nightmangle[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

nightmangle.exe
Size

3.4MB
MD5

46884eef6dbafaead5020ddc2e6a63e6
SHA1

f103e0c8b8ea9db4736e11edc8ca73c94b1b9c6a
SHA256

4af388414a2cf0a0a91b0b5da179cd770d1214ce62bfe557e3daa8c78de42bf1
SHA512

93ebb31d483974b089797a145e23cd051ed8b82b16aac019c14a0f7ed59a0f316be178f7e88df4e1e25b2c25744abc8f034891962f79914582bb69fcb2345e2c
SSDEEP

49152:buIKQw1Gs4WZo1ADgcXNeVb7GN6pQ/k/FXszSXs7Uu2yjkTwD:Ht+c0hsfVuNnktA7jYTwD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
nightmangle.exe

Files

nightmangle.exe
.exe windows:6 windows x64 arch:x64

c2d8aade67894703fb1905837bdee7fb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

nightmangle.pdb

Imports

bcryptprimitives

ProcessPrng

api-ms-win-core-synch-l1-2-0

WakeByAddressSingle
WaitOnAddress
WakeByAddressAll

advapi32

DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036
CreateProcessWithTokenW
SetThreadToken
RevertToSelf
OpenProcessToken
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
GetSidSubAuthorityCount
GetSidSubAuthority
InitializeSecurityDescriptor

gdi32

BitBlt
GetDIBits
CreateCompatibleBitmap
DeleteObject
SelectObject
DeleteDC
CreateCompatibleDC

kernel32

TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EnterCriticalSection
TlsAlloc
GetLastError
FindClose
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
UnregisterWaitEx
CloseHandle
GetCurrentProcess
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
LocalAlloc
CreateToolhelp32Snapshot
Process32First
Process32Next
CreatePipe
GetSystemDirectoryW
GetSystemTimePreciseAsFileTime
ReadFile
GetSystemInfo
LoadLibraryA
GetProcAddress
VirtualAlloc
FreeLibrary
GetModuleHandleA
LoadLibraryW
VirtualFree
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetCurrentThread
HeapFree
HeapReAlloc
WaitForSingleObjectEx
GetCurrentProcessId
CreateMutexA
ReleaseMutex
lstrlenW
RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry
SwitchToThread
SetLastError
GetFinalPathNameByHandleW
GetQueuedCompletionStatusEx
CreateIoCompletionPort
SetFileCompletionNotificationModes
SetHandleInformation
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
CreateWaitableTimerExW
SetWaitableTimer
Sleep
QueryPerformanceFrequency
GetModuleHandleW
FormatMessageW
GetEnvironmentVariableW
CreateFileW
SetFileInformationByHandle
GetFileInformationByHandle
GetFileInformationByHandleEx
GetFullPathNameW
SetFilePointerEx
FindNextFileW
FindFirstFileW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringOrdinal
GetModuleFileNameW
GetWindowsDirectoryW
CreateProcessW
GetFileAttributesW
DuplicateHandle
InitializeProcThreadAttributeList
UpdateProcThreadAttribute
DeleteProcThreadAttributeList
CreateNamedPipeW
CreateThread
ReadFileEx
SleepEx
WriteFileEx
QueryPerformanceCounter
HeapAlloc
GetProcessHeap
GetCurrentDirectoryW
WideCharToMultiByte
PostQueuedCompletionStatus
SetConsoleCtrlHandler
LocalFree
FlushFileBuffers
GetTickCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetFileSize
LockFileEx
UnlockFile
HeapDestroy
HeapCompact
DeleteFileW
DeleteFileA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
HeapCreate
AreFileApisANSI
InitializeCriticalSection
RtlPcToFileHeader
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
RtlUnwindEx
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

user32

GetDC
SetProcessDPIAware
GetDesktopWindow
GetSystemMetrics
ReleaseDC

crypt32

CertCloseStore
CertFreeCertificateContext
CertFreeCertificateChain
CertDuplicateCertificateContext
CertVerifyCertificateChainPolicy
CertAddCertificateContextToStore
CertGetCertificateChain
CertDuplicateStore
CertEnumCertificatesInStore
CertDuplicateCertificateChain
CertOpenStore
CryptUnprotectData

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

oleaut32

SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
SafeArrayGetUBound
SafeArrayCreate
SafeArrayGetLBound
SafeArrayPutElement
SysStringLen
GetErrorInfo
SysFreeString
SafeArrayCreateVector

bcrypt

BCryptGenRandom

ws2_32

WSASocketW
getsockname
ioctlsocket
WSAGetLastError
getpeername
connect
getsockopt
shutdown
setsockopt
getaddrinfo
freeaddrinfo
WSAStartup
WSACleanup
recv
send
WSASend
WSAIoctl
bind
closesocket

ntdll

NtDeviceIoControlFile
NtCancelIoFileEx
NtWriteFile
NtCreateFile
RtlNtStatusToDosError
NtReadFile

secur32

DecryptMessage
QueryContextAttributesW
ApplyControlToken
AcquireCredentialsHandleA
InitializeSecurityContextW
AcceptSecurityContext
EncryptMessage
FreeContextBuffer
FreeCredentialsHandle
DeleteSecurityContext

api-ms-win-crt-string-l1-1-0

strcpy_s
wcslen
strncmp
wcsncmp
strlen
strcmp
strcspn

api-ms-win-crt-math-l1-1-0

pow
roundf
_dclass
log
__setusermatherr

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
realloc
calloc
malloc
_msize

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-time-l1-1-0

_localtime64_s

api-ms-win-crt-runtime-l1-1-0

abort
_beginthreadex
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_set_app_type
_endthreadex
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_cexit
__p___argv
__p___argc
_configure_narrow_argv
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 826KB - Virtual size: 826KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c2d8aade67894703fb1905837bdee7fb

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

bcryptprimitives

api-ms-win-core-synch-l1-2-0

advapi32

gdi32

kernel32

ole32

shell32

user32

crypt32

userenv

oleaut32

bcrypt

ws2_32

ntdll

secur32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 826KB - Virtual size: 826KB

.data Size: 21KB - Virtual size: 25KB

.pdata Size: 73KB - Virtual size: 73KB

.reloc Size: 17KB - Virtual size: 17KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 826KB - Virtual size: 826KB

.data
Size: 21KB - Virtual size: 25KB

.pdata
Size: 73KB - Virtual size: 73KB

.reloc
Size: 17KB - Virtual size: 17KB