NEAS[.]9275dd817fd9c38e20cacbf31041a4f0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.9275dd817fd9c38e20cacbf31041a4f0.exe
Size

249KB
MD5

9275dd817fd9c38e20cacbf31041a4f0
SHA1

70f9fcac67fc291bc2f6d64825a6f6143a5eef2b
SHA256

43f10a0d64df876417117627a5bc6597f9ce03f72d1d46598189f0c1a28aa902
SHA512

aedab7f673248bed19be0105d20387e9ed615f206b21708e9f98b873fdc529665d25e12cc264fb5994fe8a0cb2f557ca650989872f8fc8e5b131f40a5f24d480
SSDEEP

6144:F2BsYeRiVPEmw+9dS/iVZ7M3WnMKlmsTJBOyqtUwdc4wphmmq:gsy0mdNF97Xzqt9OhT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9275dd817fd9c38e20cacbf31041a4f0.exe

Files

NEAS.9275dd817fd9c38e20cacbf31041a4f0.exe
.dll windows:6 windows x86

92cc29cdbb93be5c376952d9910180a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ReportEventW
RegisterEventSourceW
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
RegQueryValueExW

kernel32

InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
HeapFree
SetLastError
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
VarBstrCat
VariantInit
SysFreeString

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
_purecall
__CxxFrameHandler3
memcpy

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

wcstombs_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_initialize_narrow_environment
_crt_atexit
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92cc29cdbb93be5c376952d9910180a6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 223KB - Virtual size: 224KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 223KB - Virtual size: 224KB