Behavioral task
behavioral1
Sample
Nezur.exe
Resource
win7-20240221-en
General
-
Target
1231232f82h.zip
-
Size
4.4MB
-
MD5
55d74aa1e62a0d6672417427c63d9c14
-
SHA1
a9cad5810a6491408bcbdc004933f54872fd189b
-
SHA256
8288d94f7db9c1d99ec5bfc0ae206d28bc8489b8276d2b638ab50eafd65469f7
-
SHA512
bfff4d71c7b839261b5eefa0ca767675d95caf2d3266cf2185bade8cb642d3baab1397d112a0a1ffb8363f8d8c8f9aec6a61b2be4de197c1978d72a824613358
-
SSDEEP
98304:8ftBs1DsFffkdYryeFf58Gz73Kq5Celsd4bH35YH534L:8fvs1DsFf/pFRn7H5Cel/Ni3k
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Nezur.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Nezur.exe
Files
-
1231232f82h.zip.zip
-
Nezur.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 497KB - Virtual size: 1016KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 263KB - Virtual size: 626KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 8KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 23KB - Virtual size: 38KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 1KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 2KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 1024B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.6MB - Virtual size: 3.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