Win64[.]NukeSped[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

Win64.NukeSped.zip
Size

298KB
MD5

c92ac2a5a2c6d2b1826a0bbc1a56b01a
SHA1

613d82ecd6e829c8a24ed7261097a746479f44be
SHA256

931f062a629950ad6fb85b83262cc3f730a6e94d43a27b48f7fd857f7722c6ba
SHA512

c11380fdb53d3ce930b6203db7b57919ccb33cfa5d6660a0f26911293c5cf5882f564c4a06f7fbe12048ab8efbcaed85d65384cb441a5005a1771f27fdc2f8e0
SSDEEP

6144:UU8C5xL0+R31j+YQGK4MGHx6KPqKj0VjEcjqa9ilUe0d1:RDxY+d1jGGKIiKjrcX98Ut1

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/6f1c31f5944e46b063abbb6296b3a0d4c06037d4bdfd83ed05119e2505adabc5
unpack001/8390e210162d9b14d5b0b1ef9746c16853aa2d29d1dfc4eab6a051885e0333ed
unpack001/a880d7c77491fcc6f9c88bae064f075a339e6753ef9fa9410b928565887c13b7

Files

Win64.NukeSped.zip
.zip

Password: infected
6f1c31f5944e46b063abbb6296b3a0d4c06037d4bdfd83ed05119e2505adabc5
.dll windows:5 windows x64 arch:x64

f427cc6831ba48ab6437277ee7eef53b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
GetProcessHeap
GetTickCount
lstrcpyA
lstrlenA
GetFileAttributesW
GetFullPathNameW
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
ReadFile
CreateFileW
lstrcpyW
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcatW
CreateFileA
WriteFile
SetFilePointer
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
TerminateProcess
Sleep
InitializeCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetModuleFileNameA
LoadLibraryW
SetFileTime
GetFileTime
GetDiskFreeSpaceExW
CopyFileW
GetSystemDirectoryW
GetFileSizeEx
SetFileAttributesW
GetExitCodeProcess
GetTempPathW
GetFileSize
GetTempFileNameW
GlobalMemoryStatusEx
GetLocaleInfoW
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
WaitForMultipleObjects
ResetEvent
CreateEventW
OpenProcess
DuplicateHandle
GetCurrentProcess
CloseHandle
LoadLibraryA
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
CreateProcessW
WaitForSingleObject
LocalAlloc
LocalFree
SetEvent
WideCharToMultiByte
CompareStringW
SetEndOfFile
HeapReAlloc
SetEnvironmentVariableA
HeapSize
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetStartupInfoW
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
RtlLookupFunctionEntry
RtlUnwindEx
MultiByteToWideChar
GetSystemTimeAsFileTime
MoveFileW
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP

advapi32

CreateProcessAsUserW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterServiceCtrlHandlerExW
SetServiceStatus
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SetEntriesInAclW
SetSecurityInfo
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx

shell32

ShellExecuteA

ws2_32

inet_addr
select
gethostname
gethostbyname
htonl
bind
listen
WSAStartup
ntohs
recv
send
WSAGetLastError
setsockopt
shutdown
htons
socket
ioctlsocket
connect
closesocket

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

ServiceMain

Sections

.text
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
8390e210162d9b14d5b0b1ef9746c16853aa2d29d1dfc4eab6a051885e0333ed
.exe windows:5 windows x86 arch:x86

d57308add8dd08b3e75cca03036daf8c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcess
HeapFree
GetProcessHeap
OpenProcess
GlobalAlloc
TerminateProcess
GetLastError
GlobalFree
GetModuleHandleA
DuplicateHandle
CloseHandle
lstrlenA
GetTickCount
lstrcpyA
GetFullPathNameW
FindFirstFileW
GetFileAttributesW
FileTimeToSystemTime
HeapAlloc
CreateFileW
lstrlenW
FindFirstFileA
FindClose
FindNextFileW
FileTimeToLocalFileTime
DeleteFileW
lstrcpyW
CreateFileA
SetFilePointer
WriteFile
Sleep
GetACP
MoveFileW
CreateEventW
CompareStringW
SetEndOfFile
LocalFree
LocalAlloc
LoadLibraryA
GetProcAddress
ReadFile
WideCharToMultiByte
HeapReAlloc
WriteConsoleW
IsProcessorFeaturePresent
FlushFileBuffers
SetStdHandle
GetStringTypeW
LCMapStringW
MultiByteToWideChar
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
RaiseException
HeapCreate
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameW
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
LoadLibraryW
SetEnvironmentVariableA

