Nexus-Roblox[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

Nexus-Roblox.zip
Size

6.7MB
MD5

3379d69cc0f4f659e9ddbe7489c340af
SHA1

1c5a761a156422fd2b54bc047a794f1cd9ed4995
SHA256

ac574eaf659c27c5b06ebe1cc4c125665c7219e1255f8e0ba7bbc61d5046b25c
SHA512

f11069f55ce297f25a19e3a18051b0f1788f8730dbc748ca2e1a545e75c61b8548f2fa41923ac41d51a3ea7e4d66beab222f37e7c670c610ca07a9cc43368c83
SSDEEP

196608:I3bPWRIsMj+csK9gh6BkfMTMV6dNC2v+sgSaD7zp3D3XIr:y5mcrClUMgd0WZ4Ir

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Nexus-Roblox/Nexus-Roblox.exe
unpack001/Nexus-Roblox/Serilog.dll
unpack001/Nexus-Roblox/zlib1.dll

Files

Nexus-Roblox.zip
.zip
Nexus-Roblox/DLLs/Language.pimx
Nexus-Roblox/DLLs/Main.ini
Nexus-Roblox/DLLs/Packaged/Main.ini
.xml
Nexus-Roblox/DLLs/Packaged/Resource.dll
Nexus-Roblox/DLLs/Packaged/Utils.dll
.xml
Nexus-Roblox/Nexus-Roblox.exe
.exe windows:6 windows x86 arch:x86

019ac8c6e24f80fb88de699b6749f599

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NO_ISOLATION
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateFileW
DecodePointer
DeleteCriticalSection
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetFileSize
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
GetUserDefaultLCID
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringEx
LCMapStringW
LeaveCriticalSection
LoadLibraryExW
MultiByteToWideChar
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseSRWLockExclusive
RtlUnwind
SetEnvironmentVariableW
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile

Sections

.text
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.BSS
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.BSS
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Nexus-Roblox/Serilog.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

/_/src/Serilog/obj/Release/netstandard2.1/Serilog.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nexus-Roblox/iconengines/qsvgicon.dll
.dll windows:6 windows x86 arch:x86

e2a8abb2f62e90497419fca861c4de3a

Code Sign

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-10-2020 00:00

Not After

31-12-2023 12:00

Subject

CN=The Qt Company Oy,O=The Qt Company Oy,L=Oulu,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:fa:ff:07:24:e0:f2:25:2e:bb:1c:11:51:43:4d:f3:2d:80:48:a6:5f:31:11:73:17:2d:9d:fa:a8:00:b6:48
Signer

Actual PE Digest

05:fa:ff:07:24:e0:f2:25:2e:bb:1c:11:51:43:4d:f3:2d:80:48:a6:5f:31:11:73:17:2d:9d:fa:a8:00:b6:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtsvg\plugins\iconengines\qsvgicon.pdb

Imports

qt5svg

?render@QSvgRenderer@@QAEXPAVQPainter@@@Z
?load@QSvgRenderer@@QAE_NABVQByteArray@@@Z
?load@QSvgRenderer@@QAE_NABVQString@@@Z
?defaultSize@QSvgRenderer@@QBE?AVQSize@@XZ
?isValid@QSvgRenderer@@QBE_NXZ
??1QSvgRenderer@@UAE@XZ
??0QSvgRenderer@@QAE@ABVQString@@PAVQObject@@@Z
??0QSvgRenderer@@QAE@PAVQObject@@@Z

qt5gui

?staticMetaObject@QGuiApplication@@2UQMetaObject@@B
?iconName@QIconEngine@@UBE?AVQString@@XZ
?availableSizes@QIconEngine@@UBE?AV?$QList@VQSize@@@@W4Mode@QIcon@@W4State@4@@Z
?instance@QGuiApplicationPrivate@@SAPAV1@XZ
?insert@QPixmapCache@@SA_NABVQString@@ABVQPixmap@@@Z
?find@QPixmapCache@@SA_NABVQString@@PAVQPixmap@@@Z
?drawPixmap@QPainter@@QAEXABVQRect@@ABVQPixmap@@@Z
?end@QPainter@@QAE_NXZ
?device@QPainter@@QBEPAVQPaintDevice@@XZ
?staticMetaObject@QIconEnginePlugin@@2UQMetaObject@@B
??0QPainter@@QAE@PAVQPaintDevice@@@Z
?virtual_hook@QIconEngine@@UAEXHPAX@Z
??1QIconEngine@@UAE@XZ
??0QIconEngine@@QAE@ABV0@@Z
??0QIconEngine@@QAE@XZ
??6@YAAAVQDataStream@@AAV0@ABVQPixmap@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQPixmap@@@Z
?fromImage@QPixmap@@SA?AV1@ABVQImage@@V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?size@QPixmap@@QBE?AVQSize@@XZ
??1QPainter@@QAE@XZ
?isNull@QPixmap@@QBE_NXZ
??4QPixmap@@QAEAAV0@$$QAV0@@Z
??4QPixmap@@QAEAAV0@ABV0@@Z
??1QPixmap@@UAE@XZ
??0QPixmap@@QAE@ABV0@@Z
??0QPixmap@@QAE@ABVQString@@PBDV?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
??0QPixmap@@QAE@XZ
?fill@QImage@@QAEXI@Z
??1QImage@@UAE@XZ
??0QImage@@QAE@ABVQSize@@W4Format@0@@Z
?devicePixelRatioF@QPaintDevice@@QBENXZ
??1QIconEnginePlugin@@UAE@XZ
??0QIconEnginePlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QIconEnginePlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QIconEnginePlugin@@UAEPAXPBD@Z

qt5core

?shared_null@QHashData@@2U1@B
?instance@QCoreApplication@@SAPAV1@XZ
?mimeTypeForFile@QMimeDatabase@@QBE?AVQMimeType@@ABVQFileInfo@@W4MatchMode@1@@Z
??1QMimeDatabase@@QAE@XZ
??0QMimeDatabase@@QAE@XZ
?name@QMimeType@@QBE?AVQString@@XZ
??1QMimeType@@QAE@XZ
?absoluteFilePath@QFileInfo@@QBE?AVQString@@XZ
??1QFileInfo@@QAE@XZ
??0QFileInfo@@QAE@ABVQString@@@Z
?open@QFile@@UAE_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QFile@@UAE@XZ
??0QFile@@QAE@ABVQString@@@Z
??6QDataStream@@QAEAAV0@H@Z
??5QDataStream@@QAEAAV0@AAH@Z
?resetStatus@QDataStream@@QAEXXZ
?setStatus@QDataStream@@QAEXW4Status@1@@Z
?status@QDataStream@@QBE?AW4Status@1@XZ
?atEnd@QDataStream@@QBE_NXZ
?isTransactionStarted@QIODevice@@QBE_NXZ
?isNull@QString@@QBE_NXZ
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
??0QChar@@QAE@UQLatin1Char@@@Z
??0QByteArray@@QAE@XZ
??0QByteArray@@QAE@ABV0@@Z
??1QByteArray@@QAE@XZ
??4QByteArray@@QAEAAV0@ABV0@@Z
??4QByteArray@@QAEAAV0@$$QAV0@@Z
?constData@QByteArray@@QBEPBDXZ
?qUncompress@@YA?AVQByteArray@@PBEH@Z
??6@YAAAVQDataStream@@AAV0@ABVQByteArray@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQByteArray@@@Z
?qCompress@@YA?AVQByteArray@@PBEHH@Z
??0QString@@QAE@XZ
??0QString@@QAE@VQLatin1String@@@Z
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
??4QString@@QAEAAV0@ABV0@@Z
?endsWith@QString@@QBE_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?append@QString@@QAEAAV1@VQChar@@@Z
?append@QString@@QAEAAV1@ABV1@@Z
?number@QString@@SA?AV1@HH@Z
?number@QString@@SA?AV1@_JH@Z
??8QString@@QBE_NVQLatin1String@@@Z
??6@YAAAVQDataStream@@AAV0@ABVQString@@@Z
??5@YAAAVQDataStream@@AAV0@AAVQString@@@Z
?scaled@QSize@@QBE?AV1@ABV1@W4AspectRatioMode@Qt@@@Z
??XQSize@@QAEAAV0@N@Z
?readAll@QIODevice@@QAE?AVQByteArray@@XZ
?allocateNode@QHashData@@QAEPAXH@Z
?detach_helper@QHashData@@QAEPAU1@P6AXPAUNode@1@PAX@ZP6AX0@ZHH@Z
?rehash@QHashData@@QAEXH@Z
?free_helper@QHashData@@QAEXP6AXPAUNode@1@@Z@Z
?nextNode@QHashData@@SAPAUNode@1@PAU21@@Z
?previousNode@QHashData@@SAPAUNode@1@PAU21@@Z
??0QSharedData@@QAE@XZ
??0QSharedData@@QAE@ABV0@@Z
?cast@QMetaObject@@QBEPAVQObject@@PAV2@@Z

kernel32

TerminateProcess
GetCurrentProcess
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
CloseHandle

