Nubimod[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

Nubimod.exe
Size

2.7MB
MD5

e99107e94b565355b279e2130f6ead8e
SHA1

344f1e6db1c424315398755ec60e03a7cf31d36b
SHA256

49a2a60fab275db854ce79d669d92bdb1be406c5c00d25ceb1233af0db972a8c
SHA512

6b91726cf8b79e91f6e8d6fce1f86926ec3a74306b4066dc35cf6cc4b74d63eeff0e223335f76b42015696b174dfb1b9ecc7a5c9d55ec565791fede3a6850612
SSDEEP

49152:SB45jTB5xcLpjojbnhtSwzG2r8Ns/jRDHhTjAQf38GlUd0VMe5E8S:CVdPM7TjAQvd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Nubimod.exe

Files

Nubimod.exe
.exe windows:6 windows x64 arch:x64

Password: 123

62dfec357d2764528c1a88f13c23159e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\test\source\repos\Nubimod\x64\Release\Nubimod.pdb

Imports

d3d9

Direct3DCreate9

ws2_32

WSACreateEvent
WSACloseEvent
inet_pton
gethostname
WSASocketW
getaddrinfo
getpeername
sendto
recv
freeaddrinfo
getnameinfo
recvfrom
WSAEventSelect
WSAIoctl
WSASetLastError
__WSAFDIsSet
accept
bind
closesocket
gethostbyname
select
shutdown
listen
WSASendTo
getsockname
WSAResetEvent
socket
connect
WSAWaitForMultipleEvents
getsockopt
WSARecvFrom
ioctlsocket
setsockopt
WSAGetLastError
ntohl
ntohs
htonl
send
WSACleanup
WSAStartup
htons
WSAEnumNetworkEvents

crypt32

CertFreeCertificateChainEngine
CertGetCertificateChain
CryptQueryObject
CertGetNameStringA
CertFindExtension
CertFreeCertificateContext
CertAddCertificateContextToStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertFindCertificateInStore
CertOpenStore
CertOpenSystemStoreW
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertFreeCertificateChain
CertCloseStore

advapi32

CryptGetHashParam
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptReleaseContext
CryptAcquireContextA

libssl-3-x64

SSL_set_verify
SSL_get1_peer_certificate
SSL_get_verify_result
SSL_CTX_use_certificate_file
SSL_CTX_set_cert_store
SSL_CTX_set_default_verify_paths
SSL_CTX_get_cert_store
SSL_connect
SSL_peek
SSL_get_error
TLS_server_method
SSL_shutdown
SSL_CTX_use_certificate_chain_file
SSL_CTX_load_verify_locations
SSL_read
SSL_pending
SSL_accept
SSL_set_bio
SSL_ctrl
SSL_write
SSL_CTX_new
SSL_CTX_use_PrivateKey_file
SSL_CTX_ctrl
SSL_CTX_free
SSL_new
SSL_CTX_set_options
SSL_free
OPENSSL_init_ssl
TLS_client_method

libcrypto-3-x64

X509_STORE_free
X509_STORE_add_cert
OPENSSL_sk_num
X509_get_subject_name
GENERAL_NAMES_free
d2i_X509
X509_NAME_get_text_by_NID
ASN1_STRING_get0_data
EVP_sha512
X509_free
ASN1_STRING_length
X509_get_ext_d2i
BIO_ctrl
BIO_new_socket
EVP_MD_CTX_new
EVP_md5
EVP_sha256
EVP_DigestUpdate
EVP_Digest
EVP_MD_CTX_free
EVP_DigestInit_ex
EVP_DigestFinal_ex
OPENSSL_sk_value

kernel32

FindNextFileW
FindFirstFileExW
FindClose
CreateFileW
SetFileInformationByHandle
CreateDirectoryW
GetFileAttributesExW
GetCurrentDirectoryW
FindFirstFileW
GetFileSizeEx
VerifyVersionInfoW
SleepEx
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetCurrentProcessId
GetEnvironmentVariableA
WaitForSingleObjectEx
MoveFileExA
FormatMessageW
SetLastError
GetSystemDirectoryA
DeleteCriticalSection
InitializeCriticalSectionEx
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitOnceBeginInitialize
InitOnceComplete
GetLocaleInfoEx
LocalFree
GetFileInformationByHandleEx
AreFileApisANSI
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
GetModuleHandleA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceFrequency
GetProcAddress
VerSetConditionMask
GetModuleHandleW
FreeLibrary
QueryPerformanceCounter
GetModuleFileNameA
LoadLibraryExA
GetLastError
FormatMessageA
Sleep
GetStdHandle
SetConsoleMode
UnmapViewOfFile
CreateFileA
CloseHandle
GetFileSize
CreateFileMappingW
MapViewOfFile
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetTickCount
EnterCriticalSection
LeaveCriticalSection

user32

GetKeyState
GetMessageExtraInfo
SetPropA
DestroyWindow
GetDC
SetWindowPos
MonitorFromWindow
SetWindowLongPtrW
EnumDisplayMonitors
CreateWindowExW
ScreenToClient
UnregisterClassW
SetWindowTextW
RegisterClassExW
WindowFromPoint
ShowWindow
GetCapture
GetMonitorInfoW
ClientToScreen
IsChild
TrackMouseEvent
GetKeyboardLayout
GetForegroundWindow
GetPropA
SetLayeredWindowAttributes
AdjustWindowRectEx
BringWindowToTop
LoadCursorW
SetCapture
SetCursor
SetWindowLongW
GetClientRect
SetProcessDPIAware
IsWindowUnicode
ReleaseCapture
SetForegroundWindow
IsIconic
SetCursorPos
UpdateWindow
ReleaseDC
GetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
PostQuitMessage
TranslateMessage
PeekMessageW
DispatchMessageW
GetAsyncKeyState
GetWindowLongW
DefWindowProcW
SetFocus

gdi32

GetDeviceCaps

shell32

ShellExecuteA

oleaut32

VariantClear

msvcp140

??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?tolower@?$ctype@D@std@@QEBADD@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??_D?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?seekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@V32@H@Z
?seekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA?AV?$fpos@U_Mbstatet@@@2@_JHH@Z
?underflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?pbackfail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
?overflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHH@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
_Cnd_destroy_in_situ
_Cnd_broadcast
_Mtx_unlock
_Thrd_join
_Thrd_id
_Cnd_wait
_Strcoll
_Mtx_init_in_situ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
_Mtx_lock
?__ExceptionPtrDestroy@@YAXPEAX@Z
_Mtx_destroy_in_situ
?id@?$collate@D@std@@2V0locale@2@A
?_Random_device@std@@YAIXZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
_Strxfrm
_Cnd_init_in_situ
?__ExceptionPtrCreate@@YAXPEAX@Z
_Thrd_hardware_concurrency
_Cnd_signal
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Xtime_get_ticks
_Thrd_detach
_Query_perf_counter
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?uncaught_exceptions@std@@YAHXZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Xbad_alloc@std@@YAXXZ
?_Xout_of_range@std@@YAXPEBD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?good@ios_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
_Query_perf_frequency
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Syserror_map@std@@YAPEBDH@Z

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
memcmp
memchr
memmove
memset
memcpy
__intrinsic_setjmp
strrchr
longjmp
strchr
strstr
__std_terminate
__std_exception_copy
__std_exception_destroy

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_initialize_narrow_environment
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
abort
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_configure_narrow_argv
strerror
_invalid_parameter_noinfo_noreturn
system
_beginthreadex
terminate
__sys_nerr
_errno
_initialize_onexit_table
exit
__sys_errlist

api-ms-win-crt-heap-l1-1-0

realloc
malloc
_set_new_mode
free
_callnewh
calloc

api-ms-win-crt-string-l1-1-0

isxdigit
strpbrk
toupper
_strdup
isspace
strcmp
isdigit
strspn
isalnum
strcspn
isblank
strcoll
isgraph
isupper
tolower
isalpha
iscntrl
ispunct
islower
strncmp
strncpy

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
_open
_close
__stdio_common_vsprintf_s
_fileno
fputs
ftell
fflush
fclose
_get_stream_buffer_pointers
fsetpos
fgetpos
_lseeki64
fgetc
_write
fputc
fseek
fwrite
_wfopen
fread
__stdio_common_vsscanf
freopen
ferror
fopen
getc
tmpnam
_read
feof
__p__commode
fgets
_set_fmode
clearerr
__stdio_common_vsprintf
_pclose
tmpfile
_fseeki64
_ftelli64
setvbuf
ungetc
_popen

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-convert-l1-1-0

strtoull
wcstombs
atof
strtoll
atoi
strtoul
strtod
strtol

api-ms-win-crt-math-l1-1-0

frexp
sqrtf
ldexp
acosf
asin
atan2
acos
_dclass
ceil
ceilf
cos
cosf
tan
exp
floor
_dsign
floorf
fmod
fmodf
log
_fdopen
log10
pow
sin
sqrt
sinf
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale
localeconv
___lc_codepage_func

api-ms-win-crt-time-l1-1-0

_localtime64
_mktime64
_gmtime64
strftime
clock
_difftime64
_time64

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file
remove
_fstat64
_unlink
_access_s
_access
rename
_stat64

normaliz

IdnToAscii
IdnToUnicode

wldap32

ord200
ord35
ord33
ord32
ord79
ord30
ord27
ord143
ord217
ord46
ord211
ord60
ord45
ord50
ord41
ord22
ord301
ord26

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 882KB - Virtual size: 882KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: 123

62dfec357d2764528c1a88f13c23159e

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d9

ws2_32

crypt32

advapi32

libssl-3-x64

libcrypto-3-x64

kernel32

user32

gdi32

shell32

oleaut32

msvcp140

imm32

winmm

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

normaliz

wldap32

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.rdata Size: 882KB - Virtual size: 882KB

.data Size: 51KB - Virtual size: 61KB

.pdata Size: 70KB - Virtual size: 70KB

.rsrc Size: 192KB - Virtual size: 192KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.rdata
Size: 882KB - Virtual size: 882KB

.data
Size: 51KB - Virtual size: 61KB

.pdata
Size: 70KB - Virtual size: 70KB

.rsrc
Size: 192KB - Virtual size: 192KB

.reloc
Size: 5KB - Virtual size: 5KB