nevada-4dcdd956e0808[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

nevada-4dcdd956e0808.exe
Size

506KB
MD5

99549bcea63af5f81b01decf427519af
SHA1

c7fcbaedf6b077b3d9bfc4720c3860a5d848bcb4
SHA256

855f411bd0667b650c4f2fd3c9fbb4fa9209cf40b0d655fa9304dcdd956e0808
SHA512

e04530a498d749758a7564b8f6a21f923f61fa723c08179a751d0fd8ec31bb085b54d218256494c555dce0c7b655eec33972dfe9b7f220efc57ce3717a7f6c92
SSDEEP

6144:l5BGdXpsv8yHWjRxmrkwql2yVayc4nP4jcyeO9mrmcFEIos52:/BGQkwkwnyVZHScyz9mCc7

Score

1^/10

Malware Config

Signatures

Files

nevada-4dcdd956e0808.exe
.exe windows x64

ff3a3d931c8b944178e33a9163f3960f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenSCManagerW
CreateServiceW
RegDeleteKeyW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
SystemFunction036

kernel32

CloseHandle
GlobalAlloc
GlobalFree
CreateFileW
GetLastError
DeviceIoControl
GetProcessHeap
HeapAlloc
GetDriveTypeW
FindFirstVolumeW
GetVolumePathNamesForVolumeNameW
SetVolumeMountPointW
FindNextVolumeW
FindVolumeClose
HeapFree
GetUserDefaultUILanguage
FormatMessageW
LocalFree
lstrlenW
WriteFile
SetFilePointerEx
ReadFile
FindNextFileW
FindClose
GetCommandLineW
GetCurrentDirectoryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileAttributesW
GetStartupInfoW
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemInfo
MultiByteToWideChar
QueryPerformanceCounter
SetLastError
Sleep
WideCharToMultiByte
GetModuleFileNameW
FreeLibrary
FindFirstFileW
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ReleaseMutex
ReleaseSRWLockShared
CompareStringOrdinal
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
GetCurrentProcess
RtlCaptureContext
GetProcAddress
RtlLookupFunctionEntry
GetEnvironmentVariableW
SetEnvironmentVariableW
FlushFileBuffers
DuplicateHandle
GetStdHandle
GetCurrentProcessId
WriteFileEx
SleepEx
WaitForSingleObject
GetExitCodeProcess
TerminateProcess
WaitForMultipleObjects
GetOverlappedResult
TryAcquireSRWLockExclusive
TlsAlloc
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetFileInformationByHandle
MoveFileExW
CreateEventW
CancelIo
GetModuleHandleW
ExitProcess
GetFullPathNameW
CreateNamedPipeW
ReadFileEx
GetWindowsDirectoryW
CreateProcessW
CreateThread
TlsGetValue
TlsSetValue
GetModuleHandleA
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
GetFileType
SetStdHandle
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetCommandLineA
GetModuleHandleExW
LoadLibraryExW
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwindEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GetCurrentThreadId
InitializeSListHead
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter

mpr

WNetOpenEnumW
WNetCloseEnum
WNetEnumResourceW

bcrypt

BCryptGenRandom

Sections

.text
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff3a3d931c8b944178e33a9163f3960f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

mpr

bcrypt

Sections

.text Size: 322KB - Virtual size: 321KB

.rdata Size: 160KB - Virtual size: 159KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 16KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 322KB - Virtual size: 321KB

.rdata
Size: 160KB - Virtual size: 159KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 16KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 3KB - Virtual size: 3KB