nxqpbdhxuvwdvq[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nxqpbdhxuvwdvq.exe
Size

43.3MB
MD5

ea6683ea1bf3abc7e928822990897f51
SHA1

f5216f9410b64d48fbfb41f86658e73e0c9ce5b4
SHA256

d64d44cb59ab4e9222f73967c081f2c5d9c951065bec12a2453a2a8acd5200ff
SHA512

f4c4479fab9f18fdc0686963261cd3962fca1b824ca8784d6db60a4d4a5cf6c48e90d34a50d8900ff9b12f5ebc9238730dee93635107a86984e14b31977d5e83
SSDEEP

786432:jDR+rNqEX5NJ6aSDouYosYL9RUJvYwGuSPWh4Mg:jD4NbJyaSDZJqJATuSPWC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nxqpbdhxuvwdvq.exe

Files

nxqpbdhxuvwdvq.exe
.exe windows:6 windows x64 arch:x64

624f10172d7fe04b70387d10016391b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

GetWindowTextW

advapi32

OpenSCManagerW

ws2_32

socket

ntdll

RtlInitUnicodeString

shlwapi

PathFileExistsA

dwmapi

DwmGetWindowAttribute

crypt32

CertOpenStore

Sections

.text
Size: - Virtual size: 698KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 17.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.e*W
Size: - Virtual size: 13.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.0ri
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.y2^
Size: 33.3MB - Virtual size: 33.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

624f10172d7fe04b70387d10016391b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

ntdll

shlwapi

dwmapi

crypt32

Sections

.text Size: - Virtual size: 698KB

.rdata Size: - Virtual size: 162KB

.data Size: - Virtual size: 17.5MB

.pdata Size: - Virtual size: 24KB

_RDATA Size: - Virtual size: 244B

.e*W Size: - Virtual size: 13.7MB

.0ri Size: 3KB - Virtual size: 3KB

.y2^ Size: 33.3MB - Virtual size: 33.3MB

.reloc Size: 512B - Virtual size: 100B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 698KB

.rdata
Size: - Virtual size: 162KB

.data
Size: - Virtual size: 17.5MB

.pdata
Size: - Virtual size: 24KB

_RDATA
Size: - Virtual size: 244B

.e*W
Size: - Virtual size: 13.7MB

.0ri
Size: 3KB - Virtual size: 3KB

.y2^
Size: 33.3MB - Virtual size: 33.3MB

.reloc
Size: 512B - Virtual size: 100B

.rsrc
Size: 512B - Virtual size: 480B