nazimod-runtime[.]dll

Sharing

Copy URL Twitter E-mail

General

Target

nazimod-runtime.dll
Size

2.3MB
MD5

c362fc33bb096e5ae864e1b093cd850e
SHA1

ed716d8aef7d7b2e71f837171998be6af68cd878
SHA256

cf52f4bf67e7e04bc5b173e36f823419a31dcfbf657e948d4863fa686c7635fe
SHA512

99c20c152174c5367f1f4718c9fc448ea94e6b61ad969f910075dd544a4dcf1f443429a4bf7d792582a43dfb6075aa81abd39dbbe3eb552d777c310183ed3c0d
SSDEEP

24576:r/QlkO266Hhox1Dp9JOpwHGm8m869Zrnx+Nwgyfsb+3:r/F/lmDL78m86zrn+4M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nazimod-runtime.dll

Files

nazimod-runtime.dll
.dll windows:6 windows x64 arch:x64

393ea4d7a7d82046204defc762b6aa91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
SetLastError
FreeLibrary
LoadLibraryExW
GetModuleFileNameW
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
MultiByteToWideChar
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
GetLocaleInfoA
HeapFree
HeapAlloc
InitializeSListHead
GetSystemTimeAsFileTime
RaiseException
GetCurrentThreadId
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
RtlCaptureStackBackTrace
GetFileInformationByHandleEx
CloseHandle
AreFileApisANSI
SetFileInformationByHandle
CreateFileW
GetLastError
SetConsoleTitleA
SetConsoleCP
SetConsoleCtrlHandler
GetLocaleInfoEx
FreeConsole
AllocConsole
GetProcAddress
GetModuleHandleA
GetCurrentThread
FormatMessageA
LocalFree
CreateThread
TerminateProcess
SuspendThread
GetCurrentProcessId
GetCurrentProcess
IsProcessorFeaturePresent
Sleep
GetProcessHeap

user32

GetWindowThreadProcessId
OpenClipboard
CloseClipboard
ClipCursor
GetClipboardData
ShowCursor
GetWindowRect
SetWindowLongPtrA
SetClipboardData
GetForegroundWindow
GetSystemMetrics
GetActiveWindow
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
CallWindowProcA
DefWindowProcA
GetKeyboardLayout
TrackMouseEvent
GetMessageExtraInfo
GetKeyState
GetCapture
SetCapture
ReleaseCapture
IsWindowUnicode
GetClientRect
SetCursor
GetCursorPos
ClientToScreen
EmptyClipboard
LoadCursorA
ScreenToClient
SetCursorPos

shell32

ShellExecuteA

advapi32

RegSetValueExW
RegCreateKeyExW
RegGetValueW
RegCloseKey

msvcp140

??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?good@ios_base@std@@QEBA_NXZ
?flags@ios_base@std@@QEBAHXZ
?setf@ios_base@std@@QEAAHHH@Z
?width@ios_base@std@@QEBA_JXZ
?width@ios_base@std@@QEAA_J_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBAPEADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD0@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEBA_JXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAADD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xbad_function_call@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uncaught_exceptions@std@@YAHXZ

imm32

ImmSetCompositionWindow
ImmGetContext
ImmSetCandidateWindow
ImmReleaseContext

d3dcompiler_47

D3DCompile

vcruntime140

memcmp
memcpy
__std_terminate
_purecall
__C_specific_handler
__vcrt_LoadLibraryExW
__vcrt_GetModuleFileNameW
strstr
__std_exception_destroy
__std_exception_copy
memchr
memset
__std_type_info_destroy_list
__C_specific_handler_noexcept
__current_exception_context
__current_exception
memmove
_CxxThrowException

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_crt_atexit
_errno
abort
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_cexit
terminate
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsscanf
_wfopen
ungetc
__stdio_common_vsprintf
__stdio_common_vfprintf
setvbuf
fwrite
_fseeki64
fsetpos
freopen
fread
fputc
fgetpos
fgetc
fflush
fclose
_get_stream_buffer_pointers
__acrt_iob_func
ftell
fseek

api-ms-win-crt-filesystem-l1-1-0

_wfullpath
_unlock_file
_lock_file

api-ms-win-crt-heap-l1-1-0

free
calloc
_callnewh
malloc
realloc

api-ms-win-crt-utility-l1-1-0

rand
qsort
srand

api-ms-win-crt-convert-l1-1-0

atof
strtod
wcstombs
strtoll
strtoull
wcstombs_s

api-ms-win-crt-string-l1-1-0

strlen
strcat
wcslen
strcpy
strncpy
strcat_s
strcpy_s
strncmp
strcmp

api-ms-win-crt-math-l1-1-0

acosf
sinf
powf
ceilf
pow
_dtest
_dsign
log
cosf
fmodf
sqrtf
logf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-locale-l1-1-0

localeconv
___lc_codepage_func

Exports

Exports

DllMain
wasting_your_life

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

393ea4d7a7d82046204defc762b6aa91

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

advapi32

msvcp140

imm32

d3dcompiler_47

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 464KB - Virtual size: 464KB

.data Size: 204KB - Virtual size: 220KB

.pdata Size: 124KB - Virtual size: 124KB

.detourc Size: 8KB - Virtual size: 8KB

.detourd Size: 512B - Virtual size: 24B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 464KB - Virtual size: 464KB

.data
Size: 204KB - Virtual size: 220KB

.pdata
Size: 124KB - Virtual size: 124KB

.detourc
Size: 8KB - Virtual size: 8KB

.detourd
Size: 512B - Virtual size: 24B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 12KB - Virtual size: 12KB