General
-
Target
Nezur_External.zip
-
Size
12.4MB
-
MD5
6360f2f2352f86107438cc1bccf2363f
-
SHA1
8bde0aaf44c04d65093dc742c40026367c9464ba
-
SHA256
47821722956eacf0158c102bbb392e8644e108b984160262bc5873d85e81985f
-
SHA512
1710185986f8ebced48ac0d93d918710ab064a5a276811c26513d283adbb6be66f6378ca0571d957e551c38c5fe29b559f5ebf2cf1332e8c931415b3dd67cf85
-
SSDEEP
196608:m0qFHst/gmjrj05tlVaXRiKrO2/FN9IYVHQUxTxiqAE/MxZvhUC87biEuubFBAtv:ht4uo5tOhiKrOA1VHrxTxigMdUjfXmJ
Malware Config
Signatures
-
resource yara_rule static1/unpack001/Nezur.exe themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack001/Nezur.exe
Files
-
Nezur_External.zip.zip
-
Nezur.exe.exe windows:6 windows x64 arch:x64
9afeaac417327902d1037e8f1eff2f99
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
CreateFileA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
DefWindowProcA
gdi32
CreateSolidBrush
advapi32
CryptGetHashParam
shell32
ShellExecuteW
msvcp140
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
ntdll
RtlCaptureContext
imm32
ImmSetCompositionWindow
dwmapi
DwmExtendFrameIntoClientArea
normaliz
IdnToAscii
wldap32
ord30
crypt32
CertFreeCertificateChain
ws2_32
ntohl
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_terminate
api-ms-win-crt-runtime-l1-1-0
system
api-ms-win-crt-stdio-l1-1-0
fsetpos
api-ms-win-crt-heap-l1-1-0
_callnewh
api-ms-win-crt-filesystem-l1-1-0
_wremove
api-ms-win-crt-convert-l1-1-0
strtoll
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
isspace
api-ms-win-crt-time-l1-1-0
_time64
api-ms-win-crt-math-l1-1-0
sqrt
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 219KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 7.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.themida Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 13.7MB - Virtual size: 13.7MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