home

Nebula.exe

Nebula

ElSemi

Publisher:
ElSemi

Product:
Nebula

Version:
2, 1, 5, 0

MD5:
2348d8c51104cd977e5fdbfe9b31a7da

SHA-1:
80a84289cea43713d2e40f517d1ae5220b1769db

SHA-256:
7932b8ace4d06cdb6c7490f8780ab61502cb1715db901249b344dfd7d5cb4343

Scanner detections:
5 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 2:08:02 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PeX
7.1.1

Bkav FE
HW32.CDB
1.3.0.4959

F-Prot
W32/Heuristic-210
v6.4.7.1.166

K7 AntiVirus
Trojan
13.182.12926

Norman
Packed_PeX.B
11.20140824

File size:
780 KB (798,720 bytes)

Product version:
2, 2, 3, 0

Copyright:
Copyright © 2003 ElSemi

Original file name:
Nebula.exe

File type:
Executable application (Win32 EXE)

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\nebula.exe

File PE Metadata
OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

CTPH (ssdeep):
24576:Gel50FR7vjnKWRCtVvzs+QV+gmBQywJHpZV:Bl5G7bnKWKJzsbUjCywdp

Entry address:
0x27CE000

Entry point:
E9, F5, 00, 00, 00, 0D, 0A, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, C4, 0D, 0A, 20, 50, 65, 58, 20, 28, 63, 29, 20, 62, 79, 20, 62, 61, 72, 74, 5E, 43, 72, 61, 63, 6B, 50, 6C, 20, 62, 65, 74, 61, 20, 72, 65, 6C, 65, 61, 73, 65, 20, 20, 20...
 
[+]

Entropy:
7.9286

Packer / compiler:
PeX v0.99

Code size:
1.3 MB (1,388,544 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to shut.the.fuck.up-bitch.com  (216.189.101.117:80)

Scan Nebula.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.