Nursultan[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Nursultan.exe
Size

17.9MB
MD5

f91f4f077c945ddeb4401105d0b16ec9
SHA1

53ad2ca47a12f4c69456af2c0cb08bb209d5a652
SHA256

9dd1804a760db245805aefd962489eab166db1f9eb9305a5ace44ef2f26dede3
SHA512

04ede74e434ebe3b11f49f0a08d92fe6bdab170031e6b1d00f2692b462d18b3a35c4b8deaec0055f45cf2b93d69c7dd35299934d5e69860c9eb9005015d667bd
SSDEEP

393216:8CJhgtuuVDahhQNc9IBimzkJrYt+6GGjiRuWS:8qhgRVWhhMPBiMkJBjCEuZ

Score

1^/10

Malware Config

Signatures

Files

Nursultan.exe
.exe windows:6 windows x64 arch:x64

72312fcd642542e68588986618bd5844

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4b:e6:74:6a:41:b0:86:88:2f:41:22:19
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/12/2023, 08:01

Not After

26/02/2025, 13:03

Subject

CN=IP Kayukin Gleb Anatolievich,O=IP Kayukin Gleb Anatolievich,L=Izhevsk,ST=Udmurt Republic,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

07/11/2023, 17:13

Not After

09/12/2034, 17:13

Subject

CN=Globalsign TSA for CodeSign1 - R6 - 202311,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10/12/2014, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:88:6c:1a:ec:dc:35:44:be:cb:34:16:52:47:5f:ff:9e:a1:58:b0:ba:dc:1a:f2:5f:53:a2:a9:2b:cc:b3:54
Signer

Actual PE Digest

b0:88:6c:1a:ec:dc:35:44:be:cb:34:16:52:47:5f:ff:9e:a1:58:b0:ba:dc:1a:f2:5f:53:a2:a9:2b:cc:b3:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dbghelp

SymGetModuleInfo64

version

GetFileVersionInfoSizeA

dwmapi

DwmExtendFrameIntoClientArea

urlmon

URLDownloadToFileW

dxgi

CreateDXGIFactory

ntdll

RtlVerifyVersionInfo

bcrypt

BCryptGenRandom

ws2_32

__WSAFDIsSet

advapi32

GetUserNameW

crypt32

CertOpenStore

kernel32

CreateThread

user32

EnumDisplayMonitors

gdi32

GetDeviceCaps

shell32

ShellExecuteExW

ole32

CoInitializeEx

mswsock

AcceptEx

Sections

.text
Size: - Virtual size: 4.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.:as
Size: - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.2ux
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.dg'
Size: 17.7MB - Virtual size: 17.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

72312fcd642542e68588986618bd5844

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6aCertificate

Key Usages

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

4b:e6:74:6a:41:b0:86:88:2f:41:22:19Certificate

Extended Key Usages

Key Usages

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16Certificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate

Key Usages

b0:88:6c:1a:ec:dc:35:44:be:cb:34:16:52:47:5f:ff:9e:a1:58:b0:ba:dc:1a:f2:5f:53:a2:a9:2b:cc:b3:54Signer

Headers

DLL Characteristics

File Characteristics

Imports

dbghelp

version

dwmapi

urlmon

dxgi

ntdll

bcrypt

ws2_32

advapi32

crypt32

kernel32

user32

gdi32

shell32

ole32

mswsock

Sections

.text Size: - Virtual size: 4.6MB

.rdata Size: - Virtual size: 1.5MB

.data Size: - Virtual size: 97KB

.pdata Size: - Virtual size: 191KB

.:as Size: - Virtual size: 9.6MB

.2ux Size: 512B - Virtual size: 336B

.dg' Size: 17.7MB - Virtual size: 17.7MB

.rsrc Size: 109KB - Virtual size: 108KB

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

4b:e6:74:6a:41:b0:86:88:2f:41:22:19
Certificate

01:9b:ea:de:c8:4d:6b:8f:f7:6c:3a:9f:2e:01:24:16
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

b0:88:6c:1a:ec:dc:35:44:be:cb:34:16:52:47:5f:ff:9e:a1:58:b0:ba:dc:1a:f2:5f:53:a2:a9:2b:cc:b3:54
Signer

.text
Size: - Virtual size: 4.6MB

.rdata
Size: - Virtual size: 1.5MB

.data
Size: - Virtual size: 97KB

.pdata
Size: - Virtual size: 191KB

.:as
Size: - Virtual size: 9.6MB

.2ux
Size: 512B - Virtual size: 336B

.dg'
Size: 17.7MB - Virtual size: 17.7MB

.rsrc
Size: 109KB - Virtual size: 108KB