Static task
static1
Behavioral task
behavioral1
Sample
discord-nitro.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
discord-nitro.exe
Resource
win10v2004-20240508-en
General
-
Target
discord-nitro.exe
-
Size
12KB
-
MD5
72ff95fa8fc63ba6309b430422b6ee89
-
SHA1
ebd9c8edc888a9ab52682db469fa384365548a0d
-
SHA256
b40ee88a50093d7d2967a49b9cfbfec9dd37230814e7237b665b883b54b5dfcd
-
SHA512
6c44649f36d790a1c965f14acde942d4f8f7b01ea6b7630998d80aeb5e0a28261d4c19198c39f1567ba620862d05cc4c92b331b82d8909a48af9f407315e59a9
-
SSDEEP
192:krpGXAi4hkVDvfjuqOZT5X3k+ssuzW8cjhnKX5s+nknTGg4:x7XObkWtgkig
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource discord-nitro.exe
Files
-
discord-nitro.exe.exe windows:4 windows x64 arch:x64
bcec633d6f211bafbd42565fe53a74c9
Headers
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
Imports
kernel32
Sleep
CreateDirectoryA
MultiByteToWideChar
SetConsoleTitleA
msvcrt
sprintf
printf
memset
fopen
fwrite
fclose
strcat
_getch
rand
__set_app_type
_controlfp
__argc
__argv
_environ
__getmainargs
exit
wininet
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
HttpQueryInfoA
shell32
SHGetFolderPathA
SHFileOperationA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
shlwapi
PathIsDirectoryA
ole32
CoTaskMemFree
CoInitialize
CoCreateInstance
CoUninitialize
Sections
.text Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 72B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