NieRAutomata[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NieRAutomata.exe
Size

17.0MB
MD5

780aafde8eedd2f948a7787a1bdd0ac2
SHA1

07e1e07ecff697ffe1f69f292eb7e491aae555be
SHA256

96252ef2d81ed214d82071e6026072b105a7ccfbf1b52d7d068078288056d82d
SHA512

c207885a9b1525ca37f1391ae44922a49dd0d3b08524d9f4357bb273cc08a60d5b2f50ded49eb8a853ed52be8189bdea54f90050b7b1c140c85c3d96aced5bda
SSDEEP

196608:5lqYf96l6uixic4sMFk757yyoAohoPU4kjE1NWDpp9a:5l/fkl1SiPsoc57yyo7hoPU4iE1y9a

Score

N/A

Malware Config

Signatures

Files

NieRAutomata.exe
.exe windows x64

0c27e69ce82c3aa4eb1d8dc636bdea4c

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:a8:2d:0c:a0:eb:78:ae:99:87:1e:0f:7b:1c:03:7e
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/10/2020, 00:00

Not After

21/11/2021, 23:59

Subject

CN=SQUARE ENIX CO.\, LTD.,OU=Information Technology Division,O=SQUARE ENIX CO.\, LTD.,L=Shinjuku-ku,ST=Tokyo,C=JP

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:d4:c1:38:b1:0f:78:95:92:b2:56:f4:6f:27:dd:19:60:73:0c:19:26:22:b5:d3:e3:35:da:bc:bd:08:54:08
Signer

Actual PE Digest

cc:d4:c1:38:b1:0f:78:95:92:b2:56:f4:6f:27:dd:19:60:73:0c:19:26:22:b5:d3:e3:35:da:bc:bd:08:54:08

Digest Algorithm

sha256

PE Digest Matches

false

Signature Validations

Trusted

true

Verification

Signing Certificate

CN=SQUARE ENIX CO.\, LTD.,OU=Information Technology Division,O=SQUARE ENIX CO.\, LTD.,L=Shinjuku-ku,ST=Tokyo,C=JP

12/07/2021, 12:50
Valid: true

Chain 1

CN=SQUARE ENIX CO.\, LTD.,OU=Information Technology Division,O=SQUARE ENIX CO.\, LTD.,L=Shinjuku-ku,ST=Tokyo,C=JP

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetUserDefaultLocaleName
CreateEventA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
RtlUnwind
GetLastError
DecodePointer
WriteConsoleW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
SetCriticalSectionSpinCount
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
GetConsoleMode
GetConsoleOutputCP
HeapReAlloc
GetTimeZoneInformation
GetStringTypeW
LCMapStringW
CompareStringW
GetFileType
GetStdHandle
GetModuleFileNameW
ExitProcess
SystemTimeToTzSpecificLocalTime
FindNextFileW
FindFirstFileExW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
GetCPInfo
LoadLibraryExW
GetEnvironmentStringsW
InitializeCriticalSection
EncodePointer
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
WaitForMultipleObjectsEx
SleepEx
VerifyVersionInfoW
VerSetConditionMask
Sleep
GetPrivateProfileStructA
WritePrivateProfileStructA
HeapDestroy
HeapCreate
HeapAlloc
HeapFree
CreateFileA
FileTimeToSystemTime
GetFileSize
ReadFile
WriteFile
GetFileAttributesA
DeleteFileA
CreateDirectoryA
CreateMutexA
ReleaseMutex
IsDebuggerPresent
GetModuleFileNameA
SetLastError
GetCurrentThreadId
GetModuleHandleA
QueryPerformanceFrequency
QueryPerformanceCounter
GetLocalTime
FindFirstFileA
FindNextFileA
FindClose
GlobalAlloc
GlobalSize
GlobalFree
CreateSemaphoreA
WaitForSingleObject
ReleaseSemaphore
SetThreadPriority
ResumeThread
OpenThread
SwitchToThread
SetEvent
SetCurrentDirectoryA
GlobalLock
GlobalUnlock
IsBadWritePtr
GetFileTime
SetFilePointer
CreateFileW
FlushFileBuffers
GetACP
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
CreateDirectoryW
DebugBreak
CreateThread
GetCurrentThread
GetSystemInfo
SetThreadAffinityMask
LoadLibraryA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcessAffinityMask
SetErrorMode
GetModuleHandleExA
DeleteFileW
GetFileAttributesW
SetEndOfFile
MoveFileA
MoveFileW
GetTickCount
GetThreadPriority
GetExitCodeThread
FreeLibrary
LoadLibraryW
RaiseException

