NEAS[.]3e4784191ed2cb26c61a0b414e6655a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.3e4784191ed2cb26c61a0b414e6655a0.exe
Size

102KB
MD5

3e4784191ed2cb26c61a0b414e6655a0
SHA1

678c40048ac1017af476c6aeb8c6be20b6306a00
SHA256

86ac94c373e6df9684b3e6fb625cd0784d3802d1ffc63bf83ad3a6bc074de51c
SHA512

91c5569fdb484f9f54ad275f3d76fe30fc32af1bc3dee9426547c3f3818d875539e530087ccaa19428834e0989b5b7c698c70a2d2604de9347707a61ef754712
SSDEEP

1536:cjWdhHXTfP/GPLp2tDsUxnAedidaYOf6wmsur7H:nlT3/GzpwDsCnAYixwmsS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3e4784191ed2cb26c61a0b414e6655a0.exe

Files

NEAS.3e4784191ed2cb26c61a0b414e6655a0.exe
.exe windows:5 windows x86

e6c310bd8678267024ec277ae9dd2905

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

nss3

PR_CallOnce
PR_AssertCurrentThreadOwnsLock
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_WaitCondVar
PR_Now
PR_Free
PR_dtoa
PR_Assert
PR_SetCurrentThreadName
PR_IntervalNow
PR_GetCurrentThread
PR_smprintf_free
PR_smprintf
PR_FileDesc2NativeHandle
PR_AssertCurrentThreadInMonitor
PR_Wait
PR_snprintf
PR_ExitMonitor
PR_sscanf
PR_Seek64
PR_EnterMonitor
PR_GetEnv

xul

?outOfLineKind@GCCellPtr@JS@@ABE?AW4TraceKind@2@XZ
?toScript@GCCellPtr@JS@@QBEPAVJSScript@@XZ
?toObject@GCCellPtr@JS@@QBEPAVJSObject@@XZ
?isScript@GCCellPtr@JS@@QBE_NXZ
?isObject@GCCellPtr@JS@@QBE_NXZ
??0GCCellPtr@JS@@QAE@ABVValue@1@@Z
??0GCCellPtr@JS@@QAE@PAVJSScript@@@Z
??0GCCellPtr@JS@@QAE@PAVJSString@@@Z
??0GCCellPtr@JS@@QAE@PAVJSFunction@@@Z
??0GCCellPtr@JS@@QAE@PAVJSObject@@@Z
??0GCCellPtr@JS@@QAE@PAXW4TraceKind@1@@Z
?_external_GetObserverService@services@mozilla@@YG?AU?$already_AddRefed@VnsIObserverService@@@@XZ
NS_GetComponentManager
NS_GetServiceManager
NS_UTF16ToCString
NS_CStringCopy
NS_CStringSetDataRange
NS_CStringSetData
NS_CStringCloneData
NS_CStringGetMutableData
NS_CStringGetData
NS_CStringContainerInit
NS_StringCopy
NS_StringSetDataRange
NS_StringGetMutableData
NS_StringGetData
NS_LogRelease
NS_LogAddRef
NS_GetMemoryManager
?GetParentOuterWindowID@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_K@Z
?GetOuterWindowID@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_K@Z
?GetInnerWindowID@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_K@Z
?BaseURI@LoadInfo@mozilla@@UAEPAVnsIURI@@XZ
?GetBaseURI@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIURI@@@Z
?InternalContentPolicyType@LoadInfo@mozilla@@UAGIXZ
?GetContentPolicyType@LoadInfo@mozilla@@UAG?AW4nsresult@@PAI@Z
?GetLoadingSandboxed@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_N@Z
?GetForceInheritPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PA_N@Z
?GetSecurityFlags@LoadInfo@mozilla@@UAG?AW4nsresult@@PAI@Z
?LoadingNode@LoadInfo@mozilla@@UAEPAVnsINode@@XZ
?GetLoadingDocument@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIDOMDocument@@@Z
?TriggeringPrincipal@LoadInfo@mozilla@@UAEPAVnsIPrincipal@@XZ
?GetTriggeringPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIPrincipal@@@Z
?LoadingPrincipal@LoadInfo@mozilla@@UAEPAVnsIPrincipal@@XZ
?GetLoadingPrincipal@LoadInfo@mozilla@@UAG?AW4nsresult@@PAPAVnsIPrincipal@@@Z
?Release@LoadInfo@mozilla@@UAGKXZ
?AddRef@LoadInfo@mozilla@@UAGKXZ
?QueryInterface@LoadInfo@mozilla@@UAG?AW4nsresult@@ABUnsID@@PAPAX@Z
NS_CStringToUTF16
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_StringContainerFinish
NS_StringContainerInit2
NS_StringContainerInit
NS_LogCOMPtrRelease
NS_LogCOMPtrAddRef
NS_LogDtor
NS_LogCtor
NS_DebugBreak
NS_NewLocalFile
NS_ShutdownXPCOM
NS_InitXPCOM2

kernel32

TerminateProcess
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
CloseHandle
OutputDebugStringA
IsDebuggerPresent
SetFilePointerEx
SetEndOfFile
ReadFile
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoA
SetThreadPriority
GetCurrentThread
VerSetConditionMask
GetCurrentProcess
IsProcessorFeaturePresent

msvcr120

_wfopen
memmove
exit
vprintf
putchar
printf
fprintf
fflush
__iob_func
_purecall
memcmp
memcpy
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
strchr
_vsnprintf
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_dup
_vscprintf
vfprintf
fputs
_fdopen
srand
strncpy
memset
_hypot
_snprintf
ftell
fseek
fread
fclose
wcstol
strpbrk
strtol
rand
wcschr
wcspbrk
wcsncmp

mozglue

wcsdup
strdup
malloc
?gChaosModeCounter@detail@mozilla@@3V?$Atomic@I$01X@2@A
moz_xmalloc
free
moz_xrealloc

Exports

Exports

??0LoadInfo@mozilla@@QAE@ABV01@@Z
??4LoadInfo@mozilla@@QAEAAV01@ABV01@@Z
??_7LoadInfo@mozilla@@6B@

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e6c310bd8678267024ec277ae9dd2905

Headers

DLL Characteristics

File Characteristics

Imports

nss3

xul

kernel32

msvcr120

mozglue

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 21KB - Virtual size: 21KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 21KB - Virtual size: 21KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB