Nezur_External[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Nezur_External.zip
Size

1.2MB
MD5

e4a2aa076066ec7556de4f6064668887
SHA1

b419c98cb9408f827ed8e75644219b91331bc6a4
SHA256

8278761eb7b3ffea0e9a60fdb6d512d5a223e3b6990d169629668275c5f59770
SHA512

20caf86f524bb5210dd4f25b6509afba895293dcc64725c479f43692882a5cbc2da203247bcfdc1bde38d67ad3792d14d428a4b41fab54bd7859c8baf6288ec2
SSDEEP

24576:nmkQUPof8x9fD8shccx1BgNjOi+EnJ30uKpY2IOJp/BoOFz4:nDQf8xdDLx1BQoWBBEpOy4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nezur.exe

Files

Nezur_External.zip
.zip
Nezur.exe
.exe windows:6 windows x64 arch:x64

56efa57449fef9ec6dedfa0c861c085d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\vs_source_files\rbx-external-base\Build\Esp\external-sdk.pdb

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

ws2_32

select
__WSAFDIsSet
bind
connect
getsockname
htonl
listen
recv
getaddrinfo
recvfrom
sendto
closesocket
WSAWaitForMultipleEvents
WSACloseEvent
WSACreateEvent
WSAResetEvent
WSAEventSelect
getpeername
ioctlsocket
WSASetLastError
gethostname
send
accept
socket
freeaddrinfo
getsockopt
htons
WSAIoctl
setsockopt
WSACleanup
WSAStartup
ntohs
WSAGetLastError
WSAEnumNetworkEvents

normaliz

IdnToAscii
IdnToUnicode

advapi32

AllocateAndInitializeSid
AddAccessDeniedAce
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
LookupPrivilegeValueA
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegCreateKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
ConvertSidToStringSidA
CopySid
SetSecurityInfo
IsValidSid
GetTokenInformation
CryptCreateHash
CryptHashData
AddAccessAllowedAce
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
RegSetValueExA

crypt32

CertFreeCertificateChain
CertOpenStore
CertGetCertificateChain
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertCreateCertificateChainEngine
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertFreeCertificateChainEngine

wldap32

ord211
ord46
ord217
ord143
ord301
ord200
ord60
ord79
ord35
ord33
ord50
ord32
ord27
ord26
ord30
ord22
ord41
ord45

kernel32

GetModuleHandleW
GetModuleFileNameW
CreateFileMappingW
VirtualProtect
GetFileInformationByHandleEx
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
GetFullPathNameW
FormatMessageA
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
GetLocaleInfoEx
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
QueryFullProcessImageNameW
CreateThread
HeapSize
HeapDestroy
GetModuleFileNameA
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
GetProcAddress
VerSetConditionMask
FreeLibrary
VirtualFree
DeviceIoControl
VirtualAlloc
LoadLibraryExA
GetCurrentProcessId
VirtualQuery
GetConsoleWindow
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
SetCurrentConsoleFontEx
SetConsoleWindowInfo
AllocConsole
GetCurrentProcess
CloseHandle
Process32First
Module32Next
WaitForSingleObject
LocalAlloc
Module32First
CreateToolhelp32Snapshot
GetLastError
CreateFileA
Process32Next
LocalFree
GetFileSizeEx
ReadFile
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
CreateEventA
GetSystemDirectoryA
GetEnvironmentVariableA
SetLastError
FormatMessageW
MoveFileExA
WaitForSingleObjectEx
GetFileType
PeekNamedPipe
WaitForMultipleObjects
SleepEx
VerifyVersionInfoW
CreateFileW
GetTickCount

user32

SetLayeredWindowAttributes
FindWindowA
LoadImageA
DispatchMessageA
GetWindowRect
DestroyWindow
GetWindowLongA
MoveWindow
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
GetKeyState
GetMessageExtraInfo
LoadCursorA
GetAsyncKeyState
ScreenToClient
DefWindowProcA
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
SendInput
UpdateWindow
EnableMenuItem
GetCapture
SetWindowLongA
MessageBoxA
ShowWindow
GetSystemMenu
SetWindowPos
ShowScrollBar

shell32

SHGetKnownFolderPath
ShellExecuteA

msvcp140

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Thrd_detach
_Xtime_get_ticks
_Query_perf_counter
_Thrd_sleep
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bios_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bid@locale@std@@QEAA_KXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exceptions@std@@YAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z

imm32

ImmGetContext
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionWindow

ntdll

RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
RtlLookupFunctionEntry
NtQuerySystemInformation
RtlVirtualUnwind

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

bcrypt

BCryptGenRandom

shlwapi

PathFindFileNameW

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

psapi

GetModuleInformation

userenv

UnloadUserProfile

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__current_exception_context
__current_exception
memchr
memcmp
memmove
strrchr
memcpy
__C_specific_handler
strstr
strchr
__std_exception_copy
__std_exception_destroy
__std_terminate
memset
_CxxThrowException

api-ms-win-crt-heap-l1-1-0

malloc
calloc
realloc
free
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
_c_exit
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
__p___argv
__p___argc
_exit
_initterm_e
__sys_errlist
__sys_nerr
_initterm
_get_initial_narrow_environment
exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_invalid_parameter_noinfo
system
_resetstkoflw
_errno
abort
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table

api-ms-win-crt-string-l1-1-0

_stricmp
strncmp
tolower
strncpy
_strdup
strpbrk
strspn
strcmp
strcspn

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
freopen_s
_popen
_pclose
ftell
_lseeki64
_fseeki64
__acrt_iob_func
fgets
_open
_set_fmode
fflush
fopen
fclose
fseek
fsetpos
ungetc
__p__commode
__stdio_common_vfprintf
setvbuf
_read
_write
fgetpos
_fileno
_close
fwrite
_get_stream_buffer_pointers
_wfopen
fread
fputs
__stdio_common_vsscanf
fgetc
fputc
__stdio_common_vswprintf
feof

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
strftime
_gmtime64

api-ms-win-crt-convert-l1-1-0

atof
strtod
strtoll
strtoull
wcstombs
atoi
strtol
strtoul

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_unlink
_access
_stat64
_fstat64
_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

acosf
__setusermatherr
_dsign
ceilf
sinf
_fdopen
cosf
_dclass
floorf
fmodf
sqrtf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale
localeconv

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 596KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auto_load.txt
configs/arsenal.cfg
configs/autosave.cfg
configs/counterblox.cfg
configs/dahood.cfg
configs/jailbird.cfg
configs/universal.cfg
configs/weaponry.cfg

Sharing

General

Malware Config

Signatures

Files

56efa57449fef9ec6dedfa0c861c085d

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

dwmapi

ws2_32

normaliz

advapi32

crypt32

wldap32

kernel32

user32

shell32

msvcp140

imm32

ntdll

dbghelp

bcrypt

shlwapi

rpcrt4

psapi

userenv

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 596KB - Virtual size: 596KB

.data Size: 7KB - Virtual size: 27KB

.pdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 596KB - Virtual size: 596KB

.data
Size: 7KB - Virtual size: 27KB

.pdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 3KB