NEAS[.]8ac1edaf6af3ca4d15ecda66190f1290[.]exe

General

Target

NEAS.8ac1edaf6af3ca4d15ecda66190f1290.exe
Size

621KB
MD5

8ac1edaf6af3ca4d15ecda66190f1290
SHA1

ec783ed7e2cfa073872bf9fa0a97d5af1dd250f3
SHA256

c735a545349f52369b1c96e892ea1598259841d9b85cc5b6692db20fbbada05f
SHA512

66494471b7d70afc793c27195324bb2cdddd0e02627d293767edecf4026647c830378232fb89edb0acaad8de38c5b3d39caef6c8d2cc0763a5081ad6f99783c1
SSDEEP

6144:UOwIiYAeOB5jhFm0KvlSqQ2VDg2cbCadhXh75d:8IXA9FFm0KvlSqQ2VDqbCadXP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8ac1edaf6af3ca4d15ecda66190f1290.exe

Files

NEAS.8ac1edaf6af3ca4d15ecda66190f1290.exe
.sys windows:4 windows x86

9b18f0a9b005fefe3e4a2ada9468eac3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ndis.sys

NdisAllocateMemoryWithTag
NdisMCancelTimer
NdisMSetPeriodicTimer
NdisMInitializeTimer
NdisAllocateSpinLock
NdisMSetAttributesEx
NdisFreeSpinLock
NdisFreeMemory
NdisMDeregisterAdapterShutdownHandler
NdisMGetDeviceProperty
NdisTerminateWrapper
NdisMRegisterMiniport
NdisInitializeWrapper
NdisCloseFile
NdisMapFile
NdisOpenFile
NdisWriteErrorLogEntry
NdisUnicodeStringToAnsiString
NdisReleaseSpinLock
NdisAcquireSpinLock
NdisQueryBufferSafe
NDIS_BUFFER_TO_SPAN_PAGES
NdisQueryBufferOffset
NdisSetTimer
NdisInitializeEvent
NdisSetEvent
NdisResetEvent
NdisWaitEvent
NdisGetCurrentSystemTime
NdisCloseConfiguration
NdisReadNetworkAddress
NdisOpenConfiguration
NdisReadConfiguration
NdisMRegisterAdapterShutdownHandler
NdisUnmapFile
NdisMSleep

usbd.sys

USBD_ParseConfigurationDescriptorEx
USBD_CreateConfigurationRequestEx

ntoskrnl.exe

IoFreeIrp
IofCallDriver
IoBuildDeviceIoControlRequest
ExFreePool
ExAllocatePoolWithTag
IoAllocateIrp
KeInitializeSpinLock
_allshr
ExInterlockedAddLargeStatistic
IoCancelIrp

hal

KfAcquireSpinLock
KfReleaseSpinLock

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 545KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b18f0a9b005fefe3e4a2ada9468eac3

Headers

File Characteristics

Imports

ndis.sys

usbd.sys

ntoskrnl.exe

hal

Sections

.text Size: 68KB - Virtual size: 67KB

.data Size: 2KB - Virtual size: 3KB

PAGE Size: 545KB - Virtual size: 545KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 68KB - Virtual size: 67KB

.data
Size: 2KB - Virtual size: 3KB

PAGE
Size: 545KB - Virtual size: 545KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB