Unconfirmed 552306[.]crdownload

Resubmissions

23/08/2024, 14:20

240823-rne65ayfpa 8

23/08/2024, 14:15

240823-rkk8za1eqj 8

01/02/2024, 14:52

240201-r8smysfhe6 8

Sharing

Copy URL Twitter E-mail

General

Target

Unconfirmed 552306.crdownload
Size

670KB
MD5

63c6d369ea425175d853801c9ff5d203
SHA1

8cf3adf588c549a172c3b4f7948d64b34aecd89c
SHA256

b005a6f717b3b08e487cbdba11ae625667543b1869ad40602e6aaf46009f6001
SHA512

2b95dc9e6ac5a1b3eb07588586bad3102fa39977f42b892e6ca2658bb7226c1f22e70cdf69abcea0fe52af9f9b7211db51b0e8dbadfba5c9d4476ff5bd960be8
SSDEEP

12288:0bqh69TXhwMn5dkmAJbG/c+AJkd4N6+rJH0fHIOfORKaeC6YoNIKMUQ7fXZiDE0B:0blNBnqbG/pvdkFHqHI0OAFTYo8PfXZy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nezur.exe

Files

Unconfirmed 552306.crdownload
.zip
Nezur.exe
.exe windows:6 windows x64 arch:x64

b53fef22c04eedcf54c668ab9b550af2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\etc\Sources\rbx-external-base\Build\Esp\external-sdk.pdb

Imports

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile

dwmapi

DwmExtendFrameIntoClientArea

kernel32

VirtualQuery
SetConsoleTextAttribute
SetConsoleTitleA
GetStdHandle
GetConsoleWindow
AllocConsole
Process32First
GetCurrentProcess
Module32Next
LocalAlloc
Module32First
CreateToolhelp32Snapshot
CreateFileA
Process32Next
CloseHandle
LocalFree
GetFileSizeEx
ReadFile
HeapAlloc
HeapFree
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
WideCharToMultiByte
TerminateProcess
IsProcessorFeaturePresent
GlobalLock
LoadLibraryExA
GetModuleHandleW
FreeLibrary
GetSystemTimeAsFileTime
InitializeSListHead
GetCurrentDirectoryW
GetModuleHandleA
CreateFileW
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle
GetTempPathW
AreFileApisANSI
GetLastError
GetFileInformationByHandleEx
FormatMessageA
GetLocaleInfoEx
GetCurrentProcessId
VirtualAlloc
DeviceIoControl
VirtualFree
GlobalFree
GlobalAlloc
MultiByteToWideChar
QueryPerformanceCounter
GetProcAddress
GetCurrentThreadId
LoadLibraryA
QueryPerformanceFrequency
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
CreateDirectoryW
GlobalUnlock
ReleaseSRWLockExclusive
IsDebuggerPresent

user32

GetClipboardData
MessageBoxA
SendInput
ShowWindow
TranslateMessage
GetAsyncKeyState
SetWindowLongA
DefWindowProcA
SetLayeredWindowAttributes
FindWindowA
EmptyClipboard
CloseClipboard
OpenClipboard
GetCursorPos
SetCursorPos
ReleaseCapture
IsWindowUnicode
GetClientRect
UpdateWindow
LoadImageA
SetCursor
SetCapture
GetForegroundWindow
TrackMouseEvent
ClientToScreen
GetCapture
ScreenToClient
LoadCursorA
GetMessageExtraInfo
GetKeyState
UnregisterClassA
PeekMessageA
CreateWindowExA
RegisterClassA
MoveWindow
GetWindowLongA
DestroyWindow
GetWindowRect
DispatchMessageA
SetClipboardData

advapi32

RegDeleteKeyA
AllocateAndInitializeSid
LookupPrivilegeValueA
RegSetValueExA
AddAccessDeniedAce
OpenProcessToken
FreeSid
InitializeSecurityDescriptor
InitializeAcl
SetKernelObjectSecurity
GetLengthSid
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
AdjustTokenPrivileges
SetSecurityDescriptorDacl
LookupPrivilegeValueW
RegCreateKeyA

shell32

SHGetKnownFolderPath
ShellExecuteA

msvcp140

?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
??Bid@locale@std@@QEAA_KXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?uncaught_exceptions@std@@YAHXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?good@ios_base@std@@QEBA_NXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_function_call@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Thrd_id
_Thrd_join
_Query_perf_frequency
_Thrd_sleep
_Query_perf_counter
_Xtime_get_ticks
_Thrd_detach
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??Bios_base@std@@QEBA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Winerror_map@std@@YAHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?_Syserror_map@std@@YAPEBDH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAPEAD0PEAH001@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

imm32

ImmSetCandidateWindow
ImmReleaseContext
ImmGetContext
ImmSetCompositionWindow

ntdll

NtQuerySystemInformation
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlAnsiStringToUnicodeString
RtlInitAnsiString

dbghelp

ImageRvaToVa
ImageDirectoryEntryToData
ImageNtHeader

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
_CxxThrowException
__current_exception_context
memchr
__std_terminate
__current_exception
__std_exception_destroy
__std_exception_copy
memmove
strrchr
memset
memcpy
__C_specific_handler
strstr

api-ms-win-crt-heap-l1-1-0

_callnewh
_set_new_mode
free
malloc

api-ms-win-crt-utility-l1-1-0

rand
qsort

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo_noreturn
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_seh_filter_exe
_cexit
_beginthreadex
abort
_crt_atexit
terminate
system
_errno
perror
_register_onexit_function
_set_app_type
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fflush
freopen_s
_get_stream_buffer_pointers
_fseeki64
fsetpos
ungetc
setvbuf
fgetpos
fclose
fgetc
fputc
ftell
fseek
_set_fmode
__p__commode
__stdio_common_vfprintf
__stdio_common_vsscanf
fread
_wfopen
fwrite
__stdio_common_vsprintf

api-ms-win-crt-string-l1-1-0

_stricmp
strncmp
strncpy
strcmp

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-convert-l1-1-0

atof
wcstombs
strtoll
strtod
strtoull

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

_dsign
_dclass
sinf
acosf
ceilf
cosf
floorf
fmodf
sqrtf
__setusermatherr

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
localeconv
___lc_codepage_func

Sections

.text
Size: 635KB - Virtual size: 634KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 495KB - Virtual size: 494KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
auto_load.txt
configs/autosave.cfg

Resubmissions

Sharing

General

Malware Config

Signatures

Files

b53fef22c04eedcf54c668ab9b550af2

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

d3d11

d3dcompiler_47

dwmapi

kernel32

user32

advapi32

shell32

msvcp140

imm32

ntdll

dbghelp

vcruntime140_1

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 635KB - Virtual size: 634KB

.rdata Size: 495KB - Virtual size: 494KB

.data Size: 5KB - Virtual size: 7KB

.pdata Size: 20KB - Virtual size: 20KB

.rsrc Size: 9KB - Virtual size: 9KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 635KB - Virtual size: 634KB

.rdata
Size: 495KB - Virtual size: 494KB

.data
Size: 5KB - Virtual size: 7KB

.pdata
Size: 20KB - Virtual size: 20KB

.rsrc
Size: 9KB - Virtual size: 9KB

.reloc
Size: 1KB - Virtual size: 1KB