user32

GetClientRect
MessageBoxW
GetSystemMetrics
GetWindowRect
SetWindowLongPtrW
GetWindowLongPtrW
GetForegroundWindow
CallWindowProcW
UnregisterDeviceNotification
RegisterDeviceNotificationW
GetKeyState
GetClipboardData
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
SwapMouseButton
ShowCursor
ScreenToClient
GetCursorPos
ClipCursor
GetAsyncKeyState
GetKeyboardLayout
SetCursorPos
EndPaint
BeginPaint
GetDC
GetDesktopWindow
SendMessageA
UpdateWindow
GetWindowLongA
SetWindowLongPtrA
AdjustWindowRect
SetWindowPos
GetMonitorInfoW
GetDisplayConfigBufferSizes
QueryDisplayConfig
DisplayConfigGetDeviceInfo
MessageBoxA
ClientToScreen
PostQuitMessage
ShowWindow
DefWindowProcA
GetWindowLongPtrA
DestroyWindow
UnregisterClassA
LoadIconA
LoadCursorA
RegisterClassExA
CreateWindowExA
PeekMessageA
TranslateMessage
DispatchMessageA

shell32

SHGetSpecialFolderPathA

d3d11

D3D11CreateDevice

dxgi

CreateDXGIFactory

steam_api64

SteamInternal_CreateInterface
SteamAPI_GetHSteamPipe
SteamAPI_GetHSteamUser
SteamInternal_ContextInit
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamAPI_RegisterCallback
SteamAPI_UnregisterCallback
SteamAPI_RunCallbacks
SteamAPI_IsSteamRunning

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

dinput8

DirectInput8Create

xinput1_4

ord3
ord2

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

gdi32

GetObjectA
GetDeviceCaps

ole32

CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CreateStreamOnHGlobal
OleUninitialize
CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateGuid

oleaut32

VariantClear
SysAllocString
OleLoadPicture
SysFreeString
VariantInit

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement

Sections

.text
Size: 12.1MB - Virtual size: 12.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 749KB - Virtual size: 8.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 629KB - Virtual size: 628KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.bind
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0c27e69ce82c3aa4eb1d8dc636bdea4c

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

02:a8:2d:0c:a0:eb:78:ae:99:87:1e:0f:7b:1c:03:7eCertificate

Extended Key Usages

Key Usages

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

cc:d4:c1:38:b1:0f:78:95:92:b2:56:f4:6f:27:dd:19:60:73:0c:19:26:22:b5:d3:e3:35:da:bc:bd:08:54:08Signer

Signature Validations

Verification

12/07/2021, 12:50 Valid: true

Chain 1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

d3d11

dxgi

steam_api64

winmm

dinput8

xinput1_4

setupapi

gdi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 12.1MB - Virtual size: 12.1MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 749KB - Virtual size: 8.7MB

.pdata Size: 629KB - Virtual size: 628KB

_RDATA Size: 37KB - Virtual size: 36KB

.rsrc Size: 260KB - Virtual size: 260KB

.reloc Size: 141KB - Virtual size: 141KB

.bind Size: 228KB - Virtual size: 228KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

02:a8:2d:0c:a0:eb:78:ae:99:87:1e:0f:7b:1c:03:7e
Certificate

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

cc:d4:c1:38:b1:0f:78:95:92:b2:56:f4:6f:27:dd:19:60:73:0c:19:26:22:b5:d3:e3:35:da:bc:bd:08:54:08
Signer

12/07/2021, 12:50
Valid: true

.text
Size: 12.1MB - Virtual size: 12.1MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 749KB - Virtual size: 8.7MB

.pdata
Size: 629KB - Virtual size: 628KB

_RDATA
Size: 37KB - Virtual size: 36KB

.rsrc
Size: 260KB - Virtual size: 260KB

.reloc
Size: 141KB - Virtual size: 141KB

.bind
Size: 228KB - Virtual size: 228KB