Execute
GetClients
Initialize
IsCompilable
General
-
Target
Nezur.dll
-
Size
15.2MB
-
MD5
071ac773d4677d0ee3ac4a23ac0d2e95
-
SHA1
da9abf13aee659307ce71be04fe12b92b88e5006
-
SHA256
82cd8b37e938b10f891aad91445a336f942428eeafe153d0b4348a9e9677af65
-
SHA512
5412eb895b433860c1347751cd157962fd0b21b289af116db4e4a8a27bb3380f5c60a976cc70c87259786820c8424d3dd0b31c94add65970dbf42f948e7ca513
-
SSDEEP
393216:b7Ybk/86uwIkGui7TNhUF0s8j+M3bRDWg6Vh00WDSXnI:nYwk6aui7JhUFyjTbRDWgeyDWI
Score
7/10
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Nezur.dll
Files
-
Nezur.dll.dll windows:6 windows x64 arch:x64
Password: Maelstrom01
909faf03238bb3d177ea24621afb40c1
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
Imports
ws2_32
WSACleanup
kernel32
Process32FirstW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
CloseClipboard
advapi32
CryptEncrypt
ole32
CoCreateGuid
msvcp140
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
bcrypt
BCryptGenRandom
vcruntime140_1
__CxxFrameHandler4
vcruntime140
_purecall
api-ms-win-crt-heap-l1-1-0
free
api-ms-win-crt-runtime-l1-1-0
_invalid_parameter_noinfo_noreturn
api-ms-win-crt-string-l1-1-0
strcspn
api-ms-win-crt-convert-l1-1-0
wcstombs
api-ms-win-crt-stdio-l1-1-0
fgets
api-ms-win-crt-math-l1-1-0
round
api-ms-win-crt-filesystem-l1-1-0
_stat64
api-ms-win-crt-locale-l1-1-0
___lc_codepage_func
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-time-l1-1-0
_time64
wldap32
ord60
normaliz
IdnToUnicode
crypt32
CertGetNameStringA
Exports
Exports
Sections
.text Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 268KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 42KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 51KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 8.8MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.themida Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 15.2MB - Virtual size: 15.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 284B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 512B - Virtual size: 469B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