NVSlimmer_v0[.]13[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

NVSlimmer_v0.13.zip
Size

812KB
MD5

45b138bfd9716a247c3289f355837856
SHA1

6ffd57295a06f9658f72bcf43f40674144c0f9cd
SHA256

6db0999ab96244a4e4a18cfe65ef0f5b5a4e539dd690af53f4a109e01e38d190
SHA512

f0e7eef51e8601ca1b660fd47b021b72b1c11ea5a4d099d90a9a447cc273227086f76b99d739a4493e68c938cbc2f481d01ef7071bb642d5813dc714caf332fa
SSDEEP

24576:w6nu0ZJbiLQrWF9tzrQQNQjOdiCNFBGntmi:N/ZY9xkQNQjOlXBGntH

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/7za.dll
unpack001/7za.exe
unpack001/7zsd_All_x64.sfx
unpack001/7zxa.dll
unpack001/NVSlimmer.exe

Files

NVSlimmer_v0.13.zip
.zip
7za.dll
.dll windows:4 windows x86 arch:x86

19e708320645e47a6ddec14006f2b46d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantCopy
VariantClear

user32

CharUpperW

msvcrt

_adjust_fdiv
_initterm
_onexit
__dllonexit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
realloc
strlen
wcscmp
memcpy
memmove
free
_CxxThrowException
malloc
memcmp
_purecall
__CxxFrameHandler

kernel32

GetProcAddress
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreW
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
InterlockedIncrement
VirtualFree
VirtualAlloc
QueryPerformanceCounter
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
WaitForMultipleObjects
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
WriteFile
ReadFile
GetFileAttributesW
GetModuleHandleA
FindFirstFileW
FindClose
GetLastError
CloseHandle
CreateFileW
SetFileAttributesW
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7za.exe
.exe windows:4 windows x86 arch:x86

97afb108b72a3d7397a41aa475152d5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

VariantCopy
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
VariantClear

user32

CharPrevExA
CharUpperW

advapi32

SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
GetFileSecurityW

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
realloc
strlen
memset
wcscmp
wcsstr
strcmp
memmove
fputs
fputc
fflush
fgetc
fclose
_iob
free
_CxxThrowException
malloc
memcmp
_purecall
memcpy
__CxxFrameHandler
_isatty
_fileno

kernel32

ResetEvent
CreateSemaphoreW
CreateEventW
WaitForSingleObject
ReleaseSemaphore
InitializeCriticalSection
VirtualFree
SetEvent
MoveFileW
VirtualAlloc
QueryPerformanceCounter
LocalFileTimeToFileTime
SetConsoleMode
GetConsoleMode
GetVersionExW
SetFileApisToOEM
GetCommandLineW
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
DeleteCriticalSection
IsProcessorFeaturePresent
GetProcessTimes
OpenEventW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetProcessAffinityMask
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetSystemTimeAsFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GlobalMemoryStatus
GetSystemInfo
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
GetCurrentProcess
GetDiskFreeSpaceW
GetFileInformationByHandle
SetEndOfFile
WriteFile
ReadFile
DeviceIoControl
SetFilePointer
GetFileSize
GetLastError
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
LoadLibraryW
GetModuleFileNameW
LocalFree
FormatMessageW
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
RemoveDirectoryW
GetLogicalDriveStringsW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
SetLastError
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTempPathW
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleA
GetFileAttributesW
InterlockedIncrement

Sections

.text
Size: 604KB - Virtual size: 604KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zsd_All_x64.sfx
.exe windows:5 windows x64 arch:x64

22e7125b95acf497b07e79559bdc556c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

shell32

ShellExecuteW
SHBrowseForFolderW
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetMalloc

gdi32

CreateCompatibleDC
CreateFontIndirectW
DeleteObject
DeleteDC
GetCurrentObject
StretchBlt
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
SetStretchBltMode
GetObjectW

advapi32

FreeSid
AllocateAndInitializeSid
CheckTokenMembership

user32

GetSystemMenu
EnableMenuItem
EnableWindow
MessageBeep
LoadIconW
LoadImageW
SetWindowsHookExW
PtInRect
CallNextHookEx
DefWindowProcW
CallWindowProcW
DrawIconEx
DialogBoxIndirectParamW
GetWindow
ClientToScreen
GetDC
DrawTextW
SystemParametersInfoW
SetFocus
UnhookWindowsHookEx
GetWindowLongPtrW
SetWindowLongPtrW
GetSystemMetrics
GetClientRect
GetDlgItem
IsWindow
CreateWindowExA
MessageBoxA
DestroyWindow
GetSysColor
SetWindowTextW
GetWindowTextLengthW
GetWindowTextW
wsprintfA
GetClassNameA
GetWindowLongW
GetMenu
GetWindowDC
ReleaseDC
CopyImage
GetParent
ScreenToClient
CreateWindowExW
GetDesktopWindow
GetWindowRect
SetWindowPos
wvsprintfW
GetMessageW
DispatchMessageW
KillTimer
SetTimer
SendMessageW
ShowWindow
BringWindowToTop
wsprintfW
MessageBoxW
EndDialog
SetWindowLongW
GetKeyState
CharUpperW

