Summary

Archive NirSoft/operapassview.exe @ WinPE11_10_8_Sergei_Strelec_x86_x64_2024.08.21_English.iso

Summary
Download Resubmit sample

Size 40.0KB
Type PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed
MD5 0e47188b23d897ede0fe8fac05cb3263
SHA1 cab798294be00a94ba8ebf9ccb7443e837835d05
SHA256 8e4b218bdbd8e098fff749fe5e5bbf00275d21f398b34216a573224e192094b8
SHA512
4be255b828c5eda9b82b1dd058488ef6aea5a8f8f5265c9a3a241fd5f5cafaf1706e8089d84026e52a6a2e4ea750f610183e2ff6942e42f0e209ba2df3788492
CRC32 33C60CC3
ssdeep None
Yara
  • UPX - (no description)
  • suspicious_packer_section - The packer/protector section names/keywords
  • screenshot - Take screenshot
  • win_registry - Affect system registries

Score

This archive is very suspicious, with a score of 10 out of 10!

Please notice: The scoring system is currently still in development and should be considered an alpha feature.

Feedback

Expecting different results? Send us this analysis and we will inspect it. Click here

Information on Execution

Analysis
Category Started Completed Duration Routing Logs
ARCHIVE March 4, 2026, 9:43 p.m. March 4, 2026, 9:51 p.m. 502 seconds internet Show Analyzer Log
Show Cuckoo Log

Analyzer Log

2026-03-04 20:43:25,765 [analyzer] DEBUG: Starting analyzer from: C:\tmpt1gcja
2026-03-04 20:43:25,765 [analyzer] DEBUG: Pipe server name: \??\PIPE\adMtteowZouyKJpzxaIHN
2026-03-04 20:43:25,765 [analyzer] DEBUG: Log pipe server name: \??\PIPE\CFNHAizhgDstMdkSabtbWIhwPNOi
2026-03-04 20:43:25,983 [analyzer] DEBUG: Started auxiliary module Curtain
2026-03-04 20:43:25,983 [analyzer] DEBUG: Started auxiliary module DbgView
2026-03-04 20:43:26,342 [analyzer] DEBUG: Started auxiliary module Disguise
2026-03-04 20:43:26,608 [analyzer] DEBUG: Loaded monitor into process with pid 508
2026-03-04 20:43:26,608 [analyzer] DEBUG: Started auxiliary module DumpTLSMasterSecrets
2026-03-04 20:43:26,608 [analyzer] DEBUG: Started auxiliary module Human
2026-03-04 20:43:26,608 [analyzer] DEBUG: Started auxiliary module InstallCertificate
2026-03-04 20:43:26,608 [analyzer] DEBUG: Started auxiliary module Reboot
2026-03-04 20:43:26,671 [analyzer] DEBUG: Started auxiliary module RecentFiles
2026-03-04 20:43:26,671 [analyzer] DEBUG: Started auxiliary module Screenshots
2026-03-04 20:43:26,671 [analyzer] DEBUG: Started auxiliary module Sysmon
2026-03-04 20:43:26,671 [analyzer] DEBUG: Started auxiliary module LoadZer0m0n
2026-03-04 20:43:26,812 [lib.api.process] INFO: Successfully executed process from path 'C:\\Users\\ADMINI~1\\AppData\\Local\\Temp\\NirSoft/operapassview.exe' with arguments '' and pid 220
2026-03-04 20:43:26,983 [analyzer] DEBUG: Loaded monitor into process with pid 220
2026-03-04 20:48:29,428 [analyzer] INFO: Analysis timeout hit, terminating analysis.
2026-03-04 20:48:29,599 [lib.api.process] ERROR: Failed to dump memory of 32-bit process with pid 220.
2026-03-04 20:48:29,881 [analyzer] INFO: Terminating remaining processes before shutdown.
2026-03-04 20:48:29,881 [lib.api.process] INFO: Successfully terminated process with pid 220.
2026-03-04 20:48:29,881 [analyzer] INFO: Analysis completed.

