NTRViewer[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NTRViewer.exe
Size

819KB
MD5

cdf393cebafbfc3a8222ebdab232d5ed
SHA1

8e8b4aa99d15c3f4aeecfadd0c354cb29109b032
SHA256

ff1664aa913b5cf816d9ea8dd91fa76e51eabd2abf14cfe1128ad9e572cfaa84
SHA512

972e8c486f01d92b4449c8f70c91b8f951936c9b4c7628d93822519731c22781ee76fdfe1be54d2f40871bb370703a15331cc24561038a522b20a1223f8b5cf1
SSDEEP

12288:9dczzIYXxd42KBJshHRgKJCjzmrm6RC8iZ7GTtmpp/2E:sxCBfjzgZiZ7GT0L

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NTRViewer.exe

Files

NTRViewer.exe
.exe windows x86

1fa8e96e480cfc3ad52805c67e731e5e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sdl2

SDL_CreateWindow
SDL_CreateTexture
SDL_UpdateTexture
SDL_RenderClear
SDL_RenderCopy
SDL_RenderPresent
SDL_Delay
SDL_Init
SDL_PollEvent
SDL_SetWindowTitle
SDL_CreateRenderer

turbojpeg

tjInitDecompress
tjDecompress2

ws2_32

closesocket
getsockopt
htons
recvfrom
setsockopt
socket
WSAStartup
WSACleanup
bind

kernel32

IsValidCodePage
SetEnvironmentVariableA
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WriteConsoleW
OutputDebugStringA
WaitForSingleObjectEx
OutputDebugStringW
SetConsoleCtrlHandler
HeapQueryInformation
HeapSize
HeapReAlloc
FlushFileBuffers
FreeLibrary
VirtualQuery
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
CreateThread
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetLastError
MultiByteToWideChar
WideCharToMultiByte
RaiseException
RtlUnwind
SetFilePointerEx
CreateFileW
GetFileType
CloseHandle
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
LoadLibraryExW
DeleteCriticalSection
FatalAppExitA
HeapValidate
GetSystemInfo
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetModuleFileNameW
GetStdHandle
GetStartupInfoW
WriteFile
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThread
GetCurrentThreadId
GetTimeZoneInformation
SetStdHandle
GetConsoleCP
GetConsoleMode
SetEndOfFile
HeapAlloc
HeapFree
GetProcessHeap
ReadFile
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CreateSemaphoreW
GetModuleFileNameA
QueryPerformanceCounter

Sections

.textbss
Size: - Virtual size: 287KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 606KB - Virtual size: 606KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1fa8e96e480cfc3ad52805c67e731e5e

Headers

DLL Characteristics

File Characteristics

Imports

sdl2

turbojpeg

ws2_32

kernel32

Sections

.textbss Size: - Virtual size: 287KB

.text Size: 606KB - Virtual size: 606KB

.rdata Size: 129KB - Virtual size: 129KB

.data Size: 8KB - Virtual size: 16.2MB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 68KB

.textbss
Size: - Virtual size: 287KB

.text
Size: 606KB - Virtual size: 606KB

.rdata
Size: 129KB - Virtual size: 129KB

.data
Size: 8KB - Virtual size: 16.2MB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 68KB