nexus[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

nexus.exe
Size

8.9MB
MD5

93f1d3e41e790641c78b6063299ac49b
SHA1

db00a552b2c0bb3d1d98c29d8ad22acbead91dbe
SHA256

69d2ec51805eb75267d1570ad7b8c0e927e0082ee81b7adccc99770a3d8ef09b
SHA512

00cf48a59aeca98d80a4c90d6cef49957e1fe59f048b8c603ac2bfdc8c9b3476cf8536428bf1de6e0a4807b91130a187c88802dc76890db324f4c8cc815f3d5a
SSDEEP

98304:H+Sqs7hsmzGr1EqjtGIm3rbI/RHhN1LSypQsRJ1SMh/wiL4ynOJ+T:DGVHxu4rvgMhhR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nexus.exe

Files

nexus.exe
.exe windows x64

8fe0724f3d4a75b4295bcac767b8de37

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetTempPathW
MultiByteToWideChar
WriteConsoleW
GetFullPathNameW
ExitProcess
GetConsoleMode
CreateEventW
GetFinalPathNameByHandleW
LoadLibraryA
DeleteFileW
FindFirstFileW
CreateDirectoryW
GetFileInformationByHandleEx
CreateFileW
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringA
OutputDebugStringW
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
LoadLibraryExW
RtlPcToFileHeader
FreeLibrary
GetEnvironmentVariableW
GetProcessHeap
HeapAlloc
HeapFree
CreateMutexA
WaitForSingleObjectEx
HeapReAlloc
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
SetEvent
WaitForSingleObject
GetFileInformationByHandle
ReleaseSRWLockShared
EncodePointer
SetFileTime
TerminateProcess
CreateThread
GetCurrentThreadId
TlsAlloc
lstrlenW
GetProcAddress
LoadLibraryW
LCIDToLocaleName
GetUserDefaultUILanguage
TryAcquireSRWLockExclusive
GetLastError
CreateMutexW
ReleaseMutex
TlsGetValue
TlsSetValue
RaiseException
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
ResetEvent
InitializeSListHead
RtlVirtualUnwind
GetStdHandle
SetFilePointerEx
IsDebuggerPresent
UnhandledExceptionFilter
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsFree
GetSystemTimeAsFileTime
CloseHandle
GetCommandLineW
AcquireSRWLockShared
GetCurrentProcess
GetSystemInfo
SetEnvironmentVariableW
GetCurrentDirectoryW
SetLastError
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThread
SwitchToThread
SetThreadStackGuarantee
SetHandleInformation
AddVectoredExceptionHandler
GetCurrentProcessId
FindClose
GetModuleHandleA
Sleep
SetFileCompletionNotificationModes
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatusEx
RtlUnwind

user32

ClientToScreen
PeekMessageW
GetTouchInputInfo
GetClientRect
GetWindowLongW
TrackMouseEvent
DispatchMessageA
GetMessageA
FlashWindowEx
DefWindowProcW
CreateIcon
ScreenToClient
SystemParametersInfoA
VkKeyScanW
GetAsyncKeyState
GetKeyboardState
SetWindowLongW
GetSystemMenu
IsWindowVisible
ClipCursor
GetClipCursor
ShowCursor
CloseTouchInputHandle
AdjustWindowRectEx
DestroyIcon
GetWindowRect
RedrawWindow
MonitorFromRect
GetWindowTextW
SetWindowPlacement
SetWindowTextW
CreateAcceleratorTableW
DestroyAcceleratorTable
IsProcessDPIAware
GetDC
PostQuitMessage
SendInput
ShowWindow
AppendMenuW
GetUpdateRect
GetCursorPos
CreateMenu
ValidateRect
ChangeDisplaySettingsExW
CheckMenuItem
SetMenuItemInfoW
EnableMenuItem
MonitorFromWindow
SetCursor
SetWindowDisplayAffinity
LoadCursorW
InvalidateRgn
GetMenu
PostThreadMessageW
PostMessageW
GetMonitorInfoW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
ToUnicodeEx
GetKeyState
MapVirtualKeyExW
GetKeyboardLayout
MonitorFromPoint
EnumDisplayMonitors
GetAncestor
GetMessageW
GetRawInputData
SetCapture
MsgWaitForMultipleObjectsEx
RegisterRawInputDevices
RegisterWindowMessageA
MapVirtualKeyW
SetWindowPos
EnumChildWindows
GetWindowTextLengthW
GetWindowPlacement
GetWindowLongPtrW
SetWindowLongPtrW
GetForegroundWindow
GetActiveWindow
SetCursorPos
ReleaseCapture
IsIconic
SetMenu
SendMessageW
RegisterClassExW
FindWindowW
DestroyWindow
SetForegroundWindow
RegisterTouchWindow
GetSystemMetrics
IsWindow
CreateWindowExW

