Yeni klasör[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Yeni klasör.zip
Size

8.7MB
MD5

5bea27d53d40234d896b9e04d4e62546
SHA1

718561b47c37c792e0117a8f2f5ceb716d895127
SHA256

ca4299925b5749457129bd57f62e2fb632ab57b501e2f2c510214c2d02e96153
SHA512

fe51d42f7badbdeb6a8a482213285d191010fdee281b8890419710b66c6f832bcd9de15d76213abdf5aac996e88631aff250089e2b4083c6f0c217378c39d1bf
SSDEEP

196608:P4WW/yRTmo0tvef1rom4JSOOiQX+PHegK2Tfg0SU0Q:PBWqkoVfsSxDUeb2TI0z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Yeni klasör/FreeNexus.exe

Files

Yeni klasör.zip
.zip
Yeni klasör/FreeNexus.exe
.exe windows:6 windows x64 arch:x64

7e067393ff48df382cf7cccdf0e805bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\aytar\OneDrive\Masaüstü\Free ESP\x64\Release\Free Nexus.pdb

Imports

ws2_32

recv
send
socket
accept
listen
ioctlsocket
getaddrinfo
freeaddrinfo
ntohl
recvfrom
sendto
gethostname
closesocket
WSACleanup
WSAStartup
WSAIoctl
setsockopt
ntohs
shutdown
htons
getsockopt
getsockname
getpeername
connect
bind
WSASetLastError
select
__WSAFDIsSet
inet_pton
htonl
getnameinfo
WSAGetLastError

wldap32

ord22
ord26
ord50
ord32
ord35
ord79
ord45
ord60
ord41
ord211
ord46
ord27
ord33
ord30
ord200
ord301
ord143

crypt32

CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CertFreeCertificateContext
CryptQueryObject
CertFindCertificateInStore
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore

advapi32

GetTokenInformation
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenServiceA
CryptEnumProvidersW
CryptSignHashW
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
CopySid
IsValidSid
OpenProcessToken
ConvertSidToStringSidW
GetLengthSid
StartServiceA
CreateServiceA
CloseServiceHandle
OpenSCManagerA
DeleteService
ChangeServiceConfigA
ControlService
RegQueryValueExW

kernel32

FreeLibraryAndExitThread
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
SetFilePointerEx
SetConsoleCtrlHandler
GetCommandLineA
GetCommandLineW
GetConsoleOutputCP
FlushFileBuffers
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
DeleteFileW
GetFileAttributesExW
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
InterlockedPushEntrySList
RtlUnwindEx
ReadProcessMemory
Sleep
ReadFile
WriteFile
PeekNamedPipe
CreateFileW
GetLastError
CloseHandle
GetCurrentProcessId
WaitNamedPipeW
lstrlenW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
WriteProcessMemory
TerminateProcess
OpenProcess
CreateToolhelp32Snapshot
GetTickCount64
Process32NextW
Process32FirstW
GetEnvironmentStringsW
VirtualProtectEx
HeapFree
GetCurrentProcess
InitializeCriticalSectionEx
HeapSize
HeapReAlloc
HeapAlloc
DecodePointer
HeapDestroy
LocalFree
DeleteCriticalSection
GetProcessHeap
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
FreeLibrary
QueryPerformanceCounter
SetConsoleTextAttribute
GetStdHandle
WriteConsoleW
GetCurrentDirectoryA
CreateFileA
CreateThread
CreateProcessW
GetConsoleWindow
GetExitCodeProcess
VirtualAllocEx
VirtualFreeEx
VirtualQueryEx
EnterCriticalSection
LeaveCriticalSection
SetLastError
FormatMessageA
GetTickCount
SleepEx
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
WaitForSingleObjectEx
ExpandEnvironmentStringsA
GetFileType
WaitForMultipleObjects
GetFileSizeEx
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InitializeCriticalSectionAndSpinCount
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleExW
FormatMessageW
GetModuleHandleW
GetSystemTimeAsFileTime
RtlVirtualUnwind
SwitchToFiber
DeleteFiber
CreateFiber
LoadLibraryW
ConvertFiberToThread
ConvertThreadToFiber
FindClose
FindFirstFileW
RtlUnwind
GetSystemTime
SystemTimeToFileTime
RaiseException
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
EncodePointer
SleepConditionVariableSRW
WakeAllConditionVariable
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
ExitThread
LoadLibraryExW
RtlPcToFileHeader
WaitForSingleObject
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
FindNextFileW

