Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- [*] MalFamily: ""
- [*] MalScore: 3.5
- [*] File Name: "NanoCore_bb320a8163c8343ed560bb91f310ede7.exe"
- [*] File Size: 548864
- [*] File Type: "PE32 executable (GUI) Intel 80386, for MS Windows"
- [*] SHA256: "df4869d77a6f7f4f8bd88b5a8ad9ce1541aaceee54f0e473a9310c634d951b1a"
- [*] MD5: "bb320a8163c8343ed560bb91f310ede7"
- [*] SHA1: "9602c61fef634982cff89a74070c1a68bece474c"
- [*] SHA512: "e673bec9b8b8ff2dd8acf6dde869d8e516c127ef5fb79e1289a13372891c90f50841c158d38b65cb58024c94852b67a504c3eee636bef36a8902495159ded01d"
- [*] CRC32: "433C964F"
- [*] SSDEEP: "12288:8dD6GALJg1grqtopJQawZaNnTvdLFuekP:8VA9/rqtoJQa9NTFRx"
- [*] Process Execution: [
- "NanoCore_bb320a8163c8343ed560bb91f310ede7.exe"
- ]
- [*] Signatures Detected: [
- {
- "Description": "Creates RWX memory",
- "Details": []
- },
- {
- "Description": "The binary likely contains encrypted or compressed data.",
- "Details": [
- {
- "section": "name: .text, entropy: 7.08, characteristics: IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ, raw_size: 0x0007d000, virtual_size: 0x0007c83c"
- }
- ]
- },
- {
- "Description": "Attempts to repeatedly call a single API many times in order to delay analysis time",
- "Details": [
- {
- "Spam": "NanoCore_bb320a8163c8343ed560bb91f310ede7.exe (2416) called API CreateProcessInternalW 44491 times"
- }
- ]
- }
- ]
- [*] Started Service: []
- [*] Executed Commands: [
- "\\x01C:\\Users\\user\\AppData\\Local\\Temp\\NanoCore_bb320a8163c8343ed560bb91f310ede7.exe\""
- ]
- [*] Mutexes: [
- "CicLoadWinStaWinSta0",
- "Local\\MSCTF.CtfMonitorInstMutexDefault1"
- ]
- [*] Modified Files: []
- [*] Deleted Files: []
- [*] Modified Registry Keys: []
- [*] Deleted Registry Keys: []
- [*] DNS Communications: []
- [*] Domains: []
- [*] Network Communication - ICMP: []
- [*] Network Communication - HTTP: []
- [*] Network Communication - SMTP: []
- [*] Network Communication - Hosts: []
- [*] Network Communication - IRC: []
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "MethCallEngine",
- "address": "0x401000"
- },
- {
- "name": null,
- "address": "0x401004"
- },
- {
- "name": null,
- "address": "0x401008"
- },
- {
- "name": null,
- "address": "0x40100c"
- },
- {
- "name": null,
- "address": "0x401010"
- },
- {
- "name": null,
- "address": "0x401014"
- },
- {
- "name": null,
- "address": "0x401018"
- },
- {
- "name": null,
- "address": "0x40101c"
- },
- {
- "name": null,
- "address": "0x401020"
- },
- {
- "name": null,
- "address": "0x401024"
- },
- {
- "name": null,
- "address": "0x401028"
- },
- {
- "name": null,
- "address": "0x40102c"
- },
- {
- "name": null,
- "address": "0x401030"
- },
- {
- "name": "EVENT_SINK_AddRef",
- "address": "0x401034"
- },
- {
- "name": null,
- "address": "0x401038"
- },
- {
- "name": null,
- "address": "0x40103c"
- },
- {
- "name": null,
- "address": "0x401040"
- },
- {
- "name": null,
- "address": "0x401044"
- },
- {
- "name": null,
- "address": "0x401048"
- },
- {
- "name": "EVENT_SINK_Release",
- "address": "0x40104c"
- },
- {
- "name": null,
- "address": "0x401050"
- },
- {
- "name": "EVENT_SINK_QueryInterface",
- "address": "0x401054"
- },
- {
- "name": "__vbaExceptHandler",
- "address": "0x401058"
- },
- {
- "name": null,
- "address": "0x40105c"
- },
- {
- "name": null,
- "address": "0x401060"
- },
- {
- "name": null,
- "address": "0x401064"
- },
- {
- "name": null,
