NSudoLG[.]exe | Triage

Resubmissions

18/03/2024, 22:18

240318-1776paah97 3

Sharing

Copy URL

Twitter E-mail

General

Target

NSudoLG.exe
Size

265KB
MD5

16b8fb4e848c9d2757a1f37181266906
SHA1

24d18aa19858b36051ac1625567d9238b7eb47f9
SHA256

427bc55d9a00318648f349ee5d464bde90aac97fbb860313151501b0d65d3500
SHA512

cac64e44e3b7591688560954633ccd3c55611ae36f514a02cad7ff6f3d6f644df90817d8339a7ea1835625c29256b387ce699328df05dd81e9969ea35d808f0e
SSDEEP

6144:6usikeMAqosbVzoypy/0+HkUG9VmrnUGSyuA6H:6YMAKVzoyp8hZGgFuA6H

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NSudoLG.exe

Files

NSudoLG.exe
.exe windows:6 windows x64 arch:x64

a26d732d5724b357a8a2c8a57b31c2ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\service-list-builder\service-list-builder\tmp\NSudo\Source\Native\Output\Binaries\Release\x64\NSudoLG.pdb

Imports

kernel32

GetConsoleOutputCP
ExpandEnvironmentStringsW
GetModuleFileNameW
OpenProcess
MultiByteToWideChar
GetTickCount64
LockResource
QueryPerformanceFrequency
FindResourceExW
LoadResource
GetProcAddress
VerSetConditionMask
FreeLibrary
WideCharToMultiByte
SleepEx
GetFileInformationByHandleEx
QueryPerformanceCounter
LoadLibraryExW
WriteConsoleW
GetConsoleMode
FlushFileBuffers
SetFilePointerEx
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SizeofResource
GetLocalTime
GetCurrentProcessId
ResumeThread
WaitForSingleObjectEx
InitializeCriticalSection
GetCurrentProcess
SetPriorityClass
MulDiv
GetModuleHandleW
GetProcessHeap
DeleteCriticalSection
DecodePointer
HeapAlloc
RaiseException
CloseHandle
HeapReAlloc
GetThreadUILanguage
GetLastError
HeapSize
GetCurrentThreadId
ReadFile
GetFileAttributesW
CreateFileW
InitializeCriticalSectionEx
LeaveCriticalSection
SetThreadUILanguage
GetCommandLineW
EnterCriticalSection
SetLastError
HeapFree
VerifyVersionInfoW
GetFileType
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WriteFile
GetStdHandle
ExitProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
EncodePointer
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
LoadLibraryExA
OutputDebugStringW
RtlUnwindEx
RtlPcToFileHeader
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW

user32

SendMessageW
SetWindowTextW
LoadImageW
GetDlgItem
EndPaint
BeginPaint
DrawIconEx
GetClientRect
EndDialog
GetWindowTextW
DialogBoxParamW
LoadIconW
GetDC
MonitorFromWindow
SetWindowLongPtrW
UnregisterClassW
DestroyIcon
ChangeWindowMessageFilter

gdi32

DeleteDC
GetDeviceCaps

comdlg32

GetOpenFileNameW

advapi32

AddAce
AdjustTokenPrivileges
GetAce
CloseServiceHandle
OpenSCManagerW
AllocateAndInitializeSid
IsWellKnownSid
CreateRestrictedToken
FreeSid
StartServiceW
InitializeAcl
OpenServiceW
GetLengthSid
AddAccessAllowedAce
QueryServiceStatusEx
LookupPrivilegeValueW
SetTokenInformation
OpenProcessToken
SetThreadToken
CreateProcessAsUserW
DuplicateTokenEx
GetTokenInformation

shell32

DragFinish
DragQueryFileW

ole32

CoInitializeEx

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQueryUserToken
WTSEnumerateProcessesW

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Resubmissions

Sharing

General

Malware Config

Signatures

Files

a26d732d5724b357a8a2c8a57b31c2ca

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

userenv

wtsapi32

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 3KB - Virtual size: 8KB

.pdata Size: 7KB - Virtual size: 7KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 50KB - Virtual size: 49KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 3KB - Virtual size: 8KB

.pdata
Size: 7KB - Virtual size: 7KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 50KB - Virtual size: 49KB

.reloc
Size: 2KB - Virtual size: 1KB