Static task
static1
General
-
Target
NEAS.e609b308910f7a495d323ab13d011a70.exe
-
Size
1.7MB
-
MD5
e609b308910f7a495d323ab13d011a70
-
SHA1
67cd9ec05393925ce1cbf70cf721a037b49eaf98
-
SHA256
40666e7f272d5650dda9b73b945f5c9bc27fb218a1e941f06312917cda74ca0c
-
SHA512
e8a507f8057bffbd246ffad3aed39d4d5b7ea1077ed51f6970e7d4c90d0f93a313e5441ee6866df0e0bbc0236d900b3cfac40254afaeb676a440c0d10d402832
-
SSDEEP
49152:YK/7+jKH229aiMkKkwJ9fIvmRg0tbzYD8a15WaebM:YKT24aiMkKkwJavr14jM
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.e609b308910f7a495d323ab13d011a70.exe
Files
-
NEAS.e609b308910f7a495d323ab13d011a70.exe.sys windows:5 windows x86
3fa51161b5cf2e639499347bb7fc5cd0
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
videoprt.sys
VideoPortLogError
VideoPortGetAccessRanges
VideoPortGetVgaStatus
VideoPortGetDeviceBase
VideoPortVerifyAccessRanges
VideoPortQueryServices
VideoPortSetTrappedEmulatorPorts
VideoPortScanRom
VideoPortReadRegisterUshort
VideoPortFreeDeviceBase
VideoPortInitialize
VideoPortCompareMemory
VideoPortUnmapMemory
VideoPortQueueDpc
VideoPortReadRegisterUlong
VideoPortWriteRegisterUchar
VideoPortWriteRegisterUlong
VideoPortGetAssociatedDeviceExtension
VideoPortGetRomImage
VideoPortWritePortUchar
VideoPortInterlockedDecrement
VideoPortInterlockedExchange
VideoPortEnumerateChildren
VideoPortReadRegisterBufferUchar
VideoPortSynchronizeExecution
VideoPortSetRegistryParameters
VideoPortGetRegistryParameters
VideoPortSetBusData
VideoPortGetBusData
VideoPortReadPortUlong
VideoPortWritePortUlong
VideoPortStallExecution
VideoPortReadRegisterUchar
VideoPortMoveMemory
VideoPortDisableInterrupt
VideoPortEnableInterrupt
VideoPortInt10
VideoPortMapMemory
VideoPortZeroMemory
VideoPortInterlockedIncrement
ntoskrnl.exe
KeTickCount
KeBugCheckEx
MmBuildMdlForNonPagedPool
KeUnstackDetachProcess
MmUnmapLockedPages
MmIsAddressValid
IoGetCurrentProcess
KeStackAttachProcess
RtlFreeUnicodeString
ZwCreateFile
RtlAppendUnicodeStringToString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
ZwSetInformationFile
ZwClose
ZwWriteFile
ZwReadFile
ZwQueryInformationFile
wcsncpy
wcslen
MmMapLockedPagesSpecifyCache
ZwQueryValueKey
ZwOpenKey
wcscat
ZwSetValueKey
RtlQueryRegistryValues
KeSetEvent
ZwQuerySystemInformation
PsLookupProcessByProcessId
RtlEqualUnicodeString
PsTerminateSystemThread
ObfDereferenceObject
ObReferenceObjectByPointer
MmFreePagesFromMdl
MmAllocatePagesForMdl
MmLockPagableDataSection
MmUnlockPagableImageSection
KeSaveFloatingPointState
KeRestoreFloatingPointState
MmMapIoSpace
MmUnmapIoSpace
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeInitializeDpc
KeNumberProcessors
ObReferenceObjectByHandle
ObOpenObjectByPointer
MmMapUserAddressesToPage
KeInitializeSpinLock
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
KeQueryTimeIncrement
MmHighestUserAddress
KeInitializeMutex
IoCreateSynchronizationEvent
IoCreateNotificationEvent
KeClearEvent
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
ExDeletePagedLookasideList
ExDeleteNPagedLookasideList
ExAllocateFromPagedLookasideList
ExFreeToPagedLookasideList
ExRegisterCallback
ExCreateCallback
ExUnregisterCallback
ExNotifyCallback
KeQueryInterruptTime
ZwPowerInformation
ZwMapViewOfSection
ZwOpenSection
ZwUnmapViewOfSection
PsCreateSystemThread
IoFreeMdl
IoAllocateMdl
_wcslwr
wcscpy
mbstowcs
KeSetTimer
KeInitializeTimer
KeCancelTimer
vsprintf
MmUnlockPages
MmSizeOfMdl
MmProbeAndLockPages
MmGetPhysicalAddress
ExFreePoolWithTag
ExAllocatePoolWithTag
MmFreeContiguousMemorySpecifyCache
MmAllocateContiguousMemorySpecifyCache
PsGetCurrentProcessId
ZwQueryInformationProcess
KeReleaseMutex
KeWaitForSingleObject
KeInitializeEvent
ExInterlockedPushEntrySList
ExInterlockedPopEntrySList
RtlInitUnicodeString
MmGetSystemRoutineAddress
wcstombs
_except_handler3
wcsstr
rand
srand
sprintf
_vsnprintf
RtlAppendUnicodeToString
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
PsGetCurrentThreadId
memset
KeDelayExecutionThread
DbgPrint
memcpy
RtlCompareMemory
RtlInitString
_purecall
KeRemoveQueueDpc
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
KeGetCurrentThread
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
_snprintf
RtlRaiseException
hal
HalGetBusDataByOffset
HalAllocateCommonBuffer
HalGetAdapter
HalFreeCommonBuffer
KfLowerIrql
KfRaiseIrql
KfAcquireSpinLock
KeGetCurrentIrql
KfReleaseSpinLock
KeRaiseIrqlToDpcLevel
ExAcquireFastMutex
ExReleaseFastMutex
KeStallExecutionProcessor
KeAcquireSpinLock
KeReleaseSpinLock
HalSetBusDataByOffset
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 133KB - Virtual size: 132KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 138KB - Virtual size: 191KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
PAGE_INI Size: 38KB - Virtual size: 37KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE_COM Size: 153KB - Virtual size: 152KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE_DDC Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
PAGE Size: 24KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 5KB - Virtual size: 5KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 37KB - Virtual size: 37KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