NSUNSR[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NSUNSR.exe
Size

10.0MB
MD5

68b01b313bbac2b997d333442f7c51d5
SHA1

5ad5741c18c0c9eab6390eae48f689fac9dce093
SHA256

ae295397cad753f433bbe84448fa3343c74e7e23d06b1364c2c945c170a6241c
SHA512

667b7a12b7e81db48eb55a3050eb432ce8e0ed6225396d998f8b97ce4019e20feaa3a32d3a43b1d7304807b421bcb0f6f2adc199f1c4656d79f30b715e092d8a
SSDEEP

98304:OEtudHfOvtiV1FqDqqI/EXsbaUkNz3eX+8ItTpkgWdaO6LMcnB+Upy:MdMt0kqqI/Fb3kd2+8gTpktdl6LM0

Score

N/A

Malware Config

Signatures

Files

NSUNSR.exe
.exe windows x86

2be4c607175dc96da9c9aae141804bc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

D3DPERF_SetOptions
Direct3DCreate9

ws2_32

WSAGetLastError
htons
htonl
listen
bind
ioctlsocket
shutdown
closesocket
recv
socket
setsockopt

nusound2_win

nuSound2_3DGetParameter
nuSound2VoiceIsFinished
nuSound2GetVolTargetDecibel
nuSound2FadeIsFinished
nuSound2KeySetOnHandle
nuSound2KeyOnHandleChgrp
nuSound2StreamAllocate
nuSound2StreamSetBuffer
nuSound2StreamInit
nuSound2KeySetOnHandleChgrp
nuSound2SetMasterVolume
nuSound2_3DSetRadiusDistance
nuSound2BusSetVol
nuSound2BusGetVol
nuSound2BusReset
nuSound2BankGetState
nuSound2BankRegister
nuSound2BankIsLittleEndian
nuSound2BankGetBodyFileSize
nuSound2BankGetHeaderFileSize
nuSound2BankFree
nuSound2Main
nuSound2StreamReadyEx
nuSound2StreamStartEx
nuSound2InitEx
nuSound2_3DInit
nuSound2SetOutputMode
nuSound2SetPauseOff
nuSound2IsPaused
nuSound2SetPauseOn
nuSound2StreamQuit
nuSound2Quit
nuSound2_3DSetTableLowPassFilter
nuSound2_3DGetTableLowPassFilter
nuSound2_3DSetTableVolume
nuSound2_3DGetTableVolume
nuSound2_3DSetTableDistance
nuSound2_3DGetTableDistance
nuSound2StreamIsPlaying
nuSound2StreamGetStatus
nuSound2SetVolume
nuSound2SetHighPassFilter
nuSound2SetLowPassFilter
nuSound2_3DKeySetOnHandleChgrp
nuSound2VoiceSetPauseOff
nuSound2VoiceSetPauseOn
nuSound2Fade
nuSound2FadeKeyOff
nuSound2StreamSetPause
nuSound2StreamStop
nuSound2StreamSetVolume
nuSound2ToneGetChgrpHandle
nuSound2StreamIsReady
nuSound2StreamGo
nuSound2KeyAllOff
nuSound2_3DLineUpdate
nuSound2_3DLineKeySetOnHandle
nuSound2ToneIsLoopHandle
nuSound2KeyOff
nuSound2SetPan
nuSound2SetVolPanPitch
nuSound2_3DUpdate
nuSound2_3DKeySetOnHandle
nuSound2VoiceIsPaused

steam_api

SteamNetworking
SteamAPI_UnregisterCallback
SteamUser
SteamAPI_RegisterCallback
SteamRemoteStorage
SteamUserStats
SteamAPI_RegisterCallResult
SteamAPI_UnregisterCallResult
SteamMatchmaking
SteamGameServer_Shutdown
SteamGameServer_Init
SteamGameServer
SteamApps
SteamUtils
SteamAPI_Shutdown
SteamAPI_Init
SteamAPI_RestartAppIfNecessary
SteamGameServer_RunCallbacks
SteamAPI_RunCallbacks
SteamFriends

