Nitro-Generator[.]bat[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Nitro-Generator.bat.exe
Size

462KB
MD5

852d67a27e454bd389fa7f02a8cbe23f
SHA1

5330fedad485e0e4c23b2abe1075a1f984fde9fc
SHA256

a8fdba9df15e41b6f5c69c79f66a26a9d48e174f9e7018a371600b866867dab8
SHA512

327dc74590f34185735502e289135491092a453f7f1c5ee9e588032ff68934056ffa797f28181267fd9670f7895e1350894b16ea7b0e34a190597f14aea09a4d
SSDEEP

6144:dxGRyCXBgoDhzoNKXzJ7BapCK5d3klRzULOnWyjLsPhAQzqO:CRZgQhIKXzJ4pdd3klnnWosPhnzq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nitro-Generator.bat.exe

Files

Nitro-Generator.bat.exe
.exe windows x64

f2c0e8a5bd10dbc167455484050cd683

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetCurrentProcess
GetModuleHandleW
SetThreadUILanguage
WriteFile
FormatMessageW
WriteConsoleW
CreateFileW
CompareStringW
GetStartupInfoW
GetStdHandle
GetLastError
FindClose
IsWow64Process
GetFileType
CloseHandle
LocalFree
ExpandEnvironmentStringsW
VirtualProtect
Sleep
SetErrorMode
GetLocaleInfoW
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceExW
GetSystemDefaultUILanguage
UnmapViewOfFile
MapViewOfFile
SearchPathW
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
CreateFileMappingW
GetUserDefaultUILanguage
FindFirstFileW
GetVersionExW
SetLastError

msvcrt

_commode
??1type_info@@UEAA@XZ
__setusermatherr
_amsg_exit
wcsncmp
_vsnwprintf
_wcsnicmp
_wcsicmp
_initterm
exit
_CxxThrowException
memset
memcpy
?terminate@@YAXXZ
__set_app_type
_fmode
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
__CxxFrameHandler
??2@YAPEAX_K@Z
_itow
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
wcsrchr
malloc
free
wcstoul
??_U@YAPEAX_K@Z
wcschr
bsearch

atl

ord30

ole32

PropVariantClear
CoInitialize
CoUninitialize
CoCreateInstance
CoInitializeEx

oleaut32

SysStringLen
VariantClear
SysAllocString
SysFreeString
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroy

mscoree

CorBindToRuntimeEx

shlwapi

SHStrDupW

user32

LoadStringW

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2c0e8a5bd10dbc167455484050cd683

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

atl

ole32

oleaut32

mscoree

shlwapi

user32

Sections

.text Size: 55KB - Virtual size: 54KB

.data Size: 1KB - Virtual size: 3KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 400KB - Virtual size: 400KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 55KB - Virtual size: 54KB

.data
Size: 1KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 400KB - Virtual size: 400KB

.reloc
Size: 3KB - Virtual size: 2KB