Nemty[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nemty.exe
Size

262KB
MD5

0000efd7a890e1e1a93e481288f5bd2a
SHA1

b5c5386dcbd850262a7a81ff818343dc306e58ce
SHA256

4799d051f0e40b15ec67593ea838df901613018d26b612d6d2447431323d4a01
SHA512

584b2639ac4e4e2df69b1bee015da7791af9d0089d61d82d937d4a255d81f5ec3d80d04f501a771ecf69f62c8743a7b8616ff3b85be47a5f0e7636ed4b781274
SSDEEP

3072:mnHLnmkpqfHMcPHow/Bw+Zw0jlyNMCCZTImdM1LXjwOYuaF7ZHWAAfne:mnrjpqfsc/H/a+ZRjlc1sMtUuf

Score

1^/10

Malware Config

Signatures

Files

Nemty.exe
.exe windows x86

7332a4a6efd535019dd7e3059bed7a73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetNumaProcessorNode
MapViewOfFile
WriteConsoleOutputCharacterA
BuildCommDCBAndTimeoutsA
LoadResource
HeapAlloc
_lwrite
SetMailslotInfo
GetSystemWindowsDirectoryW
FlushViewOfFile
FindFirstFileExW
GetTickCount
LoadLibraryW
FindNextVolumeW
GetConsoleAliasW
GetModuleFileNameW
SetupComm
MultiByteToWideChar
lstrlenW
GetLastError
GetLongPathNameW
GetProcAddress
GetPrivateProfileStringA
_hwrite
GetAtomNameA
ProcessIdToSessionId
LocalAlloc
FindFirstVolumeMountPointA
WTSGetActiveConsoleSessionId
PurgeComm
GetCurrentProcessId
ResetWriteWatch
OpenFileMappingA
GetEnvironmentVariableW
GetEnvironmentVariableA
GetFullPathNameA
GetCommandLineW
HeapSetInformation
GetStartupInfoW
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
EncodePointer
DecodePointer
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
DeleteCriticalSection
SetFilePointer
GetModuleHandleW
ExitProcess
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
Sleep
CloseHandle
CreateFileA
SetStdHandle
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
SetEndOfFile
GetProcessHeap
ReadFile
WriteConsoleW
LCMapStringW
GetStringTypeW
CreateFileW

advapi32

RegQueryValueExW
RegDeleteValueA

Sections

.text
Size: 110KB - Virtual size: 109KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 70.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7332a4a6efd535019dd7e3059bed7a73

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Sections

.text Size: 110KB - Virtual size: 109KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 6KB - Virtual size: 70.4MB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 98KB - Virtual size: 97KB

.reloc Size: 33KB - Virtual size: 33KB

.text
Size: 110KB - Virtual size: 109KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 6KB - Virtual size: 70.4MB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 98KB - Virtual size: 97KB

.reloc
Size: 33KB - Virtual size: 33KB