Nursultan[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Nursultan.exe
Size

16.1MB
MD5

a5cc05b66da4e5e57d58f2b2f824d604
SHA1

e07f2dd92ac860155aa34b31b71a297a701fa3f6
SHA256

ee6a2c52855f25d00b87f8b36fed5a42031aa03f2dd69e8d8bb1b15da89072ef
SHA512

3b540e4e43e2ee56e866ddafe89713bf719c591500324ef4a39b7e1369ac684d4277df13359cc70cc410bd1673dd28851eb6cdad8e8d453fcb8adfb038b8c20e
SSDEEP

393216:ZncZ9YvMQRVbjUU+5+NBoTRdDzWjWl2xEIYYOok:ZXMwVb3+5+Xo1dva9FYYFk

Score

1^/10

Malware Config

Signatures

Files

Nursultan.exe
.exe windows:6 windows x64

24fd8ebdcbd74dc199c9db922415e62f

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:b4:13:e1:29:15:a1:44:f8:0a:a6:e5
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

26-01-2023 13:03

Not After

27-01-2024 13:03

Subject

CN=IP Kayukin Gleb Anatolievich,O=IP Kayukin Gleb Anatolievich,L=Izhevsk,ST=Udmurt Republic,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:da:fd:b5:9a:f3:9e:b4:fa:1a:34:b6:50:a4:5c:10:63:db:b8:88:1b:d9:7d:08:fb:80:71:ff:04:ec:96:f0
Signer

Actual PE Digest

a3:da:fd:b5:9a:f3:9e:b4:fa:1a:34:b6:50:a4:5c:10:63:db:b8:88:1b:d9:7d:08:fb:80:71:ff:04:ec:96:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dxgi

CreateDXGIFactory

ws2_32

WSACleanup

crypt32

CertEnumCertificatesInStore

advapi32

CryptAcquireContextW

bcrypt

BCryptDestroyKey

kernel32

SetConsoleCtrlHandler
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

MessageBoxW

gdi32

GetDeviceCaps

Sections

.text
Size: - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.a=t
Size: - Virtual size: 8.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.L]G
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.'TO
Size: 15.8MB - Virtual size: 15.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

24fd8ebdcbd74dc199c9db922415e62f

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

20:b4:13:e1:29:15:a1:44:f8:0a:a6:e5Certificate

Extended Key Usages

Key Usages

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

a3:da:fd:b5:9a:f3:9e:b4:fa:1a:34:b6:50:a4:5c:10:63:db:b8:88:1b:d9:7d:08:fb:80:71:ff:04:ec:96:f0Signer

Headers

DLL Characteristics

File Characteristics

Imports

dxgi

ws2_32

crypt32

advapi32

bcrypt

kernel32

user32

gdi32

Sections

.text Size: - Virtual size: 3.9MB

.rdata Size: - Virtual size: 1.3MB

.data Size: - Virtual size: 89KB

.pdata Size: - Virtual size: 151KB

_RDATA Size: - Virtual size: 348B

.a=t Size: - Virtual size: 8.8MB

.L]G Size: 4KB - Virtual size: 3KB

.'TO Size: 15.8MB - Virtual size: 15.8MB

.rsrc Size: 261KB - Virtual size: 260KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:b4:13:e1:29:15:a1:44:f8:0a:a6:e5
Certificate

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

a3:da:fd:b5:9a:f3:9e:b4:fa:1a:34:b6:50:a4:5c:10:63:db:b8:88:1b:d9:7d:08:fb:80:71:ff:04:ec:96:f0
Signer

.text
Size: - Virtual size: 3.9MB

.rdata
Size: - Virtual size: 1.3MB

.data
Size: - Virtual size: 89KB

.pdata
Size: - Virtual size: 151KB

_RDATA
Size: - Virtual size: 348B

.a=t
Size: - Virtual size: 8.8MB

.L]G
Size: 4KB - Virtual size: 3KB

.'TO
Size: 15.8MB - Virtual size: 15.8MB

.rsrc
Size: 261KB - Virtual size: 260KB