nosshd64[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nosshd64.exe
Size

1.0MB
MD5

1e610be38af5e20e4f0c3f38cd67211a
SHA1

6ec0fe0ff5e31328336c7d67df1feb0949b0c52a
SHA256

32c2de985d9ba5dddaecafc41abc9e2f257018c57c9ca9322708a4c26e95737e
SHA512

42e2e815b2211e6d99c37bc2ed7bad7dce7fe3dda03822490637f2b88b323d3f35cd48fb2297fb42d8eafcbbc1288d1740e13131d1790516bc1c9d93fad17caf
SSDEEP

12288:qhwQkVdJHOE0NEqT3aLMODireytg2VuhtfggNQCJutIIQiU3:qh7kzJmNEjPD6y2VufIgNnqQio

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nosshd64.exe

Files

nosshd64.exe
.exe windows x64

d5c7b24bd29437297f5936a77cbaf4f4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

userenv

LoadUserProfileW

crypt32

CryptStringToBinaryA
CryptBinaryToStringA

ws2_32

ntohl
htons
htonl
FreeAddrInfoW
GetAddrInfoW
inet_ntop
inet_ntoa
WSARecv
WSAIoctl
WSAGetOverlappedResult
WSACleanup
WSAStartup
gethostname
socket
shutdown
setsockopt
listen
getsockopt
getsockname
getpeername
bind
WSASocketW
WSADuplicateSocketW
WSAGetLastError
closesocket
getnameinfo
getservbyname
ntohs
WSASend

secur32

LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaLogonUser
InitSecurityInterfaceW
LsaDeregisterLogonProcess
LsaRegisterLogonProcess
FreeContextBuffer
LsaConnectUntrusted

kernel32

SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetCommandLineW
GetCommandLineA
SetStdHandle
Sleep
CloseHandle
GetLastError
GetComputerNameW
GetFileAttributesW
WaitForSingleObject
CreateProcessW
CopyFileW
FreeConsole
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
DuplicateHandle
GetCurrentProcess
TerminateProcess
OpenProcess
CreateJobObjectW
AssignProcessToJobObject
SetInformationJobObject
GetStdHandle
CreateDirectoryW
CreateFileW
GetFileType
SetWaitableTimer
CreateWaitableTimerW
GetSystemTimeAsFileTime
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
WideCharToMultiByte
GetConsoleScreenBufferInfo
FlushFileBuffers
GetTempFileNameW
SetEndOfFile
SetFilePointerEx
GetTempPathW
SetHandleInformation
GetCurrentProcessId
GetCurrentThreadId
OpenThread
GetTickCount64
VerSetConditionMask
SetEvent
ResetEvent
SleepEx
CreateEventA
FindNextFileW
GetFinalPathNameByHandleW
QueueUserAPC
SetConsoleCtrlHandler
GetExitCodeProcess
GetSystemDirectoryW
GetWindowsDirectoryW
GetSystemTime
SystemTimeToFileTime
CancelWaitableTimer
CreateWaitableTimerA
MultiByteToWideChar
CreateFileA
GetFileAttributesExW
GetFileInformationByHandle
ReadFileEx
WriteFileEx
FindClose
CancelIo
CreateNamedPipeA
GetDriveTypeW
WaitForSingleObjectEx
WaitForMultipleObjectsEx
ReadFile
WriteFile
CancelIoEx
CancelSynchronousIo
GetConsoleMode
SetConsoleMode
WriteConsoleW
ReadConsoleInputW
Beep
GetConsoleCP
FillConsoleOutputCharacterA
RtlUnwind
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleScreenBufferSize
SetConsoleCursorPosition
SetConsoleTextAttribute
SetConsoleWindowInfo
ScrollConsoleScreenBufferA
WriteConsoleOutputA
ReadConsoleOutputA
FormatMessageA
DeleteFileW
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
GetCurrentDirectoryW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleFileNameW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetTimeZoneInformation
HeapReAlloc
ReadConsoleW
GetFileSizeEx
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
GetProcessHeap
FileTimeToSystemTime
DeviceIoControl
FindFirstFileExW
HeapSize
VerifyVersionInfoW
FillConsoleOutputAttribute
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
SetCurrentDirectoryW

user32

GetWindowPlacement
FindWindowA
ShowWindow

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
ConvertSidToStringSidA
ConvertSidToStringSidW
LsaManageSidNameMapping
RegQueryValueExW
LookupPrivilegeValueA
FreeSid
EqualSid
DuplicateToken
CreateRestrictedToken
AllocateLocallyUniqueId
AllocateAndInitializeSid
AdjustTokenPrivileges
CreateProcessAsUserW
GetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
IsWellKnownSid
IsValidSecurityDescriptor
IsValidAcl
GetLengthSid
GetAce
CopySid
OpenProcessToken
RegOpenKeyExW
RegEnumValueW
RegCloseKey
SetServiceStatus
RegisterServiceCtrlHandlerW
LookupAccountSidW
IsValidSid
GetTokenInformation
GetSidIdentifierAuthority
CheckTokenMembership

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 87KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5c7b24bd29437297f5936a77cbaf4f4

Headers

DLL Characteristics

File Characteristics

Imports

userenv

crypt32

ws2_32

secur32

kernel32

user32

advapi32

Sections

.text Size: 697KB - Virtual size: 697KB

.rdata Size: 247KB - Virtual size: 247KB

.data Size: 87KB - Virtual size: 115KB

.pdata Size: 27KB - Virtual size: 26KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1024B - Virtual size: 968B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 697KB - Virtual size: 697KB

.rdata
Size: 247KB - Virtual size: 247KB

.data
Size: 87KB - Virtual size: 115KB

.pdata
Size: 27KB - Virtual size: 26KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 968B

.reloc
Size: 3KB - Virtual size: 2KB