsKj
XPTPSW
%&&&&%
((((((''
%""!!!!"
0/*****)'
%&&&%%%%%"
36333222("
"&(((''''&
55553333(
"'***)))))
77555555
(3331110*
<:9999
555333*
55555*
<>>>>>
999977*
;;;::<
@DDDCC
>>>><<<
GGEFFFF.
.@@@????
JJHHHHH@
@DDDCCC?
HLLLLLJ-
8GGGEEFC
LNNNNNL$
-HJJJJEF
PPPPOON=$
-CNNMMMMK
RRRRRRRRRPPPPOOONN
TTTSTSSSRRRRRR
TTTTTTTT
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<dependency>
<dependentAssembly>
<assemblyIdentity type="Win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="X86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity>
</dependentAssembly>
</dependency>
</assembly>PA
KERNEL32.DLL
ADVAPI32.dll
COMCTL32.dll
comdlg32.dll
GDI32.dll
msvcrt.dll
ole32.dll
SHELL32.dll
USER32.dll
VERSION.dll
LoadLibraryA
GetProcAddress
VirtualProtect
VirtualAlloc
VirtualFree
ExitProcess
RegCloseKey
FindTextW
SetBkMode
CoInitialize
DragFinish
VerQueryValueW
VS_VERSION_INFO
StringFileInfo
040904b0
CompanyName
NirSoft
FileDescription
OperaPassView
FileVersion
InternalName
OperaPassView
LegalCopyright
Copyright
2010 - 2013 Nir Sofer
OriginalFilename
OperaPassView.exe
ProductName
OperaPassView
ProductVersion
VarFileInfo
Translation
Antivirus Result
Bkav None
Lionic None
Elastic Malicious (Moderate Confidence)
ClamAV None
CMC None
CAT-QuickHeal Hacktool.Operapass.Sd4
Skyhigh Htool-Passview
ALYac None
Cylance Unsafe
Zillya Tool.Netpass.Win32.2488
Sangfor Pup.Win32.Netpass.V2ov
CrowdStrike Win/Grayware_Confidence_100% (W)
Alibaba None
K7GW Password-Stealer ( 005d76c01 )
K7AntiVirus Password-Stealer ( 005d76c01 )
huorong Hacktool/Operapassview.A
Baidu None
VirIT None
Paloalto Generic.Ml
Symantec Passwordrevealer
tehtris None
ESET-NOD32 Win32/Pswtool.Operapassview Potentially Unsafe Application
APEX Malicious
Avast Win32:Pswtool-Ao [Pup]
Cynet Malicious (Score: 99)
Kaspersky Not-A-Virus:Pswtool.Win32.Netpass.Bsd
BitDefender Gen:Application.Heur.Cmkfkw5!5wfo
NANO-Antivirus None
ViRobot Pswtool.Netpass.40960.E
MicroWorld-eScan Gen:Application.Heur.Cmkfkw5!5wfo
Tencent None
Sophos Nirsoft Opera Password Viewer (Pua)
F-Secure None
DrWeb Tool.Passview.793
VIPRE Gen:Application.Heur.Cmkfkw5!5wfo
TrendMicro Hktl_Passview
McAfeeD Ti!8e4b218bdbd8
Trapmine None
CTX Exe.Hacktool.Netpass
Emsisoft Gen:Application.Heur.Cmkfkw5!5wfo (B)
Ikarus None
GData Gen:Application.Heur.Cmkfkw5!5wfo
Jiangmin Pswtool.Netpass.Pc
Webroot None
Varist W32/S-2d44635c!Eldorado
Avira None
Antiy-AVL Hacktool/Win32.Paasview
Kingsoft None
Gridinsoft Trojan.Win32.Agent.Dg
Xcitium Malware@#30lfngyqlknqz
Arcabit Application.Heur.Cmkfkw5!5wfo
SUPERAntiSpyware None
ZoneAlarm None
Microsoft Hacktool:Win32/Netpass!Msr
Google Detected
AhnLab-V3 Unwanted/Win.Operapassview.C5794269
Acronis None
VBA32 None
TACHYON None
Malwarebytes Pup.Optional.Operapasswordtool
Panda None
Zoner None
TrendMicro-HouseCall Hktl_Passview
Rising Trojan.Win32.Generic.1902f819 (C64:Yzy0oohqjzgonkyo)
Yandex Trojan.Igent.Buwz54.9
TrellixENS Htool-Passview
SentinelOne None
MaxSecure Trojan.Malware.73379609.Susgen
Fortinet Riskware/Netpass
AVG Win32:Pswtool-Ao [Pup]
DeepInstinct Malicious
alibabacloud Hacktool:Win/Pswtool.Operapassview
IRMA Signature
Trend Micro SProtect (Linux) Clean
Avast Core Security (Linux) Win32:PSWtool-AO [PUP]
C4S ClamAV (Linux) YARA.UPX.UNOFFICIAL
Trellix (Linux) Clean
Sophos Anti-Virus (Linux) Clean
Bitdefender Antivirus (Linux) Gen:Application.Heur.cmKfkW5!5WfO
G Data Antivirus (Windows) Virus: Gen:Application.Heur.cmKfkW5!5WfO (Engine A)
WithSecure (Linux) PotentiallyUnwanted:W32/App.cab798294b!Online
ESET Security (Windows) Clean
DrWeb Antivirus (Linux) Clean
ClamAV (Linux) Clean
eScan Antivirus (Linux) Gen:Application.Heur.cmKfkW5!5WfO(DB)
Kaspersky Standard (Windows) Clean
Emsisoft Commandline Scanner (Windows) Clean
Cuckoo

We're processing your submission... This could take a few seconds.