Cuckoo Log

2026-03-04 21:43:29,607 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:30,629 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:31,653 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:32,899 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:33,934 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:35,213 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:36,241 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:38,646 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:39,685 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:41,928 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:43,229 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:44,305 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:45,540 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:46,833 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:47,930 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:48,985 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:50,015 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:51,039 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:52,076 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:53,102 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:54,121 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:55,139 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:56,157 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:57,182 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:58,200 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:43:59,221 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:02,028 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:03,116 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:04,214 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:05,288 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:06,342 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:07,385 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:08,421 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:09,455 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:10,484 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:14,499 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:15,534 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:16,585 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:17,612 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:18,637 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:19,665 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:20,909 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:21,991 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:23,037 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:24,508 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:25,630 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:26,719 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:27,792 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:28,865 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:29,926 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:30,996 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:32,268 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:33,380 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:34,617 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:35,722 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:36,819 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:37,898 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:38,992 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:41,513 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:42,623 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:43,712 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:45,742 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:46,835 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:49,227 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:50,328 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:51,630 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:52,730 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:53,815 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:54,891 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:55,974 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:57,047 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:58,103 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:44:59,195 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:00,443 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:01,632 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:03,015 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:04,200 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:05,290 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:06,372 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:07,453 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:08,539 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:09,582 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:10,823 [cuckoo.core.scheduler] DEBUG: Task #7475187: no machine available yet
2026-03-04 21:45:12,217 [cuckoo.core.scheduler] INFO: Task #7475187: acquired machine win7x642 (label=win7x642)
2026-03-04 21:45:12,221 [cuckoo.core.resultserver] DEBUG: Now tracking machine 192.168.168.202 for task #7475187
2026-03-04 21:45:13,004 [cuckoo.auxiliary.sniffer] INFO: Started sniffer with PID 3328115 (interface=vboxnet0, host=192.168.168.202)
2026-03-04 21:45:13,080 [cuckoo.machinery.virtualbox] DEBUG: Starting vm win7x642
2026-03-04 21:45:14,059 [cuckoo.machinery.virtualbox] DEBUG: Restoring virtual machine win7x642 to vmcloak
2026-03-04 21:47:45,194 [cuckoo.core.guest] INFO: Starting analysis #7475187 on guest (id=win7x642, ip=192.168.168.202)
2026-03-04 21:47:46,356 [cuckoo.core.guest] DEBUG: win7x642: not ready yet
2026-03-04 21:47:51,400 [cuckoo.core.guest] INFO: Guest is running Cuckoo Agent 0.10 (id=win7x642, ip=192.168.168.202)
2026-03-04 21:47:51,690 [cuckoo.core.guest] DEBUG: Uploading analyzer to guest (id=win7x642, ip=192.168.168.202, monitor=latest, size=6660546)
2026-03-04 21:47:58,599 [cuckoo.core.resultserver] DEBUG: Task #7475187: live log analysis.log initialized.
2026-03-04 21:48:00,158 [cuckoo.core.resultserver] DEBUG: Task #7475187 is sending a BSON stream
2026-03-04 21:48:00,560 [cuckoo.core.resultserver] DEBUG: Task #7475187 is sending a BSON stream
2026-03-04 21:48:01,520 [cuckoo.core.resultserver] DEBUG: Task #7475187: File upload for 'shots/0001.jpg'
2026-03-04 21:48:01,537 [cuckoo.core.resultserver] DEBUG: Task #7475187 uploaded file length: 111558
2026-03-04 21:48:15,150 [cuckoo.core.guest] DEBUG: win7x642: analysis #7475187 still processing
2026-03-04 21:48:30,554 [cuckoo.core.resultserver] DEBUG: Task #7475187: File upload for 'curtain/1772653709.74.curtain.log'
2026-03-04 21:48:30,578 [cuckoo.core.resultserver] DEBUG: Task #7475187 uploaded file length: 36
2026-03-04 21:48:30,580 [cuckoo.core.resultserver] DEBUG: Task #7475187: File upload for 'sysmon/1772653709.88.sysmon.xml'
2026-03-04 21:48:30,583 [cuckoo.core.resultserver] DEBUG: Task #7475187: File upload for 'shots/0002.jpg'
2026-03-04 21:48:30,590 [cuckoo.core.resultserver] DEBUG: Task #7475187 uploaded file length: 894446
2026-03-04 21:48:30,595 [cuckoo.core.resultserver] DEBUG: Task #7475187 uploaded file length: 133563
2026-03-04 21:48:30,610 [cuckoo.core.resultserver] DEBUG: Task #7475187 had connection reset for <Context for LOG>
2026-03-04 21:48:31,401 [cuckoo.core.guest] INFO: win7x642: analysis completed successfully
2026-03-04 21:48:31,415 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Redsocks
2026-03-04 21:48:31,444 [cuckoo.core.plugins] DEBUG: Stopped auxiliary module: Sniffer
2026-03-04 21:48:33,005 [cuckoo.machinery.virtualbox] INFO: Successfully generated memory dump for virtual machine with label win7x642 to path /srv/cuckoo/cwd/storage/analyses/7475187/memory.dmp
2026-03-04 21:48:33,007 [cuckoo.machinery.virtualbox] DEBUG: Stopping vm win7x642
2026-03-04 21:51:48,441 [cuckoo.core.resultserver] DEBUG: Stopped tracking machine 192.168.168.202 for task #7475187
2026-03-04 21:51:49,075 [cuckoo.core.scheduler] DEBUG: Released database task #7475187
2026-03-04 21:51:49,387 [cuckoo.core.scheduler] INFO: Task #7475187: analysis procedure completed

