nzm[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nzm.exe
Size

125KB
MD5

2ecdecaa34a7d9e1236dd358ae0dbb8c
SHA1

e8c0d51ec4f827b5d298b75e1874031d6bddee54
SHA256

a7e649d33c456fd660cc244174a70afa1f1c959a06c67f8f7a466d114b356a52
SHA512

9f17a54ce8cbf8e6adb7af577b4ca24b53dbd12dedbfb75930758282a181f68a0f1f11450ed912d43d4fb8191bd0ea8341153bf7911eeb3c5fe484cd3faa28b3
SSDEEP

3072:0FeT2FbkKDaakzvJmwujmZ/I6ARDeefDOnxTdpJDdt6o4r0+bb:0F426KWaUvJmwjGeef6nx1qJrTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nzm.exe

Files

nzm.exe
.exe windows x86

ad801d0cb3ba8c4b23850dacb23134e6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetAddConnection2A

ws2_32

WSAStartup
setsockopt
ioctlsocket
bind
listen
WSACleanup
inet_addr
htons
connect
recv
closesocket
socket
send
select
__WSAFDIsSet
accept

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

GlobalMemoryStatus
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetOEMCP
GetACP
GetCPInfo
LCMapStringW
LCMapStringA
MultiByteToWideChar
Sleep
ReadFile
CloseHandle
WriteFile
TransactNamedPipe
CreateFileA
WaitForSingleObject
GetLastError
CreateEventA
GetModuleFileNameA
ExitThread
CreateThread
GetSystemDirectoryA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryA
GetProcAddress
GetModuleHandleA
FormatMessageA
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
SetFileTime
GetFileTime
CreateProcessA
ExpandEnvironmentStringsA
SetFileAttributesA
GetFileAttributesA
GetTempPathA
GetVersionExA
CopyFileA
GetTimeFormatA
GetDateFormatA
GetLocalTime
ExitProcess
DeleteFileA
OpenProcess
GetCurrentProcessId
CreateMutexA
lstrcmpiA
GetCurrentProcess
TerminateProcess
GetLocaleInfoA
TerminateThread
HeapAlloc
HeapFree
RtlUnwind
GetTimeZoneInformation
GetSystemTime
GetStartupInfoA
GetCommandLineA
GetVersion
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
RaiseException
HeapSize
SetHandleCount
GetStdHandle
GetFileType
SetFilePointer
WideCharToMultiByte

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ad801d0cb3ba8c4b23850dacb23134e6

Headers

File Characteristics

Imports

mpr

ws2_32

version

kernel32

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 27KB - Virtual size: 336KB

.sxdata Size: 512B - Virtual size: 24B

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 27KB - Virtual size: 336KB

.sxdata
Size: 512B - Virtual size: 24B