- "address": "0x401068"
- },
- {
- "name": null,
- "address": "0x40106c"
- },
- {
- "name": null,
- "address": "0x401070"
- },
- {
- "name": null,
- "address": "0x401074"
- },
- {
- "name": null,
- "address": "0x401078"
- },
- {
- "name": null,
- "address": "0x40107c"
- },
- {
- "name": null,
- "address": "0x401080"
- },
- {
- "name": null,
- "address": "0x401084"
- },
- {
- "name": null,
- "address": "0x401088"
- },
- {
- "name": null,
- "address": "0x40108c"
- },
- {
- "name": null,
- "address": "0x401090"
- },
- {
- "name": null,
- "address": "0x401094"
- },
- {
- "name": null,
- "address": "0x401098"
- },
- {
- "name": null,
- "address": "0x40109c"
- }
- ],
- "dll": "MSVBVM60.DLL"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0008f78b",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0008f78b",
- "icon_hash": null,
- "entrypoint": "0x004011a0",
- "timestamp": "2009-08-19 15:24:29",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0007d000",
- "entropy": "7.08",
- "raw_address": "0x00001000",
- "virtual_size": "0x0007c83c",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0007e000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00003678",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00082000",
- "size_of_data": "0x00008000",
- "entropy": "4.49",
- "raw_address": "0x0007e000",
- "virtual_size": "0x00007300",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007d6f4",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00082000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00007300"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000220",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000020"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000000a4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "bc32e3d6e1e656c56bfb10376fc9519a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
- [*] Resolved APIs: [
- "cryptbase.dll.SystemFunction036",
- "uxtheme.dll.ThemeInitApiHook",
- "user32.dll.IsProcessDPIAware",
- "oleaut32.dll.OleLoadPictureEx",
- "oleaut32.dll.DispCallFunc",
- "oleaut32.dll.LoadTypeLibEx",
- "oleaut32.dll.UnRegisterTypeLib",
- "oleaut32.dll.CreateTypeLib2",
- "oleaut32.dll.VarDateFromUdate",
- "oleaut32.dll.VarUdateFromDate",
- "oleaut32.dll.GetAltMonthNames",
- "oleaut32.dll.VarNumFromParseNum",
- "oleaut32.dll.VarParseNumFromStr",
- "oleaut32.dll.VarDecFromR4",
- "oleaut32.dll.VarDecFromR8",
- "oleaut32.dll.VarDecFromDate",
- "oleaut32.dll.VarDecFromI4",
- "oleaut32.dll.VarDecFromCy",
- "oleaut32.dll.VarR4FromDec",
- "oleaut32.dll.GetRecordInfoFromTypeInfo",
- "oleaut32.dll.GetRecordInfoFromGuids",
- "oleaut32.dll.SafeArrayGetRecordInfo",
- "oleaut32.dll.SafeArraySetRecordInfo",
- "oleaut32.dll.SafeArrayGetIID",
- "oleaut32.dll.SafeArraySetIID",
- "oleaut32.dll.SafeArrayCopyData",
- "oleaut32.dll.SafeArrayAllocDescriptorEx",
- "oleaut32.dll.SafeArrayCreateEx",
- "oleaut32.dll.VarFormat",
- "oleaut32.dll.VarFormatDateTime",
- "oleaut32.dll.VarFormatNumber",
- "oleaut32.dll.VarFormatPercent",
- "oleaut32.dll.VarFormatCurrency",
- "oleaut32.dll.VarWeekdayName",
- "oleaut32.dll.VarMonthName",
- "oleaut32.dll.VarAdd",
- "oleaut32.dll.VarAnd",
- "oleaut32.dll.VarCat",
- "oleaut32.dll.VarDiv",
- "oleaut32.dll.VarEqv",
- "oleaut32.dll.VarIdiv",
- "oleaut32.dll.VarImp",
- "oleaut32.dll.VarMod",
- "oleaut32.dll.VarMul",
- "oleaut32.dll.VarOr",
- "oleaut32.dll.VarPow",
- "oleaut32.dll.VarSub",
