General
-
Target
Nezur.exe
-
Size
5.2MB
-
MD5
9af869594f4365cdbf4aa98a606692a1
-
SHA1
f98df89a207c68986d4d5a10de51a6f66de47cb0
-
SHA256
4e9cbe5e7d6c20883a0f552576c8db93eb5e7bdada27d919df7059a23d54bfae
-
SHA512
2111e3860b68f1341c58940135943317df0b1107bc98210f33a9890cf41509dba0ca70b992e831315b8aef6b60ce527770db29e1dc5c24ff6796f693b227a9d2
-
SSDEEP
98304:ozyIHGiT161NI2VnNJN5qPxTCeUV2dUuMEoWWgTgSBZlTRPnYU/VW8xHSyKvzAkc:oOIH/I1NIAND5IRDZUuIWWIgQxJYuW8Z
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Nezur.exe
Files
-
Nezur.exe.exe windows:6 windows x64 arch:x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
Size: 726KB - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Size: 157KB - Virtual size: 433KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 651KB - Virtual size: 973KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Size: 36KB - Virtual size: 60KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 15KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Size: 3KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.idata Size: 3KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 4KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 165KB - Virtual size: 165KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 6.1MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.boot Size: 3.5MB - Virtual size: 3.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 16B - Virtual size: 4KB
IMAGE_SCN_MEM_READ