Static task
static1
General
-
Target
nfsuclient.exe
-
Size
72KB
-
MD5
8ea0df1b2179745f6b0457a35fce3915
-
SHA1
f7f6f58e29cefaa2aeee45cebc1af4559373a8c0
-
SHA256
c6d333d9b7b6017293f5dc3870be6a67304a8be8eceaf8508555944243cd83dc
-
SHA512
bc979d75ffe82f0a02573ad359a671b2bbfe51e54494fd50bf71d48ba85b073d5d156d200cdb2ac4f3a09e2b94b1047a76940d3dd137fd435f21a6b38bffbaa3
-
SSDEEP
1536:09I3Knvmndip44nsxbfMNOBaEt+8w/pQxMdxmYTLJBJLFkhWeb3lo:2ydY44stlsQxMdxmitA3lo
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource nfsuclient.exe
Files
-
nfsuclient.exe.exe windows:4 windows x86 arch:x86
83da9ac8088d7b779559d64a73f08b9a
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
GetPrivateProfileStringA
GetSystemDirectoryA
GetWindowsDirectoryA
GetVersionExA
SetEndOfFile
CreateFileA
ReadFile
FlushFileBuffers
SetStdHandle
GetOEMCP
GetACP
RtlUnwind
CloseHandle
GetStringTypeW
GetStringTypeA
GetLastError
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualQuery
GetSystemInfo
VirtualProtect
GetCPInfo
GetLocaleInfoA
LoadLibraryA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetProcAddress
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
WriteFile
HeapReAlloc
VirtualAlloc
InitializeCriticalSection
VirtualFree
HeapCreate
ExitProcess
HeapFree
HeapAlloc
ExitThread
TlsSetValue
TlsGetValue
ResumeThread
CreateThread
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetModuleFileNameA
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
TlsFree
SetLastError
TlsAlloc
HeapDestroy
user32
MessageBoxA
SetFocus
GetDlgItem
EndDialog
EnableWindow
CheckDlgButton
IsDlgButtonChecked
DialogBoxParamA
SetDlgItemTextA
PostQuitMessage
SendMessageA
DestroyWindow
IsDialogMessageA
DispatchMessageA
TranslateMessage
IsWindow
GetMessageA
ShowWindow
CreateDialogParamA
GetDlgItemTextA
advapi32
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
shell32
ShellExecuteA
ws2_32
gethostbyname
connect
inet_ntoa
WSAGetLastError
sendto
inet_addr
htons
closesocket
recvfrom
bind
setsockopt
socket
getpeername
getsockname
accept
recv
select
send
WSACleanup
listen
WSAStartup
comctl32
InitCommonControlsEx
urlmon
URLDownloadToCacheFileA
Sections
.text Size: 48KB - Virtual size: 45KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 12KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 4KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