- "oleaut32.dll.VarXor",
- "oleaut32.dll.VarAbs",
- "oleaut32.dll.VarFix",
- "oleaut32.dll.VarInt",
- "oleaut32.dll.VarNeg",
- "oleaut32.dll.VarNot",
- "oleaut32.dll.VarRound",
- "oleaut32.dll.VarCmp",
- "oleaut32.dll.VarDecAdd",
- "oleaut32.dll.VarDecCmp",
- "oleaut32.dll.VarBstrCat",
- "oleaut32.dll.VarCyMulI4",
- "oleaut32.dll.VarBstrCmp",
- "ole32.dll.CoCreateInstanceEx",
- "ole32.dll.CLSIDFromProgIDEx",
- "sxs.dll.SxsOleAut32MapIIDOrCLSIDToTypeLibrary",
- "user32.dll.GetSystemMetrics",
- "user32.dll.MonitorFromWindow",
- "user32.dll.MonitorFromRect",
- "user32.dll.MonitorFromPoint",
- "user32.dll.EnumDisplayMonitors",
- "user32.dll.GetMonitorInfoA",
- "dwmapi.dll.DwmIsCompositionEnabled",
- "gdi32.dll.GetLayout",
- "gdi32.dll.GdiRealizationInfo",
- "gdi32.dll.FontIsLinked",
- "advapi32.dll.RegOpenKeyExW",
- "advapi32.dll.RegQueryInfoKeyW",
- "gdi32.dll.GetTextFaceAliasW",
- "advapi32.dll.RegEnumValueW",
- "advapi32.dll.RegCloseKey",
- "advapi32.dll.RegQueryValueExW",
- "gdi32.dll.GetFontAssocStatus",
- "advapi32.dll.RegQueryValueExA",
- "advapi32.dll.RegEnumKeyExW",
- "gdi32.dll.GdiIsMetaPrintDC",
- "ole32.dll.CoInitializeEx",
- "ole32.dll.CoUninitialize",
- "ole32.dll.CoRegisterInitializeSpy",
- "ole32.dll.CoRevokeInitializeSpy",
- "gdi32.dll.GetTextExtentExPointWPri",
- "kernel32.dll.NlsGetCacheUpdateCount",
- "kernel32.dll.GetCalendarInfoW",
- "kernel32.dll.GetTickCount",
- "kernel32.dll.Sleep",
- "user32.dll.GetCursorPos",
- "user32.dll.EnumWindows",
- "kernel32.dll.SetErrorMode",
- "kernel32.dll.SetLastError",
- "kernel32.dll.VirtualAllocEx",
- "kernel32.dll.CloseHandle",
- "shell32.dll.ShellExecuteW",
- "kernel32.dll.WriteFile",
- "kernel32.dll.UnmapViewOfFile",
- "kernel32.dll.CreateFileW",
- "kernel32.dll.TerminateProcess",
- "kernel32.dll.VirtualProtectEx",
- "kernel32.dll.CreateProcessInternalW",
- "kernel32.dll.GetTempPathW",
- "kernel32.dll.GetLongPathNameW",
- "kernel32.dll.GetFileSize",
- "kernel32.dll.ReadFile",
- "ntdll.dll.NtProtectVirtualMemory",
- "kernel32.dll.GetCommandLineW"
- ]
- [*] Static Analysis: {
- "pe": {
- "peid_signatures": null,
- "imports": [
- {
- "imports": [
- {
- "name": "MethCallEngine",
- "address": "0x401000"
- },
- {
- "name": null,
- "address": "0x401004"
- },
- {
- "name": null,
- "address": "0x401008"
- },
- {
- "name": null,
- "address": "0x40100c"
- },
- {
- "name": null,
- "address": "0x401010"
- },
- {
- "name": null,
- "address": "0x401014"
- },
- {
- "name": null,
- "address": "0x401018"
- },
- {
- "name": null,
- "address": "0x40101c"
- },
- {
- "name": null,
- "address": "0x401020"
- },
- {
- "name": null,
- "address": "0x401024"
- },
- {
- "name": null,
- "address": "0x401028"
- },
- {
- "name": null,
- "address": "0x40102c"
- },
- {
- "name": null,
- "address": "0x401030"
- },
- {
- "name": "EVENT_SINK_AddRef",
- "address": "0x401034"
- },
- {
- "name": null,
- "address": "0x401038"
- },
- {
- "name": null,
- "address": "0x40103c"
- },
- {
- "name": null,
- "address": "0x401040"
- },
- {
- "name": null,
- "address": "0x401044"
- },
- {
- "name": null,
- "address": "0x401048"
- },
- {
- "name": "EVENT_SINK_Release",
- "address": "0x40104c"
- },
- {
- "name": null,
- "address": "0x401050"
- },
- {
- "name": "EVENT_SINK_QueryInterface",
- "address": "0x401054"
- },
- {
- "name": "__vbaExceptHandler",
- "address": "0x401058"
- },
- {
- "name": null,
- "address": "0x40105c"
- },
