f2f7e7268284268b5d9e0818651c72b0N[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

f2f7e7268284268b5d9e0818651c72b0N.exe
Size

2.2MB
MD5

f2f7e7268284268b5d9e0818651c72b0
SHA1

108cc2f376e0ccd180baea369c1df8d4a0ee3acf
SHA256

0981f0d43fc996a4615e7db36e6dd2038de4ad42aba657ac43831744c23a027e
SHA512

697fe09c138aab6979d12523459446fffe9febc82901a81567799e7181a146f92fd15ce41ac15b832f86662c08a0a320ce9d7a2ec1daffe5c46ca32700e0b8a0
SSDEEP

49152:q9GuqAbI+l54VKujFJl4ZvbRMybinFeJth9:qou+3xJlwi4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f2f7e7268284268b5d9e0818651c72b0N.exe

Files

f2f7e7268284268b5d9e0818651c72b0N.exe
.dll windows:6 windows x64 arch:x64

4e11faaae7e71ec7cd2f8fa656689002

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Z:\NexusHack\.out\Paid-Client.pdb

Imports

kernel32

SetThreadContext
FlushInstructionCache
VirtualProtect
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetSystemInfo
VirtualAlloc
VirtualFree
VirtualQuery
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
SetLastError
FormatMessageW
GetTickCount
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
GetSystemDirectoryW
LoadLibraryW
MoveFileExW
WaitForSingleObjectEx
GetEnvironmentVariableA
SleepEx
GetFileSizeEx
ReadFile
VerifyVersionInfoW
GetProcessHeap
InitializeSListHead
GetSystemTimeAsFileTime
RaiseException
IsDebuggerPresent
IsProcessorFeaturePresent
VerSetConditionMask
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
OpenThread
CreateEventW
ResumeThread
SetEvent
InitializeCriticalSectionAndSpinCount
GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
FindClose
CreateDirectoryW
GetCurrentThreadId
GetCurrentProcess
HeapFree
HeapReAlloc
FreeLibrary
GetProcAddress
LoadLibraryA
QueryPerformanceCounter
QueryPerformanceFrequency
GlobalFree
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
GlobalLock
GetLocaleInfoEx
FormatMessageA
LocalFree
GetThreadContext
ResetEvent
HeapAlloc
HeapDestroy
SuspendThread
HeapCreate
GetCommandLineA
RtlCaptureContext
GetSystemFirmwareTable
MultiByteToWideChar
GetModuleHandleA
GetLastError
GetCurrentProcessId
CreateProcessW
GetCommandLineW
Sleep
SetThreadPriority
CreateThread
GetModuleHandleW
CloseHandle
CreateFileW
TerminateProcess

user32

CallWindowProcW
DefWindowProcW
GetClientRect
ScreenToClient
GetCursorPos
LoadCursorW
ClientToScreen
SetCursorPos
GetForegroundWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetKeyState
GetCapture
SetCapture
ReleaseCapture
RegisterClassExW
CreateWindowExW
DestroyWindow
SetWindowPos
ShowWindow
UnregisterClassW
GetAsyncKeyState
SetCursor
SetClipboardData
EnumWindows
FindWindowW
SetWindowTextW
EmptyClipboard
CloseClipboard
PostMessageW
GetClipboardData
OpenClipboard
GetWindowThreadProcessId
GetSystemMetrics
IsChild

advapi32

RegGetValueW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptAcquireContextW

shell32

ShellExecuteA

secureenginesdk64

ord29
ord1
ord22
ord21
ord504
ord2
ord17
ord28
ord27
ord18
ord104

msvcp140

?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$ctype@D@std@@2V0locale@2@A
?_Xlength_error@std@@YAXPEBD@Z
?id@?$collate@D@std@@2V0locale@2@A
_Strcoll
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
??1?$codecvt@_SDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_SDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_SDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_S1AEAPEB_SPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exceptions@std@@YAHXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?good@ios_base@std@@QEBA_NXZ
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Throw_C_error@std@@YAXH@Z
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_detach
_Thrd_sleep
_Cnd_do_broadcast_at_thread_exit
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAH@Z
??Bios_base@std@@QEBA_NXZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Syserror_map@std@@YAPEBDH@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_signal
_Cnd_broadcast
_Cnd_wait
_Mtx_current_owns
_Cnd_timedwait
?_Winerror_map@std@@YAHH@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAM@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??7ios_base@std@@QEBA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@G@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEA_N@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAN@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?_Xbad_function_call@std@@YAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
_Strxfrm
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

