D:\vs_source_files\rbx-external-base\Build\Esp\external-sdk.pdb
Static task
static1
1 signatures
General
-
Target
Nezur_External (2).zip
-
Size
1.1MB
-
MD5
5a4d0e241cedef0173e388db32e249df
-
SHA1
7fdcc131b909c06ddcb38573458bf7ad3b7ece5d
-
SHA256
68bfded19743863b9e8c4047590111950238de245969412553ce04143bc5f7a8
-
SHA512
cfe6b69fc0f62462c23264833746e3f8ce72b44c3caf1bd497b59c27441fa4538a4ac75a132ebdb62dcd91bb2125716115276c2f81bfd923d9769bd4d80c1c4f
-
SSDEEP
24576:ND8T7eF9ctZJbmXNR66nmduabq9pZYCdQ4YzrXlWRhXTyv:J8T7eFkmXG6m0abqtYwQ4YvErE
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Nezur.exe
Files
-
Nezur_External (2).zip.zip
-
Nezur.exe.exe windows:6 windows x64 arch:x64
f2a85cedc6cfdd4804105f34dce6faed
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
d3d11
D3D11CreateDevice
d3dcompiler_47
D3DCompile
dwmapi
DwmExtendFrameIntoClientArea
ws2_32
connect
bind
htonl
select
__WSAFDIsSet
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
getpeername
getsockopt
WSACloseEvent
WSASetLastError
closesocket
WSACreateEvent
WSAEnumNetworkEvents
WSAWaitForMultipleEvents
ioctlsocket
gethostname
WSAGetLastError
WSAResetEvent
getsockname
accept
sendto
send
socket
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
ntohs
WSAEventSelect
normaliz
IdnToAscii
IdnToUnicode
advapi32
RegOpenKeyExA
RegCloseKey
RegQueryValueExA
SetKernelObjectSecurity
InitializeAcl
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
AddAccessDeniedAce
RegSetValueExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegCreateKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetLengthSid
crypt32
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertOpenStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptQueryObject
wldap32
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord301
ord22
ord41
ord50
ord217
ord45
ord60
ord211
ord46
ord26
ord143
kernel32
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetLocaleInfoEx
FormatMessageA
GetFileInformationByHandleEx
InitializeSListHead
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
GetSystemTimeAsFileTime
GetModuleHandleW
VerifyVersionInfoW
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SetLastError
GetEnvironmentVariableA
GetSystemDirectoryA
CreateEventA
SetEvent
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
GetProcAddress
VerSetConditionMask
FreeLibrary
VirtualFree
DeviceIoControl
VirtualAlloc
LoadLibraryExA
GetCurrentProcessId
VirtualQuery
GetConsoleWindow
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
SetCurrentConsoleFontEx
SetConsoleWindowInfo
AllocConsole
GetCurrentProcess
CloseHandle
Process32First
Module32Next
WaitForSingleObject
LocalAlloc
Module32First
CreateToolhelp32Snapshot
GetLastError
CreateFileA
Process32Next
LocalFree
GetTickCount
ReadFile
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetFileSizeEx
user32
EnableMenuItem
UpdateWindow
SendInput
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
SetLayeredWindowAttributes
FindWindowA
LoadImageA
DispatchMessageA
GetWindowRect
DestroyWindow
GetWindowLongA
MoveWindow
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
GetKeyState
MessageBoxA
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
GetSystemMenu
SetWindowPos
ShowScrollBar
GetMessageExtraInfo
shell32
ShellExecuteA
SHGetKnownFolderPath
msvcp140
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Thrd_detach
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bios_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?uncaught_exceptions@std@@YAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
imm32
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ntdll
RtlVirtualUnwind
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
NtQuerySystemInformation
RtlLookupFunctionEntry
dbghelp
ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__current_exception_context
_CxxThrowException
__current_exception
memchr
memcmp
memmove
strrchr
memset
memcpy
__C_specific_handler
strstr
strchr
__std_exception_copy
__std_exception_destroy
__std_terminate
api-ms-win-crt-heap-l1-1-0
calloc
realloc
free
_callnewh
_set_new_mode
malloc
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
__p___argv
_register_thread_local_exe_atexit_callback
_c_exit
__p___argc
_exit
_initterm_e
_initterm
_get_initial_narrow_environment
exit
__sys_errlist
__sys_nerr
terminate
_invalid_parameter_noinfo_noreturn
_set_app_type
_seh_filter_exe
_cexit
abort
_errno
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
api-ms-win-crt-string-l1-1-0
strncmp
_stricmp
strncpy
_strdup
tolower
strspn
strpbrk
strcmp
strcspn
api-ms-win-crt-utility-l1-1-0
qsort
rand
api-ms-win-crt-stdio-l1-1-0
_lseeki64
freopen_s
fgets
_open
fopen
fclose
_set_fmode
fflush
ftell
__acrt_iob_func
feof
_fseeki64
fsetpos
__p__commode
__stdio_common_vfprintf
ungetc
_read
_write
setvbuf
_fileno
_close
fgetpos
fseek
fwrite
__stdio_common_vsprintf
_wfopen
fread
__stdio_common_vsscanf
fgetc
fputc
__stdio_common_vswprintf
fputs
_get_stream_buffer_pointers
api-ms-win-crt-time-l1-1-0
_time64
strftime
_gmtime64
api-ms-win-crt-convert-l1-1-0
strtoll
atof
wcstombs
atoi
strtol
strtoull
strtod
strtoul
api-ms-win-crt-environment-l1-1-0
getenv
api-ms-win-crt-filesystem-l1-1-0
_access
_stat64
_fstat64
_lock_file
_unlock_file
_unlink
api-ms-win-crt-math-l1-1-0
acosf
_fdopen
__setusermatherr
_dsign
ceilf
cosf
sinf
_dclass
floorf
fmodf
sqrtf
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
_configthreadlocale
localeconv
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 584KB - Virtual size: 583KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 26KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 39KB - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 13KB - Virtual size: 13KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
auto_load.txt
-
configs/arsenal.cfg
-
configs/autosave.cfg
-
configs/counterblox.cfg
-
configs/dahood.cfg
-
configs/jailbird.cfg
-
configs/universal.cfg
-
configs/weaponry.cfg