Nandub[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nandub.exe
Size

964KB
MD5

64d421f2a313e059645607d2057cb3e3
SHA1

01b2f252d1cbe355ccfccd6b6e3f6e31a2f1caa7
SHA256

e0a3a748717dbe5080b7ae20a029d9b4f203566675c19af1353c86454ff45544
SHA512

ec100552b4c706eb7e1a1882ccc477c079f32994263ba46cb7b61563fda46181be0b359d09dbe6e74fdd354d61bc09f1f2bb26e59701645a6ee73bfdbdee2e55
SSDEEP

24576:9w7u9qaIevxhSqd90zme3qdNEj9KTy8K+oJl9vIx0hL0TYii:9d9qG6qd9EqdPy2xu0cL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nandub.exe

Files

Nandub.exe
.exe windows:4 windows x86

7a11bf2672722afcc22282d1dda03892

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileA
GlobalAlloc
DeleteFileA
GetSystemInfo
InterlockedExchange
GlobalUnlock
GlobalLock
GetVolumeInformationA
GetSystemTimeAsFileTime
GetProcessTimes
OpenFileMappingA
SystemTimeToFileTime
FileTimeToSystemTime
GetLocalTime
ExitProcess
FormatMessageA
VirtualQuery
GetModuleFileNameA
GetFullPathNameA
GetVersionExA
SetUnhandledExceptionFilter
SuspendThread
ReadProcessMemory
UnhandledExceptionFilter
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
FindFirstFileA
GetWindowsDirectoryA
FindClose
GetTickCount
DuplicateHandle
ResumeThread
GetCurrentProcess
SetPriorityClass
GlobalFree
VirtualProtect
WideCharToMultiByte
GetFileAttributesA
GetModuleHandleA
GetDiskFreeSpaceA
OutputDebugStringA
UnmapViewOfFile
SetConsoleCtrlHandler
GetEnvironmentVariableA
TlsGetValue
TlsFree
TlsAlloc
GetVersion
GetCommandLineA
GetStartupInfoA
GetFileType
HeapReAlloc
ExitThread
TlsSetValue
CreateThread
RaiseException
RtlUnwind
HeapFree
HeapAlloc
HeapCreate
IsBadWritePtr
FatalAppExitA
SetHandleCount
GetStdHandle
TerminateProcess
MultiByteToWideChar
LCMapStringA
LCMapStringW
SetStdHandle
HeapSize
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
SizeofResource
LockResource
LoadResource
FindResourceA
MapViewOfFile
GetLocaleInfoW
EnumSystemLocalesA
GetTimeZoneInformation
GetUserDefaultLCID
HeapDestroy
GetCurrentThread
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
CreateFileA
GetFileSize
WriteFile
GetLastError
CreateFileMappingA
SetFilePointer
SetEndOfFile
Sleep
CreateEventA
SetThreadPriority
lstrcpyA
SetEnvironmentVariableA
CompareStringW
CompareStringA
CloseHandle
WaitForSingleObject
LeaveCriticalSection
FreeResource
ReadFile
SetEvent
SetLastError
MulDiv
FlushFileBuffers
LoadLibraryA
GetProcAddress
FreeLibrary
EnterCriticalSection
VirtualAlloc

user32

GetClientRect
UpdateWindow
ShowWindow
DrawIcon
GetDC
EnumChildWindows
EndPaint
wsprintfA
EndDialog
InvalidateRect
UnionRect
LoadIconA
SendMessageA
BeginPaint
SetDlgItemTextA
OffsetRect
GetDlgItem
EnumDisplaySettingsA
GetWindowLongA
PostMessageA
FindWindowA
MessageBoxA
wvsprintfA
WinHelpA
ScreenToClient
GetWindowRect
GetParent
ReleaseDC
SetDlgItemInt
SetFocus
CallWindowProcA
GetWindowTextA
SetWindowPos
GetWindowTextLengthA
CheckRadioButton
CreateWindowExA
GetKeyState
SetWindowTextA
GetSystemMetrics
FillRect
SystemParametersInfoA
BeginDeferWindowPos
DestroyMenu
DrawEdge
CreateDialogParamA
SetMenu
PostQuitMessage
GetSubMenu
LoadAcceleratorsA
GetMenu
AppendMenuA
EnableMenuItem
LoadMenuA
TrackPopupMenu
DefWindowProcA
CheckMenuRadioItem
ClientToScreen
PtInRect
CheckMenuItem
TranslateMessage
LoadStringA
CheckDlgButton
GetDlgItemInt
SendDlgItemMessageA
EnableWindow
IsDlgButtonChecked
DialogBoxParamA
KillTimer
SetTimer
IsWindow
SetRect
GetCursorPos
DrawTextA
AdjustWindowRect
MapDialogRect
SetWindowLongA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
RemoveMenu
GetMenuItemInfoA
InsertMenuItemA
ExitWindowsEx
DeferWindowPos
EndDeferWindowPos
TabbedTextOutA
DestroyWindow
TranslateAcceleratorA
DispatchMessageA
IsDialogMessageA
LoadImageA
SetCapture
ReleaseCapture
LoadCursorA
DestroyCaret
CreateCaret
GetForegroundWindow
GetScrollInfo
CloseWindow
SetCaretPos
ShowCaret
SetScrollPos
HideCaret
ScrollDC
SetScrollRange
GetDialogBaseUnits
GetClassLongA
RegisterClassA
GetDlgItemTextA
IntersectRect
SetForegroundWindow
GetSysColor
MsgWaitForMultipleObjects
PostThreadMessageA
RedrawWindow
PeekMessageA
MessageBeep
GetMessageA

gdi32

SetDIBColorTable
SetPixel
GetPixel
BitBlt
CreateDIBSection
CreateCompatibleDC
GetStockObject
DeleteDC
DeleteObject
SelectObject
GdiFlush
StretchBlt
StretchDIBits
CreateDCA
SelectClipRgn
SetViewportOrgEx
SetWindowOrgEx
IntersectClipRect
SetDIBits
CreateFontA
TextOutA
SetBkColor
SetTextAlign
CreateSolidBrush
LineTo
MoveToEx
GetClipBox
GetTextMetricsA
SetTextColor
SetBkMode
Polygon
RectVisible
SetDIBitsToDevice
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA
ChooseColorA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegCloseKey
RegDeleteValueA
OpenProcessToken
RegCreateKeyExA

shell32

DragQueryFileA
ShellExecuteA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
DragAcceptFiles

ole32

CoInitialize
CoUninitialize
CoCreateInstance

winmm

mmioWrite
mmioGetInfo
DefDriverProc
mmioCreateChunk
mmioFlush
mixerGetLineInfoA
mixerGetID
mixerGetDevCapsA
waveInReset
mixerGetLineControlsA
mixerGetControlDetailsA
waveInOpen
waveInUnprepareHeader
waveInClose
waveInStart
waveInPrepareHeader
waveInAddBuffer
waveOutReset
mixerSetControlDetails
waveOutGetPosition
waveOutPause
waveOutRestart
waveOutOpen
waveOutWrite
waveOutClose
waveOutUnprepareHeader
mmioSeek
mmioDescend
mmioRead
mmioAscend
mmioClose
mmioOpenA
timeKillEvent
timeEndPeriod
timeBeginPeriod
timeSetEvent
waveOutPrepareHeader

msvfw32

ICRemove
ICDraw
ICGetInfo
ICClose
ICLocate
ICSendMessage
ICOpen
ICImageDecompress
ICDecompress
DrawDibDraw
ICInstall
DrawDibClose
DrawDibOpen
ICInfo
DrawDibRealize
DrawDibBegin
ICCompress

avifil32

AVIStreamFindSample
AVIFileInit
AVIFileExit
AVIStreamStart
AVIStreamRead
AVIFileOpenA
AVIStreamInfoA
AVIStreamEndStreaming
AVIStreamBeginStreaming
AVIStreamReadFormat
AVIFileGetStream
AVIFileRelease
AVIStreamLength

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msacm32

acmStreamPrepareHeader
acmStreamSize
acmStreamOpen
acmStreamUnprepareHeader
acmMetrics
acmStreamClose
acmDriverDetailsA
acmStreamConvert
acmDriverClose
acmDriverID
acmDriverOpen
acmDriverEnum
acmFormatDetailsA
acmFormatEnumA
acmFormatTagEnumA
acmFormatChooseA
acmFormatSuggest

comctl32

ord17
ord6
ord16

ogg

ogg_page_eos
ogg_sync_buffer
ogg_stream_clear
ogg_stream_packetout
ogg_stream_pagein
ogg_stream_init
ogg_page_serialno
ogg_sync_wrote
ogg_sync_pageout
ogg_sync_init

vorbis

vorbis_synthesis_init
vorbis_comment_clear
vorbis_info_init
vorbis_info_clear
vorbis_dsp_clear
vorbis_block_init
vorbis_synthesis_headerin
vorbis_comment_init
vorbis_block_clear
vorbis_synthesis_read
vorbis_synthesis_pcmout
vorbis_synthesis_blockin
vorbis_synthesis

Exports

Exports

VirtualdubFilterModuleDeinit
VirtualdubFilterModuleInit2

Sections

.text
Size: 624KB - Virtual size: 623KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7a11bf2672722afcc22282d1dda03892

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

winmm

msvfw32

avifil32

avicap32

msacm32

comctl32

ogg

vorbis

Exports

Exports

Sections

.text Size: 624KB - Virtual size: 623KB

.rdata Size: 154KB - Virtual size: 154KB

.data Size: 30KB - Virtual size: 108KB

.tls Size: 512B - Virtual size: 240B

.rsrc Size: 154KB - Virtual size: 153KB

.text
Size: 624KB - Virtual size: 623KB

.rdata
Size: 154KB - Virtual size: 154KB

.data
Size: 30KB - Virtual size: 108KB

.tls
Size: 512B - Virtual size: 240B

.rsrc
Size: 154KB - Virtual size: 153KB