NEAS[.]ccba0b6563e9bb8bf4f9f6cf4c792180[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ccba0b6563e9bb8bf4f9f6cf4c792180.exe
Size

20KB
MD5

ccba0b6563e9bb8bf4f9f6cf4c792180
SHA1

33e70d9f3a15dac74072283b0adb2c206cce78c3
SHA256

e862501fd752fffdbf6f4add44b642bdbd21d3e448a99f90d181ef5f8e78b3ca
SHA512

fafd9d28daa628ecb3c91c3b3ea63e964a9c8bfe5797b487e6c142d482eb6b4f260124300702a32e5925670137c66225a079364486ad438d553ddf66f47d7ce1
SSDEEP

384:YF7tA4L2rVA+ETSqYirbVgLTnFSTMvopYOLIIGDmP5auJo5waisfFnKhYgS1NbED:YpC2aYYu+5wbs9nyYRgH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ccba0b6563e9bb8bf4f9f6cf4c792180.exe

Files

NEAS.ccba0b6563e9bb8bf4f9f6cf4c792180.exe
.dll windows:6 windows x86

12a8ff353d87241f8a2f2afdc4741ca9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcp140

_Mtx_destroy
_Cnd_init
_Thrd_join
_Thrd_id
_Cnd_destroy_in_situ
_Thrd_start
_Mtx_init
_Cnd_wait
_Cnd_destroy
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Xlength_error@std@@YAXPBD@Z
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_signal
_Cnd_init_in_situ
_Mtx_unlock

vcruntime140

memmove
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy
_purecall
__std_type_info_name
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common
memset

api-ms-win-crt-runtime-l1-1-0

terminate
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

Exports

Exports

CheckModule
ClearModule
InitModule
LoadImplObjects

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12a8ff353d87241f8a2f2afdc4741ca9

Headers

DLL Characteristics

File Characteristics

Imports

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 10KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 10KB - Virtual size: 10KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB