nzekxnr8[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nzekxnr8.exe
Size

1008KB
MD5

f49e81a7ea865af9d52af8c857108d04
SHA1

de08ef2f63452655dcf0fc5e069ed275adbbe372
SHA256

53feeeeb6d683b583086ae55b8a50f93336d92a4f89849e9335f4750e305aef8
SHA512

f7dc742e8a840b698938cf2d0d0179604b4479aa5013c5a2bfdb7d3204fb6ce843cdb15af882fa7fc88ab6b5c55e8cf6f4a9da0dca28eb68864749eec585c209
SSDEEP

24576:lcWfQkzB8Ang/x6QOlv9fFNyBGX+P/DPGuS333Er+6oFy:yezBOf+EaNFy

Score

1^/10

Malware Config

Signatures

Files

nzekxnr8.exe
.exe windows x86

17e732420e3f74bbe372ba823918c7fe

Code Sign

11:21:35:2e:0b:20:23:d1:a7:51:88:6d:cb:e9:7d:37:79:5e
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

21/02/2014, 16:58

Not After

30/05/2015, 17:52

Subject

CN=Disc Soft Ltd,O=Disc Soft Ltd,L=Belize city,ST=Belize,C=BZ,1.2.840.113549.1.9.1=#0c1366696e707240646973632d736f66742e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

23/08/2013, 00:00

Not After

23/09/2024, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G1,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:c3:eb:09:f6:93:8e:58:d7:06:06:9a:0a:65:4f:61:23:93:0d:da
Signer

Actual PE Digest

b0:c3:eb:09:f6:93:8e:58:d7:06:06:9a:0a:65:4f:61:23:93:0d:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

DeviceIoControl
SetVolumeMountPointW
DeleteVolumeMountPointW
QueryDosDeviceW
GetVolumeInformationW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
CreateEventA
InitializeCriticalSection
GetTickCount
LoadLibraryW
GetFileSize
SetThreadPriority
GetPrivateProfileStringW
LocalFree
OpenProcess
GetCurrentThread
DeleteFileW
GetFileAttributesW
SetFileAttributesW
MultiByteToWideChar
FindResourceExW
FindResourceW
GetCommandLineW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
CreateEventW
CreateMutexW
lstrcmpiW
WideCharToMultiByte
LocalAlloc
GetComputerNameW
FormatMessageA
SizeofResource
LoadResource
Sleep
WaitForSingleObject
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
CreateThread
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcAddress
FreeLibrary
LockResource
InterlockedCompareExchange
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
DecodePointer
CreateFileW
CloseHandle
SetFileTime
GetFileTime
ReadFile
WriteFile
GetLastError
ResumeThread
ReleaseSemaphore
OpenEventA
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
GetOEMCP
GetACP
IsValidCodePage
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
ExitThread
RtlUnwind
IsProcessorFeaturePresent
EncodePointer
GetStringTypeW
OutputDebugStringW
IsDebuggerPresent
LoadLibraryExA
GetCurrentProcess
ReleaseMutex
GetSystemWindowsDirectoryW
GetOverlappedResult
ResetEvent
WaitForMultipleObjects
CancelIo
InterlockedExchangeAdd
VerSetConditionMask
FindClose
GetSystemTimeAsFileTime
GetSystemInfo
CreateDirectoryW
FindFirstFileW
FindNextFileW
VerifyVersionInfoW
GetUserDefaultLCID
WritePrivateProfileStringW
GetSystemTime
SystemTimeToFileTime
lstrlenA
GetThreadTimes
GetProcessAffinityMask
SetThreadAffinityMask
WaitForSingleObjectEx
CreateWaitableTimerW
SetWaitableTimer
CancelWaitableTimer
QueryPerformanceCounter
QueryPerformanceFrequency
VirtualAlloc
VirtualFree
SetLastError
GetFileSizeEx
SetFilePointerEx
GetModuleHandleA
GetDiskFreeSpaceW
SetFilePointer
LocalFileTimeToFileTime
GetCurrentDirectoryW
GetFileAttributesExW
FileTimeToSystemTime
AllocateUserPhysicalPages
FreeUserPhysicalPages
MapUserPhysicalPages
SetEndOfFile
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
SleepEx

user32

CharUpperBuffW
CharLowerBuffW
DestroyWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
LoadStringW
MessageBoxW
CharNextW
CharUpperW
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW

advapi32

OpenProcessToken
ImpersonateLoggedOnUser
SetThreadToken
RevertToSelf
DuplicateToken
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
LookupPrivilegeValueW
CheckTokenMembership
SetEntriesInAclW
GetTokenInformation
SetNamedSecurityInfoW
OpenThreadToken

ole32

StringFromGUID2
CoUninitialize
CoRevertToSelf
CoImpersonateClient
CoCreateGuid
StringFromCLSID
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoInitialize
CoCreateInstance
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoResumeClassObjects
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx

oleaut32

RegisterTypeLi
SysAllocStringLen
VarBstrCmp
SysAllocString
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
UnRegisterTypeLi
SysStringByteLen

ws2_32

WSASetEvent
WSASend
WSASocketW
WSAWaitForMultipleEvents
WSACloseEvent
WSAResetEvent
WSARecv
WSAHtons
WSAHtonl
WSAGetOverlappedResult
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSAConnect
FreeAddrInfoW
WSAGetLastError
shutdown
setsockopt
ntohl
WSAStartup
WSACleanup
GetAddrInfoW
closesocket

imgengine

ord5
ord2
ord8
ord9
ord3
ord7
ord10

sptdintf

ord6

shlwapi

PathFileExistsW

newdev

UpdateDriverForPlugAndPlayDevicesW

shell32

SHGetFolderPathW
ord680

winmm

timeEndPeriod
timeBeginPeriod

setupapi

CM_Get_DevNode_Registry_PropertyW
CM_Get_Device_IDW
CM_Get_Child
SetupDiSetSelectedDevice
SetupDiSetClassInstallParamsW
SetupDiSetDeviceInstallParamsW
CM_Get_DevNode_Status
CM_Get_Sibling
CM_Query_And_Remove_SubTreeW
CMP_WaitNoPendingInstallEvents
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiCreateDeviceInfoW
SetupDiGetINFClassW
CM_Request_Device_EjectW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

rpcrt4

UuidCreate

Exports

Exports

??0CSPTDDeviceInfo@@IAE@XZ
??0CSPTDDeviceInfo@@QAE@ABV0@@Z
??0CSPTDDevices@@QAE@ABV0@@Z
??4CSPTDDeviceInfo@@QAEAAV0@ABV0@@Z
??4CSPTDDevices@@QAEAAV0@ABV0@@Z
??4VDriveEngine@@QAEAAV0@ABV0@@Z
??_7CSPTDDeviceInfo@@6B@
??_7CSPTDDevices@@6B@
?GetATAPIDevicesCount@CSPTDDevices@@QAEHXZ
?GetDevNotify@CSPTDDeviceInfo@@QAEPAXXZ
?GetDevicesCount@CSPTDDevices@@QAEHXZ
?OnDeviceChanged@CSPTDDevices@@UAEXAAV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@@Z

Sections

.text
Size: 727KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

17e732420e3f74bbe372ba823918c7fe

Code Sign

11:21:35:2e:0b:20:23:d1:a7:51:88:6d:cb:e9:7d:37:79:5eCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

b0:c3:eb:09:f6:93:8e:58:d7:06:06:9a:0a:65:4f:61:23:93:0d:daSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

ws2_32

imgengine

sptdintf

shlwapi

newdev

shell32

winmm

setupapi

rpcrt4

Exports

Exports

Sections

.text Size: 727KB - Virtual size: 726KB

.rdata Size: 150KB - Virtual size: 150KB

.data Size: 39KB - Virtual size: 56KB

.tls Size: 512B - Virtual size: 2B

.vmp0 Size: 33KB - Virtual size: 32KB

.rsrc Size: 51KB - Virtual size: 51KB

11:21:35:2e:0b:20:23:d1:a7:51:88:6d:cb:e9:7d:37:79:5e
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:40:5c:1f:0e:d2:58:88:2b:e5:4d:86:86:ba:11:ea:45
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

b0:c3:eb:09:f6:93:8e:58:d7:06:06:9a:0a:65:4f:61:23:93:0d:da
Signer

.text
Size: 727KB - Virtual size: 726KB

.rdata
Size: 150KB - Virtual size: 150KB

.data
Size: 39KB - Virtual size: 56KB

.tls
Size: 512B - Virtual size: 2B

.vmp0
Size: 33KB - Virtual size: 32KB

.rsrc
Size: 51KB - Virtual size: 51KB