Categories: Malware

Win64/NukeSped.LE information

The Win64/NukeSped.LE is considered dangerous by lots of security experts. When this infection is active, you may notice unwanted processes in Task Manager list. In this case, it is adviced to scan your computer with GridinSoft Anti-Malware.

Gridinsoft Anti-Malware

Removing PC viruses manually may take hours and may damage your PC in the process. We recommend using GridinSoft Anti-Malware for virus removal. Allows to complete scan and cure your PC during the trial period.

DOWNLOAD NOW

6-day free trial available.

What Win64/NukeSped.LE virus can do?

SetUnhandledExceptionFilter detected (possible anti-debug)
Attempts to connect to a dead IP:Port (3 unique times)
Creates RWX memory
Dynamic (imported) function loading detected
CAPE extracted potentially suspicious content
The binary likely contains encrypted or compressed data.
Authenticode signature is invalid
Unusual version info supplied for binary

How to determine Win64/NukeSped.LE?


File Info:
name: 76C3D2092737D964DFD6.mlwpath: /opt/CAPEv2/storage/binaries/bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1crc32: 3690DF83md5: 76c3d2092737d964dfd627f1ced0af80sha1: 61d1a5b8f242706a39d06316e4c66b01141b4ab3sha256: bffe910904efd1f69544daa9b72f2a70fb29f73c51070bde4ea563de862ce4b1sha512: c8aa123dcb460840971b5a7116332d135314c297e1f8b7cfbdc93299e2bcf12399161f43d769f72695d045eaf688b653c9524b38f70748558d570f1fb9c74860ssdeep: 6144:aaWSGcJtPRms8/MhGNxd5Ga029ofRhg1yw0ITvuad31G6rdDb:aaWId/8UYZGa02m5hov0IT/R1zdDbtype: PE32+ executable (GUI) x86-64, for MS Windowstlsh: T13B64F14B73E031E9D1B68A35C8615A5AD7727C3A0630DBAF07A042C91F6B3905E3EF65sha3_384: 6086b83faa63e70adc8fe62544478c26e00730dcef3069efa3f8d05a2cab214ed572914195a961e24270c8812940c9a0ep_bytes: 4883ec28e85f0400004883c428e972fetimestamp: 2022-04-13 19:30:01
Version Info:
FileVersion: 10.0.19041.1 (WinBuild.160101.0800)ProductVersion: 10.0.19041.1OriginalFileName: MSPAINT.EXEInternalName: breeze_crypted.exeFileDescription: PaintCompanyName:  LegalCopyright: © Microsoft Corporation. All rights reserved.ProductName: Microsoft® Windows® Operating SystemTranslation: 0x0409 0x04b0

Win64/NukeSped.LE also known as:

FireEye	Generic.mg.76c3d2092737d964
McAfee	RDN/Generic.dx
K7AntiVirus	Trojan ( 00591c391 )
K7GW	Trojan ( 00591c391 )
CrowdStrike	win/malicious_confidence_60% (D)
Symantec	Trojan.Gen.9
Elastic	malicious (high confidence)
ESET-NOD32	a variant of Win64/NukeSped.LE
Paloalto	generic.ml
Kaspersky	UDS:Trojan.Multi.GenericML.xnet
F-Secure	Trojan.TR/NukeSped.ssawv
Zillya	Trojan.NukeSped.Win64.281
McAfee-GW-Edition	BehavesLike.Win64.Expiro.fc
Ikarus	Trojan.Win64.Nukesped
Microsoft	Trojan:Win32/Sabsik.FL.B!ml
Malwarebytes	Trojan.NukeSped
Fortinet	W64/NukeSped.LE!tr
AVG	Win64:MalwareX-gen [Trj]
Cybereason	malicious.8f2427
Avast	Win64:MalwareX-gen [Trj]