msvcp140_codecvt_ids

?id@?$codecvt@_SDU_Mbstatet@@@std@@2V0locale@2@A

ws2_32

socket
WSAGetLastError
inet_addr
htons
listen
connect
closesocket
recv
ioctlsocket
WSAPoll
send
bind
freeaddrinfo
getaddrinfo
getsockname
select
__WSAFDIsSet
inet_pton
WSAIoctl
setsockopt
WSACleanup
WSAStartup
inet_ntop
WSASetLastError
WSAWaitForMultipleEvents
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
getsockopt
htonl
ntohl
accept
ntohs
inet_ntoa
getpeername

crypt32

CryptStringToBinaryW
CertGetCertificateChain
CertFreeCertificateChain
CertFindCertificateInStore
CertFreeCertificateContext
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringW
CryptQueryObject
CertFreeCertificateChainEngine
CertEnumCertificatesInStore
CertOpenStore
CertCreateCertificateChainEngine
CertCloseStore

winmm

PlaySoundA
PlaySoundW

imm32

ImmSetCompositionWindow
ImmReleaseContext
ImmGetContext

d3dcompiler_47

D3DCompile

iphlpapi

GetAdaptersAddresses

bcrypt

BCryptGenRandom

vcruntime140_1

__CxxFrameHandler4

vcruntime140

strstr
__C_specific_handler
__vcrt_LoadLibraryExW
__vcrt_GetModuleFileNameW
__std_type_info_destroy_list
_CxxThrowException
__current_exception_context
__current_exception
wcschr
memchr
__C_specific_handler_noexcept
memcmp
memmove
strrchr
memset
memcpy
strchr
__std_terminate
__std_exception_destroy
__std_exception_copy
_purecall

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_beginthreadex
__sys_errlist
__sys_nerr
_crt_atexit
terminate
_seh_filter_dll
_execute_onexit_table
_configure_narrow_argv
_register_onexit_function
_initialize_narrow_environment
_initialize_onexit_table
_errno
_cexit
exit

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
realloc
malloc

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
fopen_s
_close
fgetc
fputc
ungetc
fflush
fgets
_wopen
setvbuf
fsetpos
fputs
_fseeki64
fgetpos
fwrite
__stdio_common_vfprintf
fread
_wfopen
__stdio_common_vsprintf
_get_stream_buffer_pointers
__stdio_common_vsscanf
fclose
ftell
feof
fseek
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

strtol
strtof
strtoll
strtoul
wcstombs
atoi
atof

api-ms-win-crt-time-l1-1-0

strftime
_time64
_gmtime64
_localtime64_s

api-ms-win-crt-filesystem-l1-1-0

_unlink
_lock_file
_unlock_file
_wstat64
_waccess

api-ms-win-crt-string-l1-1-0

tolower
strncmp
toupper
strcpy_s
isspace
_wcsdup
strcspn
wcspbrk
strcmp
strcat_s
wcsncmp
strpbrk
strspn
wcsncpy
_strdup
strncpy
strncpy_s

api-ms-win-crt-math-l1-1-0

ceilf
atan2f
fmaxf
atan2
fminf
log
pow
powf
roundf
sin
sinf
sqrt
logf
floorf
remainderf
fmodf
cosf
acosf
sqrtf
cos
_fdopen
ldexp

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-environment-l1-1-0

_dupenv_s

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 765KB - Virtual size: 772KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e11faaae7e71ec7cd2f8fa656689002

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

secureenginesdk64

msvcp140

msvcp140_codecvt_ids

ws2_32

crypt32

winmm

imm32

d3dcompiler_47

iphlpapi

bcrypt

vcruntime140_1

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.rdata Size: 344KB - Virtual size: 344KB

.data Size: 765KB - Virtual size: 772KB

.pdata Size: 47KB - Virtual size: 47KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.rdata
Size: 344KB - Virtual size: 344KB

.data
Size: 765KB - Virtual size: 772KB

.pdata
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 3KB - Virtual size: 2KB