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_seh_filter_dll

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 106B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nexus-Roblox/printsupport/windowsprintersupport.dll
.dll windows:6 windows x86 arch:x86

8f4eec0bfb7e1e145a4bd29b71584421

Code Sign

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

06-10-2020 00:00

Not After

31-12-2023 12:00

Subject

CN=The Qt Company Oy,O=The Qt Company Oy,L=Oulu,C=FI

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22-10-2013 12:00

Not After

22-10-2028 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-10-2019 00:00

Not After

17-10-2030 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07-01-2016 12:00

Not After

07-01-2031 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:f1:fd:7c:75:6f:84:a7:20:98:99:7f:56:e7:5c:b1:f0:1e:44:60:27:36:ac:7b:14:11:e0:71:f4:c3:e8:d2
Signer

Actual PE Digest

1f:f1:fd:7c:75:6f:84:a7:20:98:99:7f:56:e7:5c:b1:f0:1e:44:60:27:36:ac:7b:14:11:e0:71:f4:c3:e8:d2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\qt\work\qt\qtbase\plugins\printsupport\windowsprintersupport.pdb

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
ord203
GetPrinterW
OpenPrinterW
DeviceCapabilitiesW
EnumPrintersW

qt5printsupport

?staticMetaObject@QPlatformPrinterSupportPlugin@@2UQMetaObject@@B
?qt_metacast@QPlatformPrinterSupportPlugin@@UAEPAXPBD@Z
?supportedResolutions@QPlatformPrintDevice@@UBE?AV?$QList@H@@XZ
?supportedPageSizes@QPlatformPrintDevice@@UBE?AV?$QList@VQPageSize@@@@XZ
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@W4PageSizeId@2@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABVQString@@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABVQSizeF@@W4Unit@2@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABVQSize@@@Z
?supportedPageSize@QPlatformPrintDevice@@UBE?AVQPageSize@@ABV2@@Z
?supportedOutputBins@QPlatformPrintDevice@@UBE?AV?$QVector@UOutputBin@QPrint@@@@XZ
?supportedMimeTypes@QPlatformPrintDevice@@UBE?AV?$QList@VQMimeType@@@@XZ
?supportedInputSlots@QPlatformPrintDevice@@UBE?AV?$QVector@UInputSlot@QPrint@@@@XZ
?supportedDuplexModes@QPlatformPrintDevice@@UBE?AV?$QVector@W4DuplexMode@QPrint@@@@XZ
?supportedColorModes@QPlatformPrintDevice@@UBE?AV?$QVector@W4ColorMode@QPrint@@@@XZ
?setProperty@QPlatformPrintDevice@@UAE_NW4PrintDevicePropertyKey@QPrintDevice@@ABVQVariant@@@Z
?property@QPlatformPrintDevice@@UBE?AVQVariant@@W4PrintDevicePropertyKey@QPrintDevice@@@Z
?name@QPlatformPrintDevice@@UBE?AVQString@@XZ
?makeAndModel@QPlatformPrintDevice@@UBE?AVQString@@XZ
?location@QPlatformPrintDevice@@UBE?AVQString@@XZ
?loadMimeTypes@QPlatformPrintDevice@@MBEXXZ
?isValidPageLayout@QPlatformPrintDevice@@UBE_NABVQPageLayout@@H@Z
?isRemote@QPlatformPrintDevice@@UBE_NXZ
?isFeatureAvailable@QPlatformPrintDevice@@UBE_NW4PrintDevicePropertyKey@QPrintDevice@@ABVQVariant@@@Z
?id@QPlatformPrintDevice@@UBE?AVQString@@XZ
?createPageSize@QPlatformPrintDevice@@SA?AVQPageSize@@HABVQSize@@ABVQString@@@Z
?defaultOutputBin@QPlatformPrintDevice@@UBE?AUOutputBin@QPrint@@XZ
?defaultInputSlot@QPlatformPrintDevice@@UBE?AUInputSlot@QPrint@@XZ
??1QPlatformPrintDevice@@UAE@XZ
??0QPlatformPrintDevice@@QAE@ABVQString@@@Z
?updateState@QWin32PrintEngine@@UAEXABVQPaintEngineState@@@Z
?type@QWin32PrintEngine@@UBE?AW4Type@QPaintEngine@@XZ
?setProperty@QWin32PrintEngine@@UAEXW4PrintEnginePropertyKey@QPrintEngine@@ABVQVariant@@@Z
?property@QWin32PrintEngine@@UBE?AVQVariant@@W4PrintEnginePropertyKey@QPrintEngine@@@Z
?printerState@QWin32PrintEngine@@UBE?AW4PrinterState@QPrinter@@XZ
?newPage@QWin32PrintEngine@@UAE_NXZ
?metric@QWin32PrintEngine@@UBEHW4PaintDeviceMetric@QPaintDevice@@@Z
?end@QWin32PrintEngine@@UAE_NXZ
?drawTiledPixmap@QWin32PrintEngine@@UAEXABVQRectF@@ABVQPixmap@@ABVQPointF@@@Z
?drawTextItem@QWin32PrintEngine@@UAEXABVQPointF@@ABVQTextItem@@@Z
?drawPolygon@QWin32PrintEngine@@UAEXPBVQPointF@@HW4PolygonDrawMode@QPaintEngine@@@Z
?drawPixmap@QWin32PrintEngine@@UAEXABVQRectF@@ABVQPixmap@@0@Z
?drawPath@QWin32PrintEngine@@UAEXABVQPainterPath@@@Z
?begin@QWin32PrintEngine@@UAE_NPAVQPaintDevice@@@Z
?abort@QWin32PrintEngine@@UAE_NXZ
??1QWin32PrintEngine@@UAE@XZ
??0QWin32PrintEngine@@QAE@W4PrinterMode@QPrinter@@ABVQString@@@Z
?createPrintDevice@QPlatformPrinterSupport@@KA?AVQPrintDevice@@PAVQPlatformPrintDevice@@@Z
??1QPlatformPrinterSupport@@UAE@XZ
??0QPlatformPrinterSupport@@QAE@XZ
??1QPlatformPrinterSupportPlugin@@UAE@XZ
??0QPlatformPrinterSupportPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QPlatformPrinterSupportPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z

