NursultanLoader[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NursultanLoader.exe
Size

478KB
MD5

9d10dc7fe386a5ecd5e1ace5dd13e1f9
SHA1

d1e8fbd1f3172b62122c7fb0dd226f4d232b327a
SHA256

9c21bb2ec11c89005ffbcc3efd2ac20c2afd891b23137bcdf431a8164882a4fa
SHA512

6c772b04e2efec233f5f8cc0a7db5415f3a794fd6b35a6c34d2b82d4a4a1f92a52806738187c68bb95a71cc622839927f14fca21d5efe135bc8f40f506feea47
SSDEEP

6144:OG4quejbjDeTe7+Y9cBjZe6VlWT8b99qM4TXO7hC4I08AOBsebepMvP:62jH+q+tBZPVle8HqMWXohCdbA4aev

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NursultanLoader.exe

Files

NursultanLoader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 475KB - Virtual size: 474KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