ole32

CreateStreamOnHGlobal
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
VariantClear
SysAllocStringLen
OleLoadPicture
SysAllocString

kernel32

SetEndOfFile
GetFileInformationByHandle
WaitForMultipleObjects
SetUnhandledExceptionFilter
QueryPerformanceCounter
VirtualAlloc
VirtualFree
SetFileTime
ReadFile
SetFilePointer
GetFileSize
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
FormatMessageW
lstrcpyW
LocalFree
IsBadReadPtr
GetSystemDirectoryW
GetCurrentThreadId
SuspendThread
TerminateThread
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
SetEnvironmentVariableW
GetDriveTypeW
CreateFileW
LoadLibraryA
SetThreadLocale
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
WideCharToMultiByte
GetTempPathW
GetCurrentDirectoryW
GetEnvironmentVariableW
lstrcmpiW
GetLocaleInfoW
MultiByteToWideChar
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetSystemDefaultLCID
lstrcmpiA
GlobalAlloc
GlobalFree
MulDiv
FindResourceExA
SizeofResource
LoadResource
LockResource
GetProcAddress
GetModuleHandleW
FindFirstFileW
lstrcmpW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
GetStdHandle
WriteFile
lstrlenA
CreateDirectoryW
GetFileAttributesW
SetCurrentDirectoryW
GetLocalTime
SystemTimeToFileTime
CreateThread
GetExitCodeThread
Sleep
SetFileAttributesW
GetDiskFreeSpaceExW
SetLastError
GetTickCount
lstrlenW
ExitProcess
lstrcatW
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
CloseHandle
WaitForSingleObject
GetExitCodeProcess
GetQueuedCompletionStatus
ResumeThread
SetInformationJobObject
CreateIoCompletionPort
AssignProcessToJobObject
CreateJobObjectW
GetLastError
CreateProcessW
GetStartupInfoW
GetCommandLineW
GetCurrentProcessId

msvcrt

__C_specific_handler
??3@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
_wtol
__CxxFrameHandler
memset
memmove
memcpy
_wcsnicmp
memcmp
strncpy
wcsncpy
wcsncmp
strncmp
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
_beginthreadex
_CxxThrowException
wcsstr
free
realloc
malloc
_unlock
__dllonexit
_lock
_onexit
??1type_info@@UEAA@XZ
__getmainargs
_XcptFilter
_exit
_ismbblead
_cexit
exit
_acmdln
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7zxa.dll
.dll windows:4 windows x86 arch:x86

b56c6d8dc50f73376215a3b3ddce91c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
SysFreeString
VariantClear

msvcrt

_beginthreadex
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
strlen
free
malloc
_CxxThrowException
memcpy
memmove
memcmp
_purecall
__CxxFrameHandler
memset

kernel32

InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
CloseHandle
VirtualFree
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
WaitForMultipleObjects
GetModuleHandleW
GetProcAddress
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
GetLastError
DeleteCriticalSection

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NVSlimmer.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\Cosas\Fuentes\NVSlimmer\NVSlimmer\obj\Debug\NVSlimmer.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 182KB - Virtual size: 181KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NVSlimmer.exe.config
.xml
NVSlimmer.pdb
NVSlimmer.txt
config.txt

Sharing

General

Malware Config

Signatures

Files

19e708320645e47a6ddec14006f2b46d

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 220KB

.rdata Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 18KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 9KB - Virtual size: 9KB

97afb108b72a3d7397a41aa475152d5a

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

user32

advapi32

msvcrt

kernel32

Sections

.text Size: 604KB - Virtual size: 604KB

.rdata Size: 80KB - Virtual size: 80KB

.data Size: 1KB - Virtual size: 28KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 26KB - Virtual size: 26KB

22e7125b95acf497b07e79559bdc556c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shell32

gdi32

advapi32

user32

ole32

oleaut32

kernel32

msvcrt

Sections

.text Size: 143KB - Virtual size: 142KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 3KB - Virtual size: 20KB

.pdata Size: 8KB - Virtual size: 8KB

.rsrc Size: 5KB - Virtual size: 5KB

.reloc Size: 2KB - Virtual size: 2KB

b56c6d8dc50f73376215a3b3ddce91c0

Headers

DLL Characteristics

File Characteristics

Imports

oleaut32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 18KB

.sxdata Size: 512B - Virtual size: 4B

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 6KB - Virtual size: 6KB

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

.text
Size: 220KB - Virtual size: 220KB

.rdata
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 18KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 9KB - Virtual size: 9KB

.text
Size: 604KB - Virtual size: 604KB

.rdata
Size: 80KB - Virtual size: 80KB

.data
Size: 1KB - Virtual size: 28KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 26KB - Virtual size: 26KB

.text
Size: 143KB - Virtual size: 142KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 3KB - Virtual size: 20KB

.pdata
Size: 8KB - Virtual size: 8KB

.rsrc
Size: 5KB - Virtual size: 5KB

.reloc
Size: 2KB - Virtual size: 2KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 18KB

.sxdata
Size: 512B - Virtual size: 4B

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 6KB - Virtual size: 6KB

.text
Size: 182KB - Virtual size: 181KB

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B