N3NY000 V2[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

N3NY000 V2.exe
Size

432KB
MD5

7703a12a51cef52b3095ea29b9fa4ea7
SHA1

2eefecc5bf454390eaebf52b433c3df631f21d06
SHA256

d7071777f817200fa6f11e7bbc89169cb421e70736fcb714ce5d6e894386d5c5
SHA512

367e6d24609b904190f331c8d8ccb24ca13439a3e5304e4e81412f32ec8aa46ad00064b57f511d0510d5fd2b901c13c07c71665fff49e862888be7dad51c9fc6
SSDEEP

12288:18GlFrXbpm6S2CBU2FZmt5vf321xW/Ky:1FlFrNDVqpFZmtpf32EJ

Score

N/A

Malware Config

Signatures

Files

N3NY000 V2.exe
.exe windows x64

63dba2248962c63116d8b9098715faa7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

WSASetLastError
WSAIoctl
inet_pton
WSAStartup
WSACleanup
getaddrinfo
freeaddrinfo
__WSAFDIsSet
select
accept
htonl
listen
ioctlsocket
WSACloseEvent
socket
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAResetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
recv
bind
connect
getpeername
getsockname
getsockopt
htons
ntohs
setsockopt
send

advapi32

CryptAcquireContextA
CryptGetHashParam
CryptGenRandom
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindExtension
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertAddCertificateContextToStore
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CertGetNameStringA

kernel32

GetTickCount
QueryPerformanceCounter
MoveFileExA
FormatMessageW
WaitForSingleObjectEx
GetEnvironmentVariableA
MultiByteToWideChar
GetProcAddress
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
ReadFile
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
SetLastError
GetStdHandle
CreateDirectoryA
GetFileAttributesA
CloseHandle
GetLastError
WaitForSingleObject
Sleep
CreateRemoteThread
OpenProcess
VirtualAllocEx
VirtualProtectEx
WriteProcessMemory
VirtualFreeEx
GetModuleFileNameA
LoadLibraryA
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetConsoleWindow
K32EnumProcessModulesEx
K32GetModuleFileNameExA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
QueryPerformanceFrequency
GetSystemDirectoryA
FreeLibrary
GetModuleHandleA

user32

FindWindowA
SetWindowTextA
SetForegroundWindow
GetWindowThreadProcessId

shell32

SHGetFolderPathW

msvcp140

_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z

vcruntime140

__C_specific_handler
__current_exception_context
__std_exception_destroy
strchr
strstr
strrchr
memset
memmove
memcpy
memcmp
memchr
__std_exception_copy
__std_terminate
__current_exception
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
__p___argv
_initterm
_exit
__sys_errlist
__sys_nerr
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
exit
__p___argc
system
_beginthreadex
_initterm_e
_set_app_type
_seh_filter_exe
terminate
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_cexit
_crt_atexit

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
_set_new_mode
realloc
malloc

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-convert-l1-1-0

wcstombs
strtoll
strtoul
strtol

api-ms-win-crt-string-l1-1-0

strpbrk
strcmp
strcspn
_strdup
strncmp
isupper
strcat_s
strcpy_s
strspn
tolower
strncpy

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fgets
__stdio_common_vsprintf
fgetpos
__stdio_common_vsscanf
_set_fmode
fputs
_get_stream_buffer_pointers
feof
fseek
__stdio_common_vfprintf
ungetc
__p__commode
fclose
setvbuf
ftell
fwrite
fflush
_fseeki64
fgetc
fsetpos
fread
fputc
fopen

api-ms-win-crt-filesystem-l1-1-0

rename
_unlink
_access
_lock_file
_unlock_file
_stat64

api-ms-win-crt-time-l1-1-0

_gmtime64
_time64
strftime

api-ms-win-crt-math-l1-1-0

ceilf
__setusermatherr

api-ms-win-crt-multibyte-l1-1-0

_mbsnbcpy
_mbsnbcmp
_mbspbrk
_mbschr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 323KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

63dba2248962c63116d8b9098715faa7

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

kernel32

user32

shell32

msvcp140

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 323KB - Virtual size: 322KB

.rdata Size: 89KB - Virtual size: 89KB

.data Size: 2KB - Virtual size: 4KB

.pdata Size: 15KB - Virtual size: 15KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1024B - Virtual size: 876B

.text
Size: 323KB - Virtual size: 322KB

.rdata
Size: 89KB - Virtual size: 89KB

.data
Size: 2KB - Virtual size: 4KB

.pdata
Size: 15KB - Virtual size: 15KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1024B - Virtual size: 876B