- {
- "name": null,
- "address": "0x401060"
- },
- {
- "name": null,
- "address": "0x401064"
- },
- {
- "name": null,
- "address": "0x401068"
- },
- {
- "name": null,
- "address": "0x40106c"
- },
- {
- "name": null,
- "address": "0x401070"
- },
- {
- "name": null,
- "address": "0x401074"
- },
- {
- "name": null,
- "address": "0x401078"
- },
- {
- "name": null,
- "address": "0x40107c"
- },
- {
- "name": null,
- "address": "0x401080"
- },
- {
- "name": null,
- "address": "0x401084"
- },
- {
- "name": null,
- "address": "0x401088"
- },
- {
- "name": null,
- "address": "0x40108c"
- },
- {
- "name": null,
- "address": "0x401090"
- },
- {
- "name": null,
- "address": "0x401094"
- },
- {
- "name": null,
- "address": "0x401098"
- },
- {
- "name": null,
- "address": "0x40109c"
- }
- ],
- "dll": "MSVBVM60.DLL"
- }
- ],
- "digital_signers": null,
- "exported_dll_name": null,
- "actual_checksum": "0x0008f78b",
- "overlay": null,
- "imagebase": "0x00400000",
- "reported_checksum": "0x0008f78b",
- "icon_hash": null,
- "entrypoint": "0x004011a0",
- "timestamp": "2009-08-19 15:24:29",
- "osversion": "4.0",
- "sections": [
- {
- "name": ".text",
- "characteristics": "IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00001000",
- "size_of_data": "0x0007d000",
- "entropy": "7.08",
- "raw_address": "0x00001000",
- "virtual_size": "0x0007c83c",
- "characteristics_raw": "0x60000020"
- },
- {
- "name": ".data",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE",
- "virtual_address": "0x0007e000",
- "size_of_data": "0x00000000",
- "entropy": "0.00",
- "raw_address": "0x00000000",
- "virtual_size": "0x00003678",
- "characteristics_raw": "0xc0000040"
- },
- {
- "name": ".rsrc",
- "characteristics": "IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ",
- "virtual_address": "0x00082000",
- "size_of_data": "0x00008000",
- "entropy": "4.49",
- "raw_address": "0x0007e000",
- "virtual_size": "0x00007300",
- "characteristics_raw": "0x40000040"
- }
- ],
- "resources": [],
- "dirents": [
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x0007d6f4",
- "name": "IMAGE_DIRECTORY_ENTRY_IMPORT",
- "size": "0x00000028"
- },
- {
- "virtual_address": "0x00082000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESOURCE",
- "size": "0x00007300"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_EXCEPTION",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_SECURITY",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_BASERELOC",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DEBUG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COPYRIGHT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_GLOBALPTR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_TLS",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000220",
- "name": "IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT",
- "size": "0x00000020"
- },
- {
- "virtual_address": "0x00001000",
- "name": "IMAGE_DIRECTORY_ENTRY_IAT",
- "size": "0x000000a4"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR",
- "size": "0x00000000"
- },
- {
- "virtual_address": "0x00000000",
- "name": "IMAGE_DIRECTORY_ENTRY_RESERVED",
- "size": "0x00000000"
- }
- ],
- "exports": [],
- "guest_signers": {},
- "imphash": "bc32e3d6e1e656c56bfb10376fc9519a",
- "icon_fuzzy": null,
- "icon": null,
- "pdbpath": null,
- "imported_dll_count": 1,
- "versioninfo": []
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement