Nezur[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Nezur.zip
Size

507KB
MD5

fcef2fa3a02e95fd8dac0dbdce56fc9f
SHA1

52af479e6012e920565c6108fb7a162fdf78174d
SHA256

ef2388d68817ae23b0b65f3425abf68572010b36962c38eb8fe08613d03666b0
SHA512

c97868a6e89efc0818bc4a1134c79c039491439fa14e7d5ab367c2919e34f9f1887c378ec6406b75813598185449819ffe4068ace8951f1061e09c17a69b3a94
SSDEEP

12288:8Z3ybMqU0Yz3jBL75xwc4XscIFl4zA6fzvBLVkwR3:8Z3y4qKjRdxwr81FlQxfDxVki

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/lua51.dll
unpack001/lua51.exe

Files

Nezur.zip
.zip

Password: Riptide
Application.bat
cache.txt
lua51.dll
.dll windows:6 windows x86 arch:x86

Password: Riptide

9466a71df1d3a59794f8605626534abe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
SetLastError
VirtualAlloc
VirtualFree
VirtualQuery
VirtualProtect
FreeLibrary
GetModuleHandleExA
GetProcAddress
LoadLibraryExA
FormatMessageA
RaiseException
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
Sleep
CreateThread
RtlUnwind
GetModuleFileNameA
GetModuleHandleA
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
SetEndOfFile
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
ReadFile
CloseHandle
DuplicateHandle
CreateProcessA
GetTempPathW
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadConsoleW
DecodePointer
GetACP
SetFilePointerEx
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
GetTimeZoneInformation
DeleteFileW
MoveFileExW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
WriteConsoleW

Exports

Exports

luaJIT_profile_dumpstack
luaJIT_profile_start
luaJIT_profile_stop
luaJIT_setmode
luaJIT_version_2_1_0_beta3
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_execresult
luaL_fileresult
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadbufferx
luaL_loadfile
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushmodule
luaL_pushresult
luaL_ref
luaL_register
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_traceback
luaL_typerror
luaL_unref
luaL_where
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_copy
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_lessthan
lua_load
lua_loadx
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tointegerx
lua_tolstring
lua_tonumber
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yield
luaopen_base
luaopen_bit
luaopen_debug
luaopen_ffi
luaopen_io
luaopen_jit
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 479KB - Virtual size: 478KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lua51.exe
.exe windows:6 windows x86 arch:x86

Password: Riptide

d0264e200554ef617c521261fe8fe2a4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua51

lua_gettop
luaJIT_version_2_1_0_beta3
luaL_openlibs
luaL_traceback
luaL_newstate
luaL_loadbuffer
luaL_loadfile
luaL_where
luaL_callmeta
lua_sethook
lua_concat
lua_error
lua_gc
lua_cpcall
lua_pcall
lua_call
lua_rawseti
lua_setfield
lua_createtable
lua_rawgeti
lua_getfield
lua_gettable
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushstring
lua_pushlstring
lua_pushnil
lua_objlen
lua_tolstring
lua_toboolean
lua_type
lua_isstring
lua_insert
lua_remove
lua_pushvalue
lua_settop
lua_close

kernel32

TlsAlloc
DecodePointer
ReadConsoleW
ReadFile
WriteConsoleW
CreateFileW
CloseHandle
HeapReAlloc
HeapSize
SetFilePointerEx
GetProcessHeap
GetStringTypeW
SetStdHandle
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
LCMapStringW
CompareStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
SetConsoleCtrlHandler
GetStdHandle
WriteFile
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
GetACP
HeapFree
HeapAlloc

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: Riptide

Password: Riptide

9466a71df1d3a59794f8605626534abe

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 478KB

.rdata Size: 96KB - Virtual size: 96KB

.data Size: 3KB - Virtual size: 5KB

.reloc Size: 12KB - Virtual size: 12KB

Password: Riptide

d0264e200554ef617c521261fe8fe2a4

Headers

DLL Characteristics

File Characteristics

Imports

lua51

kernel32

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 2KB - Virtual size: 4KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 479KB - Virtual size: 478KB

.rdata
Size: 96KB - Virtual size: 96KB

.data
Size: 3KB - Virtual size: 5KB

.reloc
Size: 12KB - Virtual size: 12KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 4KB