NexusRework_PTO[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NexusRework_PTO.exe
Size

13.8MB
MD5

166219e14cec827fb102e292060d1cdf
SHA1

78e6eae4bed86509ddf435c673d1e3019f39edf0
SHA256

e2bb236593f1dd850f94b1a3f9d63be253c8b322917ddda7dca12658cf9999c2
SHA512

a8333521bba735c582d2b83af5e1bbce978525e1754cd85666949ea3828ff540a57356e32e83e928e71c07478c42b7c7ce1acda20034fae2dce7d3b3f1ba4742
SSDEEP

393216:ZkD/x0OOTDbjn/+7KPDxbSa4hZTvY7zZHqjD:Z+2O2sQ9b4Zk7z4j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NexusRework_PTO.exe

Files

NexusRework_PTO.exe
.exe windows:6 windows x64 arch:x64

fb94224f8ac6e6115b0790811414c23e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AdjustTokenPrivileges

bcrypt

BCryptCloseAlgorithmProvider

crypt32

PFXImportCertStore

iphlpapi

GetNetworkParams

kernel32

TlsFree

ncrypt

NCryptDeleteKey

ole32

CoCreateGuid

ws2_32

shutdown

Sections

.text
Size: - Virtual size: 5.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 5.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xPU
Size: - Virtual size: 6.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.]a$
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.S,o
Size: 13.8MB - Virtual size: 13.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb94224f8ac6e6115b0790811414c23e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

bcrypt

crypt32

iphlpapi

kernel32

ncrypt

ole32

ws2_32

Sections

.text Size: - Virtual size: 5.8MB

.rdata Size: - Virtual size: 5.5MB

.data Size: - Virtual size: 2.5MB

.pdata Size: - Virtual size: 422KB

.xPU Size: - Virtual size: 6.6MB

.]a$ Size: 512B - Virtual size: 456B

.S,o Size: 13.8MB - Virtual size: 13.8MB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 104B

.text
Size: - Virtual size: 5.8MB

.rdata
Size: - Virtual size: 5.5MB

.data
Size: - Virtual size: 2.5MB

.pdata
Size: - Virtual size: 422KB

.xPU
Size: - Virtual size: 6.6MB

.]a$
Size: 512B - Virtual size: 456B

.S,o
Size: 13.8MB - Virtual size: 13.8MB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 104B