xnz_ngbowgenpx[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

xnz_ngbowgenpx.exe
Size

14.5MB
MD5

d4ce968ff058c3cf181b905c38bf6600
SHA1

97f6d72e98dc216e8bdec0f4e798b39e6d6356b9
SHA256

969ccc21670b68a474f7d21b95dc5b1ace90ad294086c41fe769b07c759c1f9a
SHA512

55e9b7b1db7206cb07d4de5348b382703f08857e6b17bd73d8299fa39ffff8f1d2c768a84281cb0dd022d482c11247c9abfe23c26d729cfa628438c7f84c8c3b
SSDEEP

393216:6azFYS8A9djPp9qTg1Vl/UIGh8yUp1weT+:llh9qTg1r/ipqw6+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
xnz_ngbowgenpx.exe

Files

xnz_ngbowgenpx.exe
.exe windows:6 windows x64 arch:x64

Password: infected

28ca63991b5fa68512125aaaf38bd5da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

TrackMouseEvent

gdi32

SelectObject

advapi32

RegOpenKeyExA

wininet

HttpSendRequestW

d3dx9_43

D3DXCreateTextureFromFileInMemoryEx

ntdll

RtlImageNtHeader

d3d9

Direct3DCreate9

gdiplus

GdiplusStartup

Sections

.text
Size: - Virtual size: 869KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 555KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

._V,
Size: - Virtual size: 8.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.oK8
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.O?k
Size: 14.5MB - Virtual size: 14.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

28ca63991b5fa68512125aaaf38bd5da

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wininet

d3dx9_43

ntdll

d3d9

gdiplus

Sections

.text Size: - Virtual size: 869KB

.rdata Size: - Virtual size: 555KB

.data Size: - Virtual size: 304KB

.pdata Size: - Virtual size: 29KB

._V, Size: - Virtual size: 8.1MB

.oK8 Size: 3KB - Virtual size: 3KB

.O?k Size: 14.5MB - Virtual size: 14.5MB

.rsrc Size: 512B - Virtual size: 480B

.text
Size: - Virtual size: 869KB

.rdata
Size: - Virtual size: 555KB

.data
Size: - Virtual size: 304KB

.pdata
Size: - Virtual size: 29KB

._V,
Size: - Virtual size: 8.1MB

.oK8
Size: 3KB - Virtual size: 3KB

.O?k
Size: 14.5MB - Virtual size: 14.5MB

.rsrc
Size: 512B - Virtual size: 480B