NEAS[.]a1dc65f69b814ca09a9fd8a3c21066f0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a1dc65f69b814ca09a9fd8a3c21066f0.exe
Size

373KB
MD5

a1dc65f69b814ca09a9fd8a3c21066f0
SHA1

e62cc3fec0aab16c79687841c0cfbc0dd80bec0a
SHA256

61ffc8fd79e901735331d668e52dd425872dae02afd6845e068c3518d021502c
SHA512

d61b428bf81c3505d9be03197567db5d074636ba856a996b87096907105428dd05b7d3d82f1f81e5cb4772ae32af2da46852990f0738dc4cd7bad2475074effd
SSDEEP

6144:GcLY+dgw2KyupooGPBr6UdyypR5BKmmCCcabyZQZp9vmdCenu6+ly:Go8uqokX/KfCCcayk90C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a1dc65f69b814ca09a9fd8a3c21066f0.exe

Files

NEAS.a1dc65f69b814ca09a9fd8a3c21066f0.exe
.dll windows:6 windows x86

ef80e7f17640ab0aa071f3192445b4cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

glib-lite

ord387
ord239
ord105
ord446
ord394
ord39
ord313
ord299
ord309
ord206
ord208
ord209
ord250
ord444
ord452
ord479
ord456
ord389
ord462
ord472
ord473
ord375
ord374
ord48
ord47
ord50
ord245
ord49
ord388
ord386
ord298
ord467
ord365
ord167
ord171
ord164
ord172
ord165
ord294
ord194
ord141
ord10
ord1
ord2
ord5
ord233
ord317
ord207
ord451
ord465
ord244
ord237
ord218
ord445
ord399
ord400
ord426
ord408
ord348
ord236
ord235
ord316

gstreamer-lite

ord8
ord11
ord7
ord5
ord4
ord170
ord166
ord151
ord74
ord10
ord6
ord9
ord59
ord110
ord116
ord113
ord103
ord72
ord86
ord135
ord136
ord134
ord167
ord168
ord169
ord149
ord23
ord28
ord93
ord94
ord92
ord91
ord165
ord162
ord97
ord25
ord2
ord37
ord52
ord65
ord84
ord148
ord163
ord164
ord95
ord100
ord171
ord42
ord40
ord127
ord109
ord126
ord101
ord124
ord108
ord68
ord67
ord76
ord71
ord77
ord63
ord133
ord142
ord139
ord143
ord137
ord27
ord3
ord1
ord111
ord112
ord128
ord154
ord50
ord51
ord57
ord38
ord47
ord41
ord39
ord56
ord117
ord125
ord115
ord114
ord102
ord105
ord123
ord122
ord120
ord119
ord98
ord104
ord121
ord107
ord153
ord75
ord69
ord62
ord70
ord73
ord64
ord66
ord140
ord138
ord141
ord150
ord26
ord22
ord21
ord24
ord34
ord32
ord33
ord157
ord158
ord161
ord159
ord144

kernel32

GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseMutex
WaitForSingleObject
CreateMutexA
CloseHandle
CreateFileA
ReadFile
SetFilePointer
WriteFile
GetTempPathA
GetTempFileNameA
GetLastError
FreeLibrary
LoadLibraryA
SetEvent
ResetEvent
ReleaseSemaphore
CreateEventA
WaitForMultipleObjects
GetCurrentProcess
GetCurrentThreadId
lstrcmpW
CreateSemaphoreA
CreateThread
GetCurrentThread
SetThreadPriority
GetThreadPriority
GetTickCount
GetVersionExA
GetModuleHandleA
InitializeCriticalSection
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent

ole32

CLSIDFromString
CoInitialize
CoFreeUnusedLibraries
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoTaskMemAlloc

vcruntime140

_purecall
strstr
memcpy
memcmp
__CxxFrameHandler3
memset
__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
_except_handler4_common

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-heap-l1-1-0

free
malloc
_callnewh
calloc

api-ms-win-crt-utility-l1-1-0

abs

api-ms-win-crt-math-l1-1-0

_except1

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_configure_narrow_argv
_initialize_narrow_environment
_execute_onexit_table
_cexit
_seh_filter_dll
_initialize_onexit_table

winmm

timeSetEvent
timeKillEvent
timeBeginPeriod
timeEndPeriod

user32

DispatchMessageA
GetQueueStatus
MsgWaitForMultipleObjects
RegisterWindowMessageA
PostThreadMessageA
PeekMessageA

Exports

Exports

gst_plugin_desc

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef80e7f17640ab0aa071f3192445b4cb

Headers

DLL Characteristics

File Characteristics

Imports

glib-lite

gstreamer-lite

kernel32

ole32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

winmm

user32

Exports

Exports

Sections

.text Size: 106KB - Virtual size: 105KB

.rdata Size: 27KB - Virtual size: 26KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 936B

.reloc Size: 235KB - Virtual size: 236KB

.text
Size: 106KB - Virtual size: 105KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 936B

.reloc
Size: 235KB - Virtual size: 236KB