nssm[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

nssm.exe
Size

360KB
MD5

1136efb1a46d1f2d508162387f30dc4d
SHA1

f280858dcfefabc1a9a006a57f6b266a5d1fde8e
SHA256

eee9c44c29c2be011f1f1e43bb8c3fca888cb81053022ec5a0060035de16d848
SHA512

43b31f600196eaf05e1a40d7a6e14d4c48fc6e55aca32c641086f31d6272d4afb294a1d214e071d5a8cce683a4a88b66a6914d969b40cec55ad88fde4077d3f5
SSDEEP

6144:0I6VyDGb+HiFr4kchE18dkuCj7jLwcYBQarDosNXJ:0IJDGb+Hiu9hE18dkxfdsNXJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nssm.exe

Files

nssm.exe
.exe windows:5 windows x64 arch:x64

486303637bc6ec8cd38f2967cc02503d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

psapi

GetModuleFileNameExW

shlwapi

PathQuoteSpacesW
PathUnquoteSpacesW
PathFindExtensionW

kernel32

SystemTimeToFileTime
GetFileInformationByHandle
ReadFile
FlushFileBuffers
SetHandleInformation
CreatePipe
GetStdHandle
GetCommandLineW
TlsAlloc
GetModuleFileNameW
GetCurrentThread
GetProcessTimes
OpenProcess
Thread32Next
Thread32First
CreateToolhelp32Snapshot
GenerateConsoleCtrlEvent
SetConsoleCtrlHandler
Process32NextW
Process32FirstW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetWindowsDirectoryW
DeleteCriticalSection
UnregisterWait
SetWaitableTimer
ResumeThread
SetProcessAffinityMask
RegisterWaitForSingleObject
CreateWaitableTimerW
InitializeCriticalSection
SetConsoleOutputCP
GetConsoleOutputCP
WideCharToMultiByte
CompareFileTime
WriteConsoleW
WriteConsoleA
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetTickCount
QueryPerformanceCounter
HeapCreate
HeapSetInformation
SetStdHandle
RtlPcToFileHeader
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
GetOEMCP
FlsAlloc
GetCurrentThreadId
SetLastError
FlsFree
FlsSetValue
CopyFileW
FileTimeToSystemTime
Sleep
SetFilePointer
MoveFileW
GetSystemTime
CreateFileW
SetFilePointerEx
SetEndOfFile
WriteFile
DuplicateHandle
FreeLibrary
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
CreateThread
GetExitCodeThread
WaitForSingleObject
GetSystemTimeAsFileTime
CloseHandle
GetExitCodeProcess
GetCurrentProcess
GetProcessAffinityMask
GetEnvironmentVariableW
FindResourceExW
LoadResource
GetModuleHandleW
LocalFree
TlsGetValue
LocalAlloc
TlsSetValue
GetUserDefaultLangID
FormatMessageW
CreateProcessW
TerminateProcess
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
AllocConsole
GetConsoleWindow
GetCurrentProcessId
FreeConsole
GetComputerNameW
GetLastError
HeapFree
GetProcessHeap
HeapAlloc
CreateFileA
IsValidCodePage
MultiByteToWideChar
FlsGetValue
DecodePointer
ExitProcess
RtlLookupFunctionEntry
RtlUnwindEx
SetHandleCount
GetFileType
GetStartupInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
EncodePointer

user32

GetProcessWindowStation
LoadImageW
SetWindowLongPtrW
GetMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
PostQuitMessage
DestroyWindow
GetWindowLongPtrW
SetFocus
ShowWindow
CheckRadioButton
PostMessageW
SetDlgItemInt
SendMessageW
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SendDlgItemMessageW
GetWindowRect
GetDesktopWindow
MoveWindow
GetDlgItem
EnableWindow
CreateDialogIndirectParamW
MessageBoxW
MessageBoxIndirectW
GetWindowThreadProcessId
PostThreadMessageW
EnumWindows
SetWindowPos
GetSystemMetrics

comdlg32

GetOpenFileNameW

advapi32

CreateServiceW
StartServiceW
ControlService
QueryServiceStatusEx
SetServiceStatus
DeleteService
QueryServiceConfig2W
ChangeServiceConfig2W
CloseServiceHandle
ChangeServiceConfigW
QueryServiceConfigW
OpenServiceW
GetServiceDisplayNameW
GetServiceKeyNameW
EnumServicesStatusExW
OpenSCManagerW
QueryServiceStatus
RegDeleteKeyW
RegQueryValueExW
RegCloseKey
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
OpenThreadToken
ImpersonateSelf
LookupPrivilegeValueW
AdjustTokenPrivileges
StartServiceCtrlDispatcherW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteValueW
IsTextUnicode
RegisterEventSourceW
ReportEventW
DeregisterEventSource
LsaEnumerateAccountRights
LsaAddAccountRights
FreeSid
LsaLookupSids
LsaClose
LsaLookupNames
LsaFreeMemory
IsValidSid
GetSidSubAuthorityCount
GetSidLengthRequired
GetSidIdentifierAuthority
InitializeSid
GetSidSubAuthority
LsaOpenPolicy
LsaNtStatusToWinError
RegisterServiceCtrlHandlerExW

shell32

ShellExecuteExW

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

486303637bc6ec8cd38f2967cc02503d

Headers

DLL Characteristics

File Characteristics

Imports

psapi

shlwapi

kernel32

user32

comdlg32

advapi32

shell32

Sections

.text Size: 145KB - Virtual size: 144KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 8KB - Virtual size: 208KB

.pdata Size: 9KB - Virtual size: 8KB

.rsrc Size: 159KB - Virtual size: 159KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 8KB - Virtual size: 208KB

.pdata
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 159KB - Virtual size: 159KB