kernel32

GetProcAddress
LoadLibraryA
FreeLibrary
FormatMessageA
GetModuleFileNameA
CreateEventA
ResetEvent
SetThreadAffinityMask
GetSystemInfo
CreateFileA
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
DecodePointer
EncodePointer
SetEndOfFile
MoveFileA
SetFilePointer
GetFileSize
IsDebuggerPresent
FlushFileBuffers
CreateDirectoryA
DeleteFileA
GetFileAttributesA
LocalFileTimeToFileTime
DeleteFileW
GetFileAttributesExW
FindNextFileW
RemoveDirectoryW
FindClose
GetFileSizeEx
CreateFileW
ReadFile
GetFileAttributesW
CopyFileW
WriteFile
SetFileTime
CreateDirectoryW
SetFilePointerEx
MoveFileExW
FindFirstFileW
GetProcessAffinityMask
GetCurrentProcess
CreateMutexW
ReleaseMutex
SignalObjectAndWait
LocalFree
VirtualAlloc
GetLastError
FormatMessageW
VirtualFree
InterlockedDecrement
InterlockedIncrement
InterlockedExchange
ResumeThread
GetThreadPriority
GetExitCodeThread
RaiseException
SetThreadPriority
GetCurrentThread
GetModuleHandleW
OutputDebugStringW
CreateSemaphoreW
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
Sleep
GlobalMemoryStatus
MultiByteToWideChar
GetDiskFreeSpaceExW
GetCurrentDirectoryW
lstrcatW
GetPrivateProfileStringW
WideCharToMultiByte
GetPrivateProfileIntW
GetCommandLineW
QueryPerformanceFrequency
QueryPerformanceCounter
WaitForSingleObject
SetEvent
CloseHandle
CreateEventW
GetTickCount
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime

user32

GetCursorPos
IsIconic
MessageBoxW
LoadStringW
CreateWindowExW
AdjustWindowRect
GetSystemMetrics
ShowWindow
ShowCursor
UpdateWindow
AdjustWindowRectEx
SetWindowPos
LoadIconW
LoadCursorW
RegisterClassExW
BeginPaint
EndPaint
PostQuitMessage
DefWindowProcW
PeekMessageW
TranslateMessage
TranslateAcceleratorW
DispatchMessageW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

msvcp100

??1_Lockit@std@@QAE@XZ
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z

msvcr100

_CIexp
frexp
ldexp
_HUGE
isxdigit
isupper
ispunct
islower
_difftime64
system
remove
rename
tmpnam
getenv
clock
strftime
setlocale
_pclose
_popen
tmpfile
fscanf
clearerr
fwrite
ftell
fseek
setvbuf
fflush
_unlock
__dllonexit
_lock
_onexit
_vsnprintf
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_crt_debugger_hook
srand
atan2
exp
acos
_CIlog
memcmp
tan
_strtoui64
_setjmp3
longjmp
fread
feof
strerror
_errno
ferror
ungetc
fopen
freopen
getc
__iob_func
fprintf
isspace
strtod
strcoll
rand
log10
sin
fabs
sqrt
log
pow
memcpy_s
vsprintf_s
strlen
strcat_s
strncat_s
strcpy_s
strcmp
strncat
wcsncat_s
_snwprintf_s
isalnum
wcsncpy
wcschr
iswalpha
exit
_beginthreadex
_endthreadex
swscanf
fputs
fgets
realloc
isalpha
isdigit
localeconv
strcspn
printf
_CIfmod
ceil
_CItanh
_CIcosh
cos
_CIsinh
_purecall
strstr
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy
memchr
memmove
sprintf
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
__CxxFrameHandler3
_CIsqrt
_CIacos
_CIsin
strncmp
memset
strncpy
_CIasin
_CIatan2
_CIcos
tolower
strtoul
_snprintf
atof
atoi
_time64
toupper
_CItan
floor
strtol
_gmtime64
_localtime64
_mktime64
_CIlog10
strrchr
sscanf
strpbrk
modf
_wtoi64
wcsstr
mbstowcs
strncpy_s
malloc
_aligned_malloc
free
_aligned_free
_finite
_isnan
_CIatan
strchr
fclose
_CIpow
iscntrl

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod
timeSetEvent
timeKillEvent
waveInGetNumDevs

d3dx9_43

D3DXGetShaderConstantTable
D3DXCreateTextureFromFileInMemory
D3DXCreateCubeTextureFromFileInMemory

dinput8

DirectInput8Create

xinput1_3

ord2
ord3
ord4

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 661KB - Virtual size: 5.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 201B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 336KB - Virtual size: 335KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2be4c607175dc96da9c9aae141804bc9

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

ws2_32

nusound2_win

steam_api

kernel32

user32

ole32

oleaut32

msvcp100

msvcr100

winmm

d3dx9_43

dinput8

xinput1_3

Sections

.text Size: 7.5MB - Virtual size: 7.5MB

.rdata Size: 1.0MB - Virtual size: 1.0MB

.data Size: 661KB - Virtual size: 5.2MB

.tls Size: 512B - Virtual size: 201B

.rsrc Size: 336KB - Virtual size: 335KB

.reloc Size: 521KB - Virtual size: 521KB

.text
Size: 7.5MB - Virtual size: 7.5MB

.rdata
Size: 1.0MB - Virtual size: 1.0MB

.data
Size: 661KB - Virtual size: 5.2MB

.tls
Size: 512B - Virtual size: 201B

.rsrc
Size: 336KB - Virtual size: 335KB

.reloc
Size: 521KB - Virtual size: 521KB