nginxr7[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nginxr7.exe
Size

3.1MB
MD5

8346629f3a51c49a4344178c22dfeac6
SHA1

376518730811b781919f732a217b9776ac34768e
SHA256

57d8850d83de1cb0b7f7b46cfb0a7c59b96b21b69e3ba7bc7bdf585f274038b6
SHA512

34a86da2d61ddc34142e831121b424a0826f1193ec032a58d05b38db72b457b0dc14ec79955630869d1cfb28e7ccd49b805b76a88687cced295bd97ed07b2011
SSDEEP

49152:91rzZJyArYsdE2dRvYm5mUAfGvQ/qpyr0kW/auM+PmlcTwmrdU5yauD0:3zbrf+gRvfmUbvQ/qpyr0kG1Mtl5

Score

1^/10

Malware Config

Signatures

Files

nginxr7.exe
.exe windows x86

af80d05a7f57a05705b13f9e83707aed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointerEx
SetFileTime
WriteFile
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
MapViewOfFileEx
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetCommandLineA
ResetEvent
OpenEventA
TerminateProcess
GetExitCodeProcess
CreateProcessA
GetModuleFileNameA
WaitForMultipleObjects
CreateThread
GetEnvironmentVariableA
GetSystemInfo
GetVersionExA
GetModuleHandleA
SetEnvironmentVariableA
SetEvent
ReleaseMutex
SetEndOfFile
CreateMutexA
CreateEventA
OpenMutexA
FreeConsole
SetConsoleCtrlHandler
CreateIoCompletionPort
GetQueuedCompletionStatus
ReadFile
GetLongPathNameW
GetFileAttributesExW
GetDiskFreeSpaceExA
GetDiskFreeSpaceA
FindNextFileA
FindFirstFileA
FindClose
CreateFileW
FormatMessageA
Sleep
SwitchToThread
SetLastError
GetFileInformationByHandle
CreateFileA
CreateDirectoryA
DeleteFileA
GetCurrentThreadId
SetStdHandle
MoveFileA
LoadLibraryA
GetFullPathNameA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
FileTimeToLocalFileTime
WriteConsoleW
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
OutputDebugStringW
GetProcAddress
FreeLibrary
GetCurrentProcessId
GetLastError
CloseHandle
GetCurrentDirectoryA
WaitForSingleObject
GetStdHandle
RtlUnwind
HeapSize
GetSystemTime
SystemTimeToFileTime
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiber
FindFirstFileW
FindNextFileW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleExW
GetFileType
GetModuleHandleW
FormatMessageW
QueryPerformanceCounter
ConvertFiberToThread
ConvertThreadToFiber
LoadLibraryW
GetEnvironmentVariableW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
HeapFree
EncodePointer
DecodePointer
ExitProcess
AreFileApisANSI
HeapAlloc
IsProcessorFeaturePresent
IsDebuggerPresent
HeapReAlloc
FatalAppExitA
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
GetCurrentProcess
GetStartupInfoW
GetTickCount
CreateSemaphoreW
GetModuleFileNameW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCurrentThread
RaiseException
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleCP
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

user32

GetUserObjectInformationW
MessageBoxW
GetProcessWindowStation
CharToOemBuffA

advapi32

CryptGetUserKey
CryptSignHashW
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegCloseKey
RegCreateKeyExA
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptEnumProvidersW
CryptExportKey
CryptDecrypt
CryptCreateHash
CryptDestroyHash
RegSetValueExA

ws2_32

recv
select
__WSAFDIsSet
WSAIoctl
WSAStartup
WSASend
WSARecv
WSAGetOverlappedResult
ioctlsocket
accept
connect
gethostname
WSASocketW
shutdown
WSASetLastError
socket
setsockopt
listen
getsockopt
getsockname
closesocket
bind
freeaddrinfo
getaddrinfo
ntohs
ntohl
htons
htonl
WSACleanup
WSAGetLastError
send
getnameinfo
gethostbyname

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenStore
CertGetCertificateContextProperty

bcrypt

BCryptGenRandom

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 600KB - Virtual size: 600KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 72KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

af80d05a7f57a05705b13f9e83707aed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

crypt32

bcrypt

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 600KB - Virtual size: 600KB

.data Size: 72KB - Virtual size: 116KB

.idata Size: 7KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 95KB - Virtual size: 94KB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 600KB - Virtual size: 600KB

.data
Size: 72KB - Virtual size: 116KB

.idata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 95KB - Virtual size: 94KB