necurs | Triage

Sharing

General

Target

necurs
Size

1008KB
MD5

6e05e84c7a993880409d7a0324c10e74
SHA1

4cac8146d54c5e47ec1c31a04c3cafdec9fbf209
SHA256

ffb1150bbb28d53f325b00445be935cd657c1d8061ba73e91af5b343b6c0d438
SHA512

4a4fa48ce31abea8cab4ca176f9d5be4b1b9b9c45c574f2e3605eaf04fd2fbd3da37d464300b2954623b0b9d377cff0a47d082b7fc1cc82a6d3eeab87555d43a
SSDEEP

24576:XiB1Q0SPpqqUGB9Qe5k04Q9RGuRUEy3FKEdeybpk/w:XJ/PMq3B9Qet1pyVbNbGo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
necurs

Files

necurs
.exe windows:5 windows x86 arch:x86

4b308ae43f978da897cc09003cbeff9f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetProcessVersion
GetCommandLineA
LocalReAlloc
GetSystemPowerStatus
DeactivateActCtx
SetConsoleCursorInfo

gdi32

SetViewportOrgEx
ExtSelectClipRgn
GetCurrentPositionEx

user32

UnhookWindowsHookEx
IsCharLowerW
GetKeyboardLayout

oleaut32

VarI8FromR4

advapi32

RegReplaceKeyW
GetSidSubAuthorityCount

setupapi

SetupDuplicateDiskSpaceListW
SetupDiCreateDeviceInfoListExW

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

aei
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

9B|PsbB+
Size: 664KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