discord-nitro[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

discord-nitro.exe
Size

12KB
MD5

72ff95fa8fc63ba6309b430422b6ee89
SHA1

ebd9c8edc888a9ab52682db469fa384365548a0d
SHA256

b40ee88a50093d7d2967a49b9cfbfec9dd37230814e7237b665b883b54b5dfcd
SHA512

6c44649f36d790a1c965f14acde942d4f8f7b01ea6b7630998d80aeb5e0a28261d4c19198c39f1567ba620862d05cc4c92b331b82d8909a48af9f407315e59a9
SSDEEP

192:krpGXAi4hkVDvfjuqOZT5X3k+ssuzW8cjhnKX5s+nknTGg4:x7XObkWtgkig

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
discord-nitro.exe

Files

discord-nitro.exe
.exe windows:4 windows x64 arch:x64

bcec633d6f211bafbd42565fe53a74c9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

Sleep
CreateDirectoryA
MultiByteToWideChar
SetConsoleTitleA

msvcrt

sprintf
printf
memset
fopen
fwrite
fclose
strcat
_getch
rand
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit

wininet

InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA

shell32

SHGetFolderPathA
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

shlwapi

PathIsDirectoryA

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