Behavioral task
behavioral1
Sample
NEAS.27e651f00de8f96b329ec4804d3a3420.exe
Resource
win7-20230831-en
Behavioral task
behavioral2
Sample
NEAS.27e651f00de8f96b329ec4804d3a3420.exe
Resource
win10v2004-20230915-en
General
-
Target
NEAS.27e651f00de8f96b329ec4804d3a3420.exe
-
Size
84KB
-
MD5
27e651f00de8f96b329ec4804d3a3420
-
SHA1
def060e6bf191023f80ff4041d084ffbf1ba509a
-
SHA256
5f8f20e0de4eaca8c8b1c0a813c90cfe2f2427ab8d548532270175cd0cb7fe4b
-
SHA512
e468902a340f13a92fb79d75303569913703e7ad05f855885e0de5e6d76def83512f3c56352879ee7f62bf065782ebf98b413d3b92a2fe0204e30c1a1daa7320
-
SSDEEP
1536:/Cs2v/CQ/zBPsqWcRZzx+FZrdpIPm6+EUc:s/CQlPsqWcRXcpIPm6o
Malware Config
Signatures
-
Tofsee family
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.27e651f00de8f96b329ec4804d3a3420.exe
Files
-
NEAS.27e651f00de8f96b329ec4804d3a3420.exe.exe windows:5 windows x86
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Sections
.text Size: 57KB - Virtual size: 57KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