user32

MessageBoxA

advapi32

SetEntriesInAclW
SetSecurityInfo
LookupAccountSidW
LookupPrivilegeValueW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges

ws2_32

connect
select
socket
gethostname
gethostbyname
htonl
htons
inet_addr
ioctlsocket
closesocket

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
a880d7c77491fcc6f9c88bae064f075a339e6753ef9fa9410b928565887c13b7
.dll windows:5 windows x64 arch:x64

3eefd277c657302369f45824d2d7eb5a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
GetTickCount
lstrcpyA
lstrlenA
GetFileAttributesW
GetFullPathNameW
lstrlenW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
ReadFile
CreateFileW
lstrcpyW
FindNextFileW
FindFirstFileW
DeleteFileW
CreateFileA
WriteFile
SetFilePointer
GetVolumeInformationW
GetDriveTypeW
GetLogicalDrives
HeapFree
Sleep
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryW
SetFileTime
GetFileTime
GetDiskFreeSpaceExW
CopyFileW
GetSystemDirectoryW
GetFileSizeEx
SetFileAttributesW
GetExitCodeProcess
GetTempPathW
GetFileSize
GetTempFileNameW
GlobalMemoryStatusEx
GetLocaleInfoW
GetComputerNameW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
WaitForMultipleObjects
ResetEvent
CreateEventW
TerminateProcess
OpenProcess
DuplicateHandle
GetCurrentProcess
CloseHandle
GetLastError
GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
CreateProcessW
WaitForSingleObject
LocalAlloc
LocalFree
SetEvent
WideCharToMultiByte
CompareStringW
SetEndOfFile
HeapReAlloc
HeapSize
FlushFileBuffers
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
GetStringTypeW
LCMapStringW
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetTimeZoneInformation
GetStartupInfoW
GetFileType
SetHandleCount
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
RtlLookupFunctionEntry
RtlUnwindEx
MultiByteToWideChar
GetSystemTimeAsFileTime
MoveFileW
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetModuleHandleW
ExitProcess
DecodePointer
GetStdHandle
GetModuleFileNameW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
EncodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

advapi32

CreateProcessAsUserW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegisterServiceCtrlHandlerExW
SetServiceStatus
LookupAccountSidW
GetTokenInformation
OpenProcessToken
SetEntriesInAclW
SetSecurityInfo
LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx

ws2_32

connect
closesocket
select
gethostname
gethostbyname
htonl
WSAStartup
ntohs
recv
send
WSAGetLastError
setsockopt
shutdown
htons
ioctlsocket
socket

psapi

GetModuleFileNameExW

wtsapi32

WTSQueryUserToken
WTSEnumerateSessionsW
WTSQuerySessionInformationW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Exports

Exports

ServiceMain

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

f427cc6831ba48ab6437277ee7eef53b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shell32

ws2_32

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 169KB - Virtual size: 169KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 2KB - Virtual size: 1KB

d57308add8dd08b3e75cca03036daf8c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 12KB

.reloc Size: 7KB - Virtual size: 7KB

.rsrc Size: 1KB - Virtual size: 1KB

3eefd277c657302369f45824d2d7eb5a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

psapi

wtsapi32

userenv

Exports

Exports

Sections

.text Size: 122KB - Virtual size: 121KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 169KB - Virtual size: 169KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 12KB

.reloc
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.text
Size: 122KB - Virtual size: 121KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB