nemesis_cloud_cracked[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

nemesis_cloud_cracked.rar
Size

46.0MB
MD5

e737c57ceeb0e3de596675a1cda5b72b
SHA1

caa531c1651ee67d297bd441569e0f76c636d344
SHA256

9792eb9c570db8c41701e374ca5624b45dc215e920580faff9e4cfe804f54bcf
SHA512

2b911f0332563202427be210ca94bd0c535b7953cc9daff83423644092d5bbc3e476c00e442fecff6e0aea3ff49f27c04ddd76411c45afb63ff66ef28fbf5f00
SSDEEP

786432:GLN8TxPL3wZrZukTpJegkzh/wyN9BidXvdGYZ5LFc03KT3X8wYoF3:Lh3OluEpKws9QYYLFJ3O3X8a3

Score

8^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 2 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack001/nemesis_cloud.dll	vmprotect
static1/unpack001/reverse_files/nemesis_cloud_oep_fix.dll	vmprotect

Files

nemesis_cloud_cracked.rar
.rar
nemesis_cloud.dll
.dll windows x64

fed91a5275433b674a315b67ad2ba643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

winmm

timeGetTime

d3d11

D3D11CreateDeviceAndSwapChain

kernel32

Beep
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
FreeLibrary
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetCursorPos
GetUserObjectInformationW
GetProcessWindowStation
GetUserObjectInformationW

msvcp140

?_Syserror_map@std@@YAPEBDH@Z

imm32

ImmGetContext

d3dcompiler_47

D3DCompile

vcruntime140

memset

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-stdio-l1-1-0

fread

api-ms-win-crt-heap-l1-1-0

_callnewh

api-ms-win-crt-utility-l1-1-0

rand

api-ms-win-crt-convert-l1-1-0

atof

api-ms-win-crt-math-l1-1-0

truncf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

wtsapi32

WTSSendMessageW

Sections

.text
Size: - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
reverse_files/nemesis_cloud_oep_fix.dll
.dll windows x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Sections

.text
Size: 416KB - Virtual size: 415KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 469B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.hotline
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
reverse_files/nemesis_cloud_oep_fix.dll.i64
reverse_files/nemesis_cloud_oep_fix.exe
.exe windows x64

a386dd73e124627e5edec5690170b427

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

urlmon

URLDownloadToFileW
URLDownloadToFileA

kernel32

GetConsoleScreenBufferInfo
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObjectEx
GetCurrentThreadId
TlsGetValue
InterlockedPushEntrySList
LCMapStringW
HeapAlloc
HeapFree
GetFullPathNameW
GetOEMCP
GetACP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
GetProcAddress
WideCharToMultiByte
GetStdHandle
IsDebuggerPresent
FreeLibraryAndExitThread
InitializeCriticalSectionAndSpinCount
DeleteFileA
CloseHandle
DeleteCriticalSection
ResetEvent
VerifyVersionInfoA
GetFileInformationByHandle
WriteFile
GetLastError
VerSetConditionMask
GetCurrentProcess
MultiByteToWideChar
RtlVirtualUnwind
SystemTimeToFileTime
Beep
FreeLibrary
Sleep
SetLastError
GetStringTypeW
LCMapStringEx
ReadFile
GetConsoleMode
HeapDestroy
ExpandEnvironmentStringsA
IsProcessorFeaturePresent
VirtualProtect
GetCommandLineW
FindFirstFileExW
TlsFree
FindFirstFileW
DeleteFiber
GetTickCount
RaiseException
GetModuleHandleW
RtlLookupFunctionEntry
CreateProcessW
WaitForSingleObject
HeapReAlloc
QueryPerformanceCounter
FindNextFileW
RtlPcToFileHeader
RtlUnwind
SetConsoleTextAttribute
GetSystemDirectoryA
HeapSize
TlsAlloc
QueryPerformanceFrequency
FlushFileBuffers
SetUnhandledExceptionFilter
GetModuleFileNameW
SwitchToFiber
GetFileType
IsValidCodePage
CreateFileW
SetStdHandle
InitializeCriticalSectionEx
OutputDebugStringW
GetLocaleInfoW
GetStartupInfoW
SystemTimeToTzSpecificLocalTime
GetSystemTime
FormatMessageW
GetFileAttributesExW
ExitThread
GetDriveTypeW
GetCPInfo
GetEnvironmentVariableW
LoadLibraryExW
FileTimeToSystemTime
RtlCaptureContext
EnumSystemLocalesW
GetProcessHeap
TerminateProcess
GetSystemInfo
GetSystemTimeAsFileTime
GetModuleHandleExW
EncodePointer
VirtualQuery
LoadLibraryA
SetConsoleMode
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryW
PeekNamedPipe
RtlUnwindEx
TlsSetValue
SetConsoleCtrlHandler
SetFilePointerEx
GetModuleHandleA
GetFileSizeEx
WaitForMultipleObjects
DecodePointer
FindClose
SleepEx
CompareStringW
IsValidLocale
InitializeSListHead
SetEndOfFile
CreateThread
SetConsoleCursorPosition
FillConsoleOutputAttribute
GetCurrentDirectoryW
VirtualAlloc
CreateEventW
ReadConsoleA
DeleteFileW
SetConsoleTitleA
ConvertThreadToFiber
FillConsoleOutputCharacterA
SetEvent
CreateFileA
ExitProcess
ReadConsoleW
CreateFiber
GetCurrentProcessId
GetTimeZoneInformation
GetConsoleOutputCP
GlobalAddAtomA
ConvertFiberToThread
GetExitCodeProcess
LocalFree
GetCommandLineA

