Nople[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nople.exe
Size

50KB
MD5

7d595027f9fdd0451b069c0c65f2a6e4
SHA1

a4556275c6c45e19d5b784612c68b3ad90892537
SHA256

d2518df72d5cce230d98a435977d9283b606a5a4cafe8cd596641f96d8555254
SHA512

b8f37ecc78affa30a0c7c00409f2db1e2fd031f16c530a8c1d4b4bffaa5d55ac235b11540c8a611ae1a90b748b04498e3954cfb1529236937ef693c6b20e893b
SSDEEP

768:7mlllC8F/EKXZ13YXcEWLwpjwRCzbaHRgIvkM:7ClCJKJRqcEiwpcsmgIvkM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nople.exe

Files

Nople.exe
.exe windows:4 windows x86 arch:x86

b04e357a82199319e8bee33e2692d728

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetDC
GetSystemMetrics
GetCursorPos
ReleaseDC

gdi32

GetTextExtentPoint32A
CreatePen
SelectObject
TextOutA
SetBkMode
SetTextColor
LineTo
CreateFontIndirectA
MoveToEx
DeleteObject

mpr

WNetEnumResourceA
WNetOpenEnumA

advapi32

DeleteService
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
CloseServiceHandle
StartServiceA
CreateServiceA
ControlService
QueryServiceStatus
OpenSCManagerA
OpenServiceA

kernel32

GetSystemTime
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
SetEnvironmentVariableA
CompareStringW
Beep
CopyFileA
OutputDebugStringA
lstrcpyA
Sleep
CreateThread
TerminateThread
GetCommandLineA
CloseHandle
WaitForMultipleObjects
ResetEvent
CreateEventA
SetEvent
RtlUnwind
GetTimeZoneInformation
CompareStringA
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
GetStringTypeW
MultiByteToWideChar
GetLastError
SetFilePointer
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
WriteFile
HeapAlloc
VirtualAlloc
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
HeapFree
FlushFileBuffers
GetProcAddress
LoadLibraryA
SetStdHandle
GetStringTypeA

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b04e357a82199319e8bee33e2692d728

Headers

File Characteristics

Imports

user32

gdi32

mpr

advapi32

kernel32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 11KB - Virtual size: 16KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 5KB - Virtual size: 5KB

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 11KB - Virtual size: 16KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 5KB - Virtual size: 5KB