comctl32

SetWindowSubclass
RemoveWindowSubclass
DefSubclassProc

ole32

CoInitializeEx
CoUninitialize
CreateStreamOnHGlobal
CoCreateInstance
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
RegisterDragDrop
RevokeDragDrop

shell32

SHAppBarMessage
SHCreateItemFromParsingName
DragFinish
DragQueryFileW
SHGetKnownFolderPath
ShellExecuteW

gdi32

DeleteObject
CreateRectRgn
GetDeviceCaps

dwmapi

DwmEnableBlurBehindWindow

uxtheme

SetWindowTheme

advapi32

SystemFunction036
RegGetValueW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

oleaut32

SysStringLen
SysFreeString
SetErrorInfo
GetErrorInfo

bcrypt

BCryptGenRandom

ws2_32

getaddrinfo
closesocket
getsockname
getpeername
WSASocketW
bind
connect
ioctlsocket
getsockopt
shutdown
recv
freeaddrinfo
WSACleanup
WSAStartup
send
WSASend
setsockopt
WSAIoctl
WSAGetLastError

secur32

AcceptSecurityContext
InitializeSecurityContextW
QueryContextAttributesW
FreeContextBuffer
DecryptMessage
ApplyControlToken
AcquireCredentialsHandleA
FreeCredentialsHandle
DeleteSecurityContext
EncryptMessage

crypt32

CertDuplicateStore
CertCloseStore
CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertDuplicateCertificateChain
CertDuplicateCertificateContext

ntdll

NtDeviceIoControlFile
RtlNtStatusToDosError
NtCancelIoFileEx
NtWriteFile
NtReadFile
NtCreateFile

api-ms-win-crt-math-l1-1-0

__setusermatherr
floor
trunc
round
pow

api-ms-win-crt-string-l1-1-0

wcslen
wcsncmp
_wcsicmp
strcpy_s
strlen

api-ms-win-crt-convert-l1-1-0

_ultow_s
wcstol

api-ms-win-crt-runtime-l1-1-0

__p___argv
abort
_cexit
exit
_configure_narrow_argv
_exit
terminate
_initterm
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_seh_filter_exe
_set_app_type
_initterm_e
_register_onexit_function
_initialize_onexit_table
_get_initial_narrow_environment
__p___argc
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

calloc
_set_new_mode
free
malloc
_callnewh

Sections

.text
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 305KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8fe0724f3d4a75b4295bcac767b8de37

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

ole32

shell32

gdi32

dwmapi

uxtheme

advapi32

oleaut32

bcrypt

ws2_32

secur32

crypt32

ntdll

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 5.4MB - Virtual size: 5.4MB

.rdata Size: 3.1MB - Virtual size: 3.1MB

.data Size: 13KB - Virtual size: 16KB

.pdata Size: 305KB - Virtual size: 304KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 3KB - Virtual size: 3KB

.reloc Size: 47KB - Virtual size: 46KB

.text
Size: 5.4MB - Virtual size: 5.4MB

.rdata
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 13KB - Virtual size: 16KB

.pdata
Size: 305KB - Virtual size: 304KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 47KB - Virtual size: 46KB