ws2_32

connect
recv
__WSAFDIsSet
shutdown
getsockname
htonl
WSAGetLastError
accept
getsockopt
htons
WSASetLastError
bind
sendto
WSAIoctl
inet_pton
setsockopt
WSAStartup
WSACleanup
getaddrinfo
send
select
closesocket
ioctlsocket
listen
FreeAddrInfoW
socket
getnameinfo
getpeername
gethostname
recvfrom

advapi32

CryptAcquireContextA
CryptSetHashParam
CryptSignHashW
CryptGetProvParam
CryptDestroyHash
CryptEnumProvidersW
ReportEventW
GetTokenInformation
CryptExportKey
DeregisterEventSource
CryptReleaseContext
CryptDestroyKey
CryptCreateHash
CryptGenRandom
CryptAcquireContextW
RegisterEventSourceW
CryptGetUserKey
IsValidSid
CryptHashData
CopySid
CryptDecrypt
OpenProcessToken
CryptGetHashParam
ConvertSidToStringSidW
GetLengthSid

crypt32

CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertGetNameStringA
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty
CertFreeCertificateChain
CryptStringToBinaryA
CertCloseStore
CertAddCertificateContextToStore
CertFreeCertificateChainEngine
CryptQueryObject

wldap32

ldap_initA
ldap_memfreeA
ldap_simple_bind_sA
ldap_err2stringA
ldap_next_attributeA
ber_free
ldap_unbind_s
ldap_msgfree
ldap_bind_sA
ldap_get_dnA
ldap_set_optionA
ldap_value_free_len
ldap_next_entry
ldap_get_values_lenA
ldap_first_attributeA
ldap_first_entry
ldap_search_sA

bcrypt

BCryptGenRandom

userenv

UnloadUserProfile

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

shell32

ShellExecuteA

user32

FindWindowA
MessageBoxA
MessageBoxW
GetUserObjectInformationW
GetProcessWindowStation

Sections

.text
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

uxrthhqb
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wtfrjvnx
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.SCY
Size: 14KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
reverse_files/nemesis_cloud_oep_fix.exe.i64

Sharing

General

Malware Config

Signatures

Files

fed91a5275433b674a315b67ad2ba643

Headers

DLL Characteristics

File Characteristics

Imports

winmm

d3d11

kernel32

user32

msvcp140

imm32

d3dcompiler_47

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

wtsapi32

Sections

.text Size: - Virtual size: 415KB

.rdata Size: - Virtual size: 192KB

.data Size: - Virtual size: 10KB

.pdata Size: - Virtual size: 15KB

.vmp0 Size: - Virtual size: 3.3MB

.vmp1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 512B - Virtual size: 208B

.rsrc Size: 512B - Virtual size: 469B

Headers

DLL Characteristics

File Characteristics

Sections

.text Size: 416KB - Virtual size: 415KB

.rdata Size: 196KB - Virtual size: 192KB

.data Size: 12KB - Virtual size: 10KB

.pdata Size: 16KB - Virtual size: 15KB

.vmp0 Size: 3.3MB - Virtual size: 3.3MB

.vmp1 Size: 5.5MB - Virtual size: 5.5MB

.reloc Size: 4KB - Virtual size: 208B

.rsrc Size: 4KB - Virtual size: 469B

.hotline Size: 5KB - Virtual size: 4KB

a386dd73e124627e5edec5690170b427

Headers

DLL Characteristics

File Characteristics

Imports

urlmon

kernel32

ws2_32

advapi32

crypt32

wldap32

bcrypt

userenv

rpcrt4

shell32

user32

Sections

.text Size: 3.3MB - Virtual size: 3.3MB

.rsrc Size: 1KB - Virtual size: 4KB

.idata Size: 1024B - Virtual size: 4KB

Size: 4.4MB - Virtual size: 4.4MB

uxrthhqb Size: 2.5MB - Virtual size: 2.5MB

wtfrjvnx Size: 512B - Virtual size: 4KB

.pdata Size: 100KB - Virtual size: 100KB

.SCY Size: 14KB - Virtual size: 16KB

.text
Size: - Virtual size: 415KB

.rdata
Size: - Virtual size: 192KB

.data
Size: - Virtual size: 10KB

.pdata
Size: - Virtual size: 15KB

.vmp0
Size: - Virtual size: 3.3MB

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 512B - Virtual size: 208B

.rsrc
Size: 512B - Virtual size: 469B

.text
Size: 416KB - Virtual size: 415KB

.rdata
Size: 196KB - Virtual size: 192KB

.data
Size: 12KB - Virtual size: 10KB

.pdata
Size: 16KB - Virtual size: 15KB

.vmp0
Size: 3.3MB - Virtual size: 3.3MB

.vmp1
Size: 5.5MB - Virtual size: 5.5MB

.reloc
Size: 4KB - Virtual size: 208B

.rsrc
Size: 4KB - Virtual size: 469B

.hotline
Size: 5KB - Virtual size: 4KB

.text
Size: 3.3MB - Virtual size: 3.3MB

.rsrc
Size: 1KB - Virtual size: 4KB

.idata
Size: 1024B - Virtual size: 4KB

uxrthhqb
Size: 2.5MB - Virtual size: 2.5MB

wtfrjvnx
Size: 512B - Virtual size: 4KB

.pdata
Size: 100KB - Virtual size: 100KB

.SCY
Size: 14KB - Virtual size: 16KB