qt5gui

?drawPoints@QPaintEngine@@UAEXPBVQPoint@@H@Z
?drawPoints@QPaintEngine@@UAEXPBVQPointF@@H@Z
?drawPolygon@QPaintEngine@@UAEXPBVQPoint@@HW4PolygonDrawMode@1@@Z
?drawRects@QPaintEngine@@UAEXPBVQRect@@H@Z
?drawRects@QPaintEngine@@UAEXPBVQRectF@@H@Z
??0QPageSize@@QAE@XZ
??0QPageSize@@QAE@ABV0@@Z
??4QPageSize@@QAEAAV0@ABV0@@Z
?drawLines@QPaintEngine@@UAEXPBVQLineF@@H@Z
?id@QPageSize@@QBE?AW4PageSizeId@1@XZ
?windowsId@QPageSize@@QBEHXZ
?size@QPageSize@@QBE?AVQSizeF@@W4Unit@1@@Z
?qt_pointMultiplier@@YANW4Unit@QPageLayout@@@Z
?drawImage@QPaintEngine@@UAEXABVQRectF@@ABVQImage@@0V?$QFlags@W4ImageConversionFlag@Qt@@@@@Z
?drawEllipse@QPaintEngine@@UAEXABVQRectF@@@Z
?drawEllipse@QPaintEngine@@UAEXABVQRect@@@Z
?coordinateOffset@QPaintEngine@@UBE?AVQPoint@@XZ
??1QPageSize@@QAE@XZ
?drawLines@QPaintEngine@@UAEXPBVQLine@@H@Z

qt5core

?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?shared_null@QListData@@2UData@1@B
?QStringList_contains@QtPrivate@@YA_NPBVQStringList@@ABVQString@@W4CaseSensitivity@Qt@@@Z
?append@QListData@@QAEPAPAXXZ
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?detach@QListData@@QAEPAUData@1@H@Z
??8@YA_NABVQString@@0@Z
?fromWCharArray@QString@@SA?AV1@PB_WH@Z
?utf16@QString@@QBEPBGXZ
??4QString@@QAEAAV0@$$QAV0@@Z
??0QString@@QAE@$$QAV0@@Z
??4QString@@QAEAAV0@ABV0@@Z
??0QString@@QAE@ABV0@@Z
??0QString@@QAE@XZ
?constData@QByteArray@@QBEPBDXZ
??0QByteArray@@QAE@$$QAV0@@Z
??4QByteArray@@QAEAAV0@PBD@Z
??4QByteArray@@QAEAAV0@ABV0@@Z
??1QByteArray@@QAE@XZ
??0QByteArray@@QAE@ABV0@@Z
??0QByteArray@@QAE@XZ
?sharedNull@QArrayData@@SAPAU1@XZ
?deallocate@QArrayData@@SAXPAU1@II@Z
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?dispose@QListData@@SAXPAUData@1@@Z
??1QString@@QAE@XZ
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?compare@QString@@QBEHVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z