user32

GetAsyncKeyState
UpdateWindow
SetWindowLongW
LoadCursorW
FindWindowW
MessageBoxW
SendInput
GetWindowLongW
mouse_event
LoadIconW
BringWindowToTop
CreateWindowExA
MoveWindow
ShowWindow
RegisterClassExW
GetWindowRect
FindWindowExW
DefWindowProcW
GetCursorPos
MessageBoxA
SetWindowDisplayAffinity
SetClipboardData
keybd_event
GetProcessWindowStation
GetUserObjectInformationW
GetClipboardData
EmptyClipboard
GetSystemMetrics
GetClassNameA
DispatchMessageW
PeekMessageW
CloseClipboard
OpenClipboard
SetCursorPos
ReleaseCapture
GetClientRect
SetCursor
SetCapture
GetForegroundWindow
IsChild
ClientToScreen
GetCapture
EnumWindows
TranslateMessage
SetForegroundWindow
IsIconic
GetWindowTextW
GetKeyState
ScreenToClient

gdi32

GetObjectW
DeleteObject

shell32

ShellExecuteExA
ShellExecuteW
ShellExecuteA

ole32

CreateStreamOnHGlobal

dwmapi

DwmExtendFrameIntoClientArea

shlwapi

ord213
ord214
ord184

d3d9

Direct3DCreate9

d3dx9_43

D3DXCreateFontW
D3DXCreateTextureFromFileInMemory

bcrypt

BCryptGenRandom

rpcrt4

UuidToStringA
RpcStringFreeA
UuidCreate

userenv

UnloadUserProfile

imm32

ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

gdiplus

GdipGetImageEncoders
GdiplusShutdown
GdipDisposeImage
GdipCreateBitmapFromScan0
GdipSaveImageToStream
GdipGetImageEncodersSize
GdipFree
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdipAlloc
GdiplusStartup

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.7MB - Virtual size: 5.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Yeni klasör/d3dx11_43.dll
.dll windows:6 windows x86 arch:x86

a21b4a7ea49a55d76ec8ead5ff32f73d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:cf:3e:00:00:00:00:00:0f
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 22:40

Not After

07/03/2011, 22:40

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:ac:fb:b6:70:f6:65:34:9c:0a:21:69:7e:23:e4:07:49:b9:c0:4e
Signer

Actual PE Digest

3e:ac:fb:b6:70:f6:65:34:9c:0a:21:69:7e:23:e4:07:49:b9:c0:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d3dx11_43.pdb

Imports

msvcrt

??1type_info@@UAE@XZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
memmove
_amsg_exit
_initterm
_XcptFilter
malloc
_callnewh
free
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_CxxThrowException
_isnan
_controlfp
floor
memset
_purecall
_CIsqrt
memcpy
_vsnwprintf
__CxxFrameHandler

kernel32

WideCharToMultiByte
WriteFile
LockResource
FindResourceW
SizeofResource
FindResourceA
GetVersion
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
InterlockedExchange
OutputDebugStringA
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
GetCurrentProcess
GetProcessAffinityMask
CreateThread
InterlockedIncrement
Sleep
WaitForSingleObject
InterlockedDecrement
DebugBreak
WaitForMultipleObjects
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreA
CreateMutexA
CreateFileW
CloseHandle
GetFileSizeEx
ReadFile
MultiByteToWideChar
GetFullPathNameW
GetLastError
GetModuleHandleA
LoadLibraryA
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
LoadResource

