General
-
Target
Nezur.exe
-
Size
15.6MB
-
MD5
091b1ec21f161c94d1397d7fc06d6d26
-
SHA1
3fc23e1f5c4b8b9ec9543d9253b40bbd244483c7
-
SHA256
fcebfd3b5cd64261c342b8bc3a4d7c9e3a476be2cb2ffe076916f967a4d9f90a
-
SHA512
3a821ca9eee352730dfa3caa3f0e9a0c3709f89978eea3d6dc32cb7953adb69be8a9fa81070dab0d0f1c74035b6140d3bea6ea186f26897d51139f610480b2bb
-
SSDEEP
393216:ycNy7B3Hc+Q3OK9GJsO/z27cim162SZVhFFXn7:qN39K9IV72wTs2SjrFL
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Nezur.exe
Files
-
Nezur.exe.exe windows:6 windows x64 arch:x64
0dd54c6405a9c43415c7ea497967adfa
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
ReadFile
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
ClientToScreen
gdi32
CreateSolidBrush
advapi32
CryptDestroyKey
shell32
ShellExecuteW
msvcp140
?_Syserror_map@std@@YAPEBDH@Z
ntdll
RtlCaptureContext
imm32
ImmSetCandidateWindow
dwmapi
DwmExtendFrameIntoClientArea
normaliz
IdnToAscii
wldap32
ord79
crypt32
CertFreeCertificateChainEngine
ws2_32
ntohl
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
api-ms-win-crt-stdio-l1-1-0
_read
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcmp
api-ms-win-crt-time-l1-1-0
strftime
api-ms-win-crt-math-l1-1-0
sqrt
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 221KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 8.9MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.themida Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 15.4MB - Virtual size: 15.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