Signatures

Yara rules detected for file (4 events)
description (no description) rule UPX
description The packer/protector section names/keywords rule suspicious_packer_section
description Take screenshot rule screenshot
description Affect system registries rule win_registry
The executable uses a known packer (1 event)
packer UPX 2.90 [LZMA] -> Markus Oberhumer, Laszlo Molnar & John Reiser
Steals private information from local Internet browsers (2 events)
file C:\Users\Administrator\AppData\Roaming\Opera\Opera\wand.dat
file C:\Users\Administrator\AppData\Roaming\Opera\Opera7\profile\wand.dat
The binary likely contains encrypted or compressed data indicative of a packer (2 events)
section {u'size_of_data': u'0x00008400', u'virtual_address': u'0x0000e000', u'entropy': 7.875578438451499, u'name': u'UPX1', u'virtual_size': u'0x00009000'} entropy 7.87557843845 description A section with a high entropy has been found
entropy 0.846153846154 description Overall entropy of this PE file is high
The executable is compressed using UPX (2 events)
section UPX0 description Section name indicates UPX
section UPX1 description Section name indicates UPX
File has been identified by 6 AntiVirus engine on IRMA as malicious (6 events)
G Data Antivirus (Windows) Virus: Gen:Application.Heur.cmKfkW5!5WfO (Engine A)
Avast Core Security (Linux) Win32:PSWtool-AO [PUP]
C4S ClamAV (Linux) YARA.UPX.UNOFFICIAL
WithSecure (Linux) PotentiallyUnwanted:W32/App.cab798294b!Online
eScan Antivirus (Linux) Gen:Application.Heur.cmKfkW5!5WfO(DB)
Bitdefender Antivirus (Linux) Gen:Application.Heur.cmKfkW5!5WfO
File has been identified by 47 AntiVirus engines on VirusTotal as malicious (47 events)
Cynet Malicious (score: 99)
CAT-QuickHeal HackTool.OperaPass.SD4
Skyhigh HTool-PassView
Cylance Unsafe
VIPRE Gen:Application.Heur.cmKfkW5!5WfO
Sangfor PUP.Win32.Netpass.V2ov
CrowdStrike win/grayware_confidence_100% (W)
BitDefender Gen:Application.Heur.cmKfkW5!5WfO
K7GW Password-Stealer ( 005d76c01 )
K7AntiVirus Password-Stealer ( 005d76c01 )
Arcabit Application.Heur.cmKfkW5!5WfO
Symantec PasswordRevealer
Elastic malicious (moderate confidence)
ESET-NOD32 Win32/PSWTool.OperaPassView potentially unsafe application
APEX Malicious
Avast Win32:PSWtool-AO [PUP]
Kaspersky not-a-virus:PSWTool.Win32.NetPass.bsd
MicroWorld-eScan Gen:Application.Heur.cmKfkW5!5WfO
Rising Trojan.Win32.Generic.1902F819 (C64:YzY0OoHQJzGONKyo)
Emsisoft Gen:Application.Heur.cmKfkW5!5WfO (B)
DrWeb Tool.PassView.793
Zillya Tool.NetPass.Win32.2488
TrendMicro HKTL_PASSVIEW
McAfeeD ti!8E4B218BDBD8
CTX exe.hacktool.netpass
Sophos Nirsoft Opera Password Viewer (PUA)
Jiangmin PSWTool.NetPass.pc
Google Detected
Antiy-AVL HackTool/Win32.PaasView
Gridinsoft Trojan.Win32.Agent.dg
Xcitium Malware@#30lfngyqlknqz
Microsoft HackTool:Win32/Netpass!MSR
ViRobot PSWTool.NetPass.40960.E
GData Gen:Application.Heur.cmKfkW5!5WfO
Varist W32/S-2d44635c!Eldorado
AhnLab-V3 Unwanted/Win.OperaPassView.C5794269
DeepInstinct MALICIOUS
Malwarebytes PUP.Optional.OperaPasswordTool
TrendMicro-HouseCall HKTL_PASSVIEW
Yandex Trojan.Igent.bUWZ54.9
TrellixENS HTool-PassView
huorong HackTool/OperaPassView.a
MaxSecure Trojan.Malware.73379609.susgen
Fortinet Riskware/NetPass
AVG Win32:PSWtool-AO [PUP]
Paloalto generic.ml
alibabacloud HackTool:Win/PSWTool.OperaPassView
Screenshots
Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action VT Location
No hosts contacted.
Cuckoo

We're processing your submission... This could take a few seconds.