ole32

CreateStreamOnHGlobal

gdi32

DeleteObject

Exports

Exports

D3DX11CheckVersion
D3DX11CompileFromFileA
D3DX11CompileFromFileW
D3DX11CompileFromMemory
D3DX11CompileFromResourceA
D3DX11CompileFromResourceW
D3DX11ComputeNormalMap
D3DX11CreateAsyncCompilerProcessor
D3DX11CreateAsyncFileLoaderA
D3DX11CreateAsyncFileLoaderW
D3DX11CreateAsyncMemoryLoader
D3DX11CreateAsyncResourceLoaderA
D3DX11CreateAsyncResourceLoaderW
D3DX11CreateAsyncShaderPreprocessProcessor
D3DX11CreateAsyncShaderResourceViewProcessor
D3DX11CreateAsyncTextureInfoProcessor
D3DX11CreateAsyncTextureProcessor
D3DX11CreateShaderResourceViewFromFileA
D3DX11CreateShaderResourceViewFromFileW
D3DX11CreateShaderResourceViewFromMemory
D3DX11CreateShaderResourceViewFromResourceA
D3DX11CreateShaderResourceViewFromResourceW
D3DX11CreateTextureFromFileA
D3DX11CreateTextureFromFileW
D3DX11CreateTextureFromMemory
D3DX11CreateTextureFromResourceA
D3DX11CreateTextureFromResourceW
D3DX11CreateThreadPump
D3DX11FilterTexture
D3DX11GetImageInfoFromFileA
D3DX11GetImageInfoFromFileW
D3DX11GetImageInfoFromMemory
D3DX11GetImageInfoFromResourceA
D3DX11GetImageInfoFromResourceW
D3DX11LoadTextureFromTexture
D3DX11PreprocessShaderFromFileA
D3DX11PreprocessShaderFromFileW
D3DX11PreprocessShaderFromMemory
D3DX11PreprocessShaderFromResourceA
D3DX11PreprocessShaderFromResourceW
D3DX11SHProjectCubeMap
D3DX11SaveTextureToFileA
D3DX11SaveTextureToFileW
D3DX11SaveTextureToMemory

Sections

.text
Size: 205KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7e067393ff48df382cf7cccdf0e805bb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

wldap32

crypt32

advapi32

kernel32

user32

gdi32

shell32

ole32

dwmapi

shlwapi

d3d9

d3dx9_43

bcrypt

rpcrt4

userenv

imm32

gdiplus

Sections

.text Size: 4.0MB - Virtual size: 4.0MB

.rdata Size: 2.4MB - Virtual size: 2.4MB

.data Size: 5.7MB - Virtual size: 5.9MB

.pdata Size: 172KB - Virtual size: 171KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 15KB - Virtual size: 15KB

.reloc Size: 33KB - Virtual size: 32KB

a21b4a7ea49a55d76ec8ead5ff32f73d

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate

Extended Key Usages

Key Usages

61:01:cf:3e:00:00:00:00:00:0fCertificate

Extended Key Usages

Key Usages

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate

Extended Key Usages

Key Usages

61:06:94:2d:00:00:00:00:00:09Certificate

Extended Key Usages

Key Usages

3e:ac:fb:b6:70:f6:65:34:9c:0a:21:69:7e:23:e4:07:49:b9:c0:4eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

kernel32

ole32

gdi32

Exports

Exports

Sections

.text Size: 205KB - Virtual size: 205KB

.data Size: 20KB - Virtual size: 20KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 4.0MB - Virtual size: 4.0MB

.rdata
Size: 2.4MB - Virtual size: 2.4MB

.data
Size: 5.7MB - Virtual size: 5.9MB

.pdata
Size: 172KB - Virtual size: 171KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 15KB - Virtual size: 15KB

.reloc
Size: 33KB - Virtual size: 32KB

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

61:01:cf:3e:00:00:00:00:00:0f
Certificate

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

61:06:94:2d:00:00:00:00:00:09
Certificate

3e:ac:fb:b6:70:f6:65:34:9c:0a:21:69:7e:23:e4:07:49:b9:c0:4e
Signer

.text
Size: 205KB - Virtual size: 205KB

.data
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 9KB - Virtual size: 8KB