Nezur.exe
First submission 2024-09-02 19:39:02
Last sumbission 2024-09-02 19:40:02
File details
File type: | PE32+ executable (console) x86-64, for MS Windows |
Mime type: | application/x-dosexec |
File size: | 2183.0 KB (2235392 bytes) |
Compile time: | 2024-02-26 01:38:43 |
MD5: | d6f133dee71ed4c119a2d2aaf4cf3a69 |
SHA1: | d31a9b77e1eb1308c6c686e7b1715999ad18019b |
SHA256: | 3c1ada57fbbe1a5fe4e56ab89545f9c38b888676ef303ffb2934d289937af83d |
Import Hash : | fcb66291bbc92600bc2c5e74df51cd00 |
Sections 6 | .text .rdata .data .pdata .rsrc .reloc |
Directories 5 | import resource debug tls relocation |
File features detected
Anti VM
Signed
XOR
OSINT Enrichments
Virus Total: | 45/79 VT report date: 2024-09-02 19:13:51 |
Malware Type 2 | trojan pua |
Threat Type 3 | tedy gamehack filerepmalware |
URLs, FQDN and IP indicators 1
PE Sections 0 suspicious
Name | VAddress | VSize | Size | SHA1 | MD5 | Suspicious |
---|---|---|---|---|---|---|
.text | 0x1000 | 0x17f2c3 | 1569792 | 84195d271684b0889e5f4c56ae219ed0b9566718 | c55fe6591ee0601c761a1fb23f0a2aa0 | |
.rdata | 0x181000 | 0x92074 | 598528 | dc4aa4b08a8f97ee56a078b1cbf2e3444b8464bb | 8cde604d1a99109865a83a7b2622b661 | |
.data | 0x214000 | 0x6da0 | 7680 | 4f45e903207a2b80b17f1c2afdfb003d1788e785 | d66c101a81a6ea57343f851d6b0d202a | |
.pdata | 0x21b000 | 0x9e58 | 40960 | 7777ebb6f282cfcf2d1848867c1a914c7ddccac0 | 4b168a773c22f104ad1fe0854e203eb8 | |
.rsrc | 0x225000 | 0x3588 | 13824 | 5729ffcd2b69bf349f01ce2c1526b49ee9a1c5ef | 4b7ca7c99d0700962c4278be02234d17 | |
.reloc | 0x229000 | 0xc50 | 3584 | c5818ca8b6e784c9da8d9dbd844c5b957bb89551 | e6d782474263987363b9232a30319c14 |
PE Resources 3
Name | Language | Sublanguage | Offset | Size | Data |
---|---|---|---|---|---|
RT_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x227340 | 4264 | |
RT_GROUP_ICON | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x227328 | 20 | |
RT_MANIFEST | LANG_ENGLISH | SUBLANG_ENGLISH_US | 0x228400 | 392 |
Packers detected 1
Microsoft Visual C++ 8.0 (DLL) |
Anti debug functions 8
FindWindowA |
GetLastError |
IsDebuggerPresent |
IsProcessorFeaturePresent |
Process32First |
Process32Next |
TerminateProcess |
UnhandledExceptionFilter |
Strings analysis - File found
Temporary |
%s%s.tmp |
Text |
imgui_log.txt |
Library |
KERNEL32.dll |
api-ms-win-crt-utility-l1-1-0.dll |
ADVAPI32.dll |
bcrypt.dll |
secur32.dll |
dwmapi.dll |
api-ms-win-crt-filesystem-l1-1-0.dll |
d3dcompiler_47.dll |
WLDAP32.dll |
SHELL32.dll |
WS2_32.dll |
ntdll.dll |
api-ms-win-crt-string-l1-1-0.dll |
normaliz.dll |
xinput1_2.dll |
d3d11.dll |
api-ms-win-crt-time-l1-1-0.dll |
VCRUNTIME140_1.dll |
IMM32.dll |
security.dll |
dbghelp.dll |
api-ms-win-crt-environment-l1-1-0.dll |
Crypt32.dll |
USER32.dll |
xinput9_1_0.dll |
xinput1_1.dll |
api-ms-win-crt-math-l1-1-0.dll |
api-ms-win-crt-locale-l1-1-0.dll |
api-ms-win-crt-runtime-l1-1-0.dll |
api-ms-win-crt-convert-l1-1-0.dll |
msvcp140.dll |
api-ms-win-crt-heap-l1-1-0.dll |
xinput1_3.dll |
api-ms-win-crt-stdio-l1-1-0.dll |
IPHLPAPI.DLL |
vcruntime140.dll |
ixinput1_4.dll |
hal.dll |
Strings analysis - Possible IPs found 26
127.0.0.1 |
2.5.4.8 |
2.5.4.9 |
2.5.4.6 |
2.5.4.7 |
2.5.4.4 |
2.5.4.5 |
2.5.4.3 |
2.5.4.72 |
2.5.4.10 |
2.5.4.11 |
2.5.4.12 |
2.5.4.13 |
2.5.4.17 |
1.3.14.3 |
2.5.4.45 |
101.3.4.2 |
2.5.4.44 |
2.5.4.65 |
2.5.29.17 |
2.5.4.46 |
2.5.29.18 |
2.5.29.19 |
2.5.4.43 |
2.5.4.42 |
2.5.4.41 |
Strings analysis - Possible URLs found 19
https://www.verisign.com/cps0 |
http://crl.verisign.com/pca3.crl0) |
http://crl.microsoft.com/pki/crl/products/MicrosoftCodeVerifRoot.crl0 |
https://curl.se/docs/http-cookies.html |
http://crl.verisign.com/ThawteTimestampingCA.crl0 |
http://ocsp.verisign.com0 |
https://www.verisign.com/rpa |
http://csc3-2009-2-aia.verisign.com/CSC3-2009-2.cer0 |
http://csc3-2009-2-crl.verisign.com/CSC3-2009-2.crl0D |
http://logo.verisign.com/vslogo.gif0 |
https://www.verisign.com/rpa0 |
https://curl.se/docs/alt-svc.html |
file://%s%s%s |
http://ocsp.verisign.com01 |
file:// |
http://ocsp.verisign.com0? |
http://crl.verisign.com/tss-ca.crl0 |
https://curl.se/docs/hsts.html |
https://github.com/dharma |
Import functions
dbghelp.dll 3
MSVCP140.dll 63
CRYPT32.dll 16
KERNEL32.dll 93
dwmapi.dll 1
ntdll.dll 6
api-ms-win-crt-locale-l1-1-0.dll 3
api-ms-win-crt-filesystem-l1-1-0.dll 6
bcrypt.dll 1
api-ms-win-crt-math-l1-1-0.dll 11
api-ms-win-crt-utility-l1-1-0.dll 2
VCRUNTIME140.dll 15
USER32.dll 44
IMM32.dll 4
api-ms-win-crt-string-l1-1-0.dll 9
VCRUNTIME140_1.dll 1
api-ms-win-crt-runtime-l1-1-0.dll 24
d3d11.dll 1
api-ms-win-crt-convert-l1-1-0.dll 8
SHELL32.dll 2
api-ms-win-crt-stdio-l1-1-0.dll 33
api-ms-win-crt-environment-l1-1-0.dll 1
api-ms-win-crt-time-l1-1-0.dll 3
WLDAP32.dll 18
api-ms-win-crt-heap-l1-1-0.dll 6
D3DCOMPILER_47.dll 1
ADVAPI32.dll 28
WS2_32.dll 34
Normaliz.dll 2