NabuSim[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NabuSim.exe
Size

1.8MB
MD5

1979afc6028a3cd2f89dfb7237dec43a
SHA1

f9c6a9eb925811c81342d4336cd652c1b55d77f9
SHA256

7531e28ce5574a6bf3017311e9b0d41d82d234c022ceba78ef5241ee472966d4
SHA512

34a8a67ffb49e06f2c56cf65a104a0dea54d69ccdf4ef871ad0a7559c7e25d40cb8ad3cb30f7e46e44021056cafe9edc5b30ba7073b137d58058e185540401e1
SSDEEP

24576:mC+9WVbZ1RStKpEK6l0F4Fc1zGiDnVVXkq+KtiJQ3fEMnM9SYmHNs/w:mIp96l0F4FcX30q+KtiJQ3fEMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NabuSim.exe

Files

NabuSim.exe
.exe windows:4 windows x86

dc0dfbd949a5f9612ed4bc2818703865

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Create
ImageList_LoadImageA
ImageList_ReplaceIcon
InitCommonControls
InitCommonControlsEx

comdlg32

ChooseColorA
GetOpenFileNameA
GetSaveFileNameA

gdi32

BitBlt
CreateCompatibleDC
DeleteDC
GetObjectA
GetStockObject
SelectObject
TextOutA

kernel32

AddAtomA
CreateSemaphoreA
ExitProcess
FindAtomA
FindResourceA
FreeResource
GetAtomNameA
GetCommandLineA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetStartupInfoA
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
LoadResource
LockResource
ReleaseSemaphore
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
lstrlenA

msvcrt

_fdopen
_read
_strdup
_write
__getmainargs
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_cexit
_ctype
_errno
_filelengthi64
_fstati64
_iob
_isctype
_lseeki64
_onexit
_pctype
_setmode
_strnicmp
_vsnprintf
abort
atexit
atof
atoi
exit
fclose
fflush
fgetpos
fgets
fopen
fprintf
fread
free
fscanf
fseek
fsetpos
ftell
fwrite
getc
getenv
localeconv
malloc
memchr
memcpy
memmove
memset
putc
setlocale
setvbuf
signal
sprintf
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
ungetc

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA

user32

AppendMenuA
CallWindowProcA
CheckMenuItem
CreateDialogParamA
CreateMenu
CreateWindowExA
DefFrameProcA
DefMDIChildProcA
DestroyWindow
DispatchMessageA
EnableMenuItem
EnableWindow
GetClientRect
GetDC
GetDesktopWindow
GetDlgCtrlID
GetMessageA
GetParent
GetSysColor
GetSystemMetrics
GetWindow
GetWindowLongA
GetWindowRect
GetWindowRgn
GetWindowTextA
GetWindowTextLengthA
HiliteMenuItem
InsertMenuA
InvalidateRect
IsIconic
IsWindowEnabled
IsWindowVisible
IsZoomed
LoadBitmapA
LoadCursorA
LoadIconA
MessageBoxA
ModifyMenuA
MoveWindow
PostMessageA
PostQuitMessage
RedrawWindow
RegisterClassExA
RemoveMenu
ScreenToClient
SendMessageA
SetCursor
SetFocus
SetMenu
SetScrollPos
SetScrollRange
SetWindowLongA
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage
UpdateWindow
wsprintfA

winmm

sndPlaySoundA

Sections

.text
Size: 414KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 970KB - Virtual size: 969KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc0dfbd949a5f9612ed4bc2818703865

Headers

File Characteristics

Imports

comctl32

comdlg32

gdi32

kernel32

msvcrt

shell32

user32

winmm

Sections

.text Size: 414KB - Virtual size: 413KB

.data Size: 1024B - Virtual size: 640B

.rdata Size: 11KB - Virtual size: 11KB

.bss Size: - Virtual size: 39KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 92KB - Virtual size: 92KB

.stab Size: 63KB - Virtual size: 63KB

.stabstr Size: 970KB - Virtual size: 969KB

.text
Size: 414KB - Virtual size: 413KB

.data
Size: 1024B - Virtual size: 640B

.rdata
Size: 11KB - Virtual size: 11KB

.bss
Size: - Virtual size: 39KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 92KB - Virtual size: 92KB

.stab
Size: 63KB - Virtual size: 63KB

.stabstr
Size: 970KB - Virtual size: 969KB