gdi32

CreateDCW
DeleteDC
ResetDCW
GetDeviceCaps

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetCurrentProcess
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
GetLastError
InitializeSListHead
TerminateProcess
GetProcAddress

vcruntime140

_except_handler4_common
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_crt_atexit
_cexit
_initterm
_initterm_e
_register_onexit_function

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 138B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Nexus-Roblox/qt_de.qm
Nexus-Roblox/qt_hu.qm
Nexus-Roblox/qt_it.qm
Nexus-Roblox/qt_ja.qm
Nexus-Roblox/skins/Default/Default.rcc
Nexus-Roblox/skins/Default/config.ini
Nexus-Roblox/skins/Default/desktop.png
.png
Nexus-Roblox/skins/Default/preview.png
.png
Nexus-Roblox/zlib1.dll
.dll windows:4 windows x64 arch:x64

0362b276bf74944aaf0d04f3240210cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
GetCurrentProcess
GetLastError
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_close
_errno
_initterm
_lock
_lseeki64
_open
_read
_unlock
_wopen
_write
abort
calloc
fputc
free
fwrite
localeconv
malloc
memchr
memcpy
memmove
memset
realloc
strerror
strlen
strncmp
vfprintf
wcslen
wcstombs

Exports

Exports

_dist_code
_length_code
_tr_align
_tr_flush_bits
_tr_flush_block
_tr_init
_tr_stored_block
_tr_tally
adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_combine_gen
crc32_combine_gen64
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
deflate_copyright
get_crc_table
gz_error
gz_intmax
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
inflate_copyright
inflate_fast
inflate_table
uncompress
uncompress2
zError
z_errmsg
zcalloc
zcfree
zlibCompileFlags
zlibVersion

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

019ac8c6e24f80fb88de699b6749f599

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Sections

.text Size: 146KB - Virtual size: 145KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 5KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 232B

.reloc Size: 7KB - Virtual size: 6KB

.BSS Size: 300KB - Virtual size: 300KB

.BSS Size: 300KB - Virtual size: 300KB

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 122KB - Virtual size: 122KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

e2a8abb2f62e90497419fca861c4de3a

Code Sign

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

05:fa:ff:07:24:e0:f2:25:2e:bb:1c:11:51:43:4d:f3:2d:80:48:a6:5f:31:11:73:17:2d:9d:fa:a8:00:b6:48Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

qt5svg

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 512B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 106B

.rsrc Size: 1024B - Virtual size: 840B

.reloc Size: 1KB - Virtual size: 1KB

8f4eec0bfb7e1e145a4bd29b71584421

Code Sign

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

.text
Size: 146KB - Virtual size: 145KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 5KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 232B

.reloc
Size: 7KB - Virtual size: 6KB

.BSS
Size: 300KB - Virtual size: 300KB

.BSS
Size: 300KB - Virtual size: 300KB

.text
Size: 122KB - Virtual size: 122KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

05:fa:ff:07:24:e0:f2:25:2e:bb:1c:11:51:43:4d:f3:2d:80:48:a6:5f:31:11:73:17:2d:9d:fa:a8:00:b6:48
Signer

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 512B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 106B

.rsrc
Size: 1024B - Virtual size: 840B

.reloc
Size: 1KB - Virtual size: 1KB

07:e2:ef:84:3d:0d:6f:58:cb:bb:06:e3:e8:b3:d3:20
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

1f:f1:fd:7c:75:6f:84:a7:20:98:99:7f:56:e7:5c:b1:f0:1e:44:60:27:36:ac:7b:14:11:e0:71:f4:c3:e8:d2
Signer

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 138B

.rsrc
Size: 1024B - Virtual size: 864B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 512B - Virtual size: 176B

.rdata
Size: 23KB - Virtual size: 22KB

.pdata
Size: 3KB - Virtual size: 2KB

.xdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 2KB - Virtual size: 2KB

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 192B