General
-
Target
Nezur.exe
-
Size
14.8MB
-
MD5
4a53af2aa0802ca0237348921d6273a4
-
SHA1
99816187e4e87be959aaf62352297ef9d4eba188
-
SHA256
b6a08d4001a5610795771f66e3c4f683ca893d0263d86cbe0f13ea6938372a3e
-
SHA512
ac1b9b325704723215688b51c07859a25eed196db299c8dfac2f2afad88b384391cd168291338dd28425d15388247121b1473313eb33b538abe505550be9ffa7
-
SSDEEP
196608:/ZNYXcIlNXiQXaj83i4TI7Y/xM5OJJZ4amrfwusfBh0oBvvPsfE55gMCDiAvTFoH:RmcIK2iMoOJJZG8wqPK+
Malware Config
Signatures
-
resource yara_rule sample themida -
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource Nezur.exe
Files
-
Nezur.exe.exe windows:6 windows x64 arch:x64
7efe1f4e74660c3832d8943f85358521
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Imports
d3d11
D3D11CreateDeviceAndSwapChain
d3dcompiler_43
D3DCompile
kernel32
GetFileType
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress
user32
ClientToScreen
gdi32
CreateSolidBrush
advapi32
CryptDestroyKey
shell32
ShellExecuteW
msvcp140
?_Syserror_map@std@@YAPEBDH@Z
ntdll
RtlCaptureContext
imm32
ImmReleaseContext
dwmapi
DwmExtendFrameIntoClientArea
normaliz
IdnToAscii
wldap32
ord79
crypt32
CertFreeCertificateChainEngine
ws2_32
ntohl
shlwapi
PathFindFileNameW
rpcrt4
UuidCreate
psapi
GetModuleInformation
userenv
UnloadUserProfile
vcruntime140_1
__CxxFrameHandler4
vcruntime140
__std_exception_destroy
api-ms-win-crt-runtime-l1-1-0
_beginthreadex
api-ms-win-crt-stdio-l1-1-0
_read
api-ms-win-crt-heap-l1-1-0
realloc
api-ms-win-crt-filesystem-l1-1-0
_lock_file
api-ms-win-crt-convert-l1-1-0
atof
api-ms-win-crt-utility-l1-1-0
qsort
api-ms-win-crt-string-l1-1-0
strcmp
api-ms-win-crt-time-l1-1-0
strftime
api-ms-win-crt-math-l1-1-0
powf
api-ms-win-crt-locale-l1-1-0
localeconv
api-ms-win-crt-environment-l1-1-0
getenv
Sections
.text Size: - Virtual size: 1.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: - Virtual size: 220KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: - Virtual size: 39KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.themida Size: - Virtual size: 8.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.themida Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.themida Size: 14.6MB - Virtual size: 14.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rsrc Size: 176KB - Virtual size: 176KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