Nezur_External[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Nezur_External.zip
Size

1.1MB
MD5

4fd4b57c8598e442525bf37c45f7173d
SHA1

1b0a7878a631f55b44d7323c6bd7e376b42ddf59
SHA256

a65ff13a60970f39f0eef2b1ff68fbd21219ef15034ae948524b00eabb1db328
SHA512

10299f8dc1ee9025be82c1679dff3368b96d7f2a4ac26499c5b40147249b6dd9b783bd6e12dcfbe760e0537abe53f22b4eb1bb5ebcf2ed32ca5f47a80ef27375
SSDEEP

24576:542vmQRPnRosPKo6taJZqjc6vKV9CjZfNIR97klCip:5HGY64VjROl1p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nezur.exe

Files

Nezur_External.zip
.zip
Nezur.exe
.exe windows:6 windows x64 arch:x64

fcb66291bbc92600bc2c5e74df51cd00

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\vs_source_files\rbx-external-base\Build\Esp\external-sdk.pdb

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

ws2_32

htonl
ntohs
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAGetLastError
WSAEventSelect
getsockopt
WSASetLastError
closesocket
WSAWaitForMultipleEvents
WSAResetEvent
getsockname
connect
WSAEnumNetworkEvents
send
bind
accept
select
__WSAFDIsSet
socket
htons
WSAIoctl
setsockopt
WSACloseEvent
WSACleanup
WSAStartup
WSACreateEvent

normaliz

IdnToAscii
IdnToUnicode

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
SetKernelObjectSecurity
InitializeAcl
InitializeSecurityDescriptor
FreeSid
OpenProcessToken
AddAccessDeniedAce
RegSetValueExA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegDeleteKeyA
RegOpenKeyA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegCreateKeyA
CryptAcquireContextA
CryptReleaseContext
CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
GetLengthSid

crypt32

CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CertOpenStore
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CryptQueryObject

wldap32

ord301
ord200
ord30
ord79
ord35
ord33
ord143
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord46
ord217
ord32

kernel32

TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
GetLocaleInfoEx
FormatMessageA
GetFileInformationByHandleEx
GetModuleHandleW
AreFileApisANSI
GetTempPathW
SetFileInformationByHandle
IsDebuggerPresent
GetFullPathNameW
GetFileAttributesExW
GetFileAttributesW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
InitializeSListHead
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
VerifyVersionInfoW
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SetLastError
GetEnvironmentVariableA
GetSystemDirectoryA
CreateEventA
SetEvent
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
LoadLibraryA
GetProcAddress
VerSetConditionMask
FreeLibrary
VirtualFree
DeviceIoControl
VirtualAlloc
LoadLibraryExA
GetCurrentProcessId
VirtualQuery
GetConsoleWindow
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
SetCurrentConsoleFontEx
SetConsoleWindowInfo
AllocConsole
GetCurrentProcess
CloseHandle
Process32First
Module32Next
WaitForSingleObject
LocalAlloc
Module32First
CreateToolhelp32Snapshot
GetLastError
CreateFileA
Process32Next
LocalFree
GetFileSizeEx
DeleteCriticalSection
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
ReadFile

user32

EnableMenuItem
UpdateWindow
SendInput
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
SetLayeredWindowAttributes
FindWindowA
LoadImageA
DispatchMessageA
GetWindowRect
DestroyWindow
GetWindowLongA
MoveWindow
RegisterClassA
CreateWindowExA
TranslateMessage
PeekMessageA
UnregisterClassA
GetKeyState
MessageBoxA
LoadCursorA
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
ShowWindow
GetSystemMenu
SetWindowPos
ShowScrollBar
GetMessageExtraInfo

shell32

ShellExecuteA
SHGetKnownFolderPath

msvcp140

?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Syserror_map@std@@YAPEBDH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Winerror_map@std@@YAHH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Thrd_detach
_Query_perf_counter
_Query_perf_frequency
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
??Bios_base@std@@QEBA_NXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?good@ios_base@std@@QEBA_NXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uncaught_exceptions@std@@YAHXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ntdll

RtlVirtualUnwind
RtlAnsiStringToUnicodeString
RtlInitAnsiString
RtlCaptureContext
NtQuerySystemInformation
RtlLookupFunctionEntry

dbghelp

ImageNtHeader
ImageDirectoryEntryToData
ImageRvaToVa

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strrchr
_CxxThrowException
__current_exception_context
__current_exception
memchr
memcmp
memmove
__std_terminate
memset
memcpy
__C_specific_handler
strstr
strchr
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-heap-l1-1-0

calloc
realloc
free
_callnewh
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_beginthreadex
_invalid_parameter_noinfo_noreturn
_exit
_errno
_register_thread_local_exe_atexit_callback
__sys_errlist
__sys_nerr
_c_exit
__p___argv
__p___argc
terminate
_initterm_e
_initterm
abort
_get_initial_narrow_environment
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
exit

api-ms-win-crt-string-l1-1-0

strpbrk
strncmp
_stricmp
tolower
strncpy
_strdup
strcmp
strcspn
strspn

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-stdio-l1-1-0

fclose
fflush
_lseeki64
_set_fmode
__acrt_iob_func
ftell
fgets
fputs
freopen_s
_open
__p__commode
fseek
__stdio_common_vswprintf
_read
_write
_get_stream_buffer_pointers
_fileno
_close
_fseeki64
__stdio_common_vfprintf
fwrite
_wfopen
fread
fsetpos
ungetc
setvbuf
fopen
fgetpos
__stdio_common_vsscanf
fgetc
fputc
__stdio_common_vsprintf
feof

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
atof
strtod
strtoll
strtoull
wcstombs
atoi

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_access
_lock_file
_fstat64
_stat64
_unlink
_unlock_file

api-ms-win-crt-math-l1-1-0

_dsign
ceilf
_fdopen
cosf
__setusermatherr
floorf
fmodf
sinf
acosf
_dclass
sqrtf

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
localeconv
_configthreadlocale

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 584KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
READ ME FOR KEY.txt
auto_load.txt
configs/arsenal.cfg
configs/autosave.cfg
configs/counterblox.cfg
configs/dahood.cfg
configs/jailbird.cfg
configs/universal.cfg
configs/weaponry.cfg

Sharing

General

Malware Config

Signatures

Files

fcb66291bbc92600bc2c5e74df51cd00

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

dwmapi

ws2_32

normaliz

advapi32

crypt32

wldap32

kernel32

user32

shell32

msvcp140

imm32

ntdll

dbghelp

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 584KB - Virtual size: 584KB

.data Size: 7KB - Virtual size: 27KB

.pdata Size: 40KB - Virtual size: 39KB

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 584KB - Virtual size: 584KB

.data
Size: 7KB - Virtual size: 27KB

.pdata
Size: 40KB - Virtual size: 39KB

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 3KB