NEAS[.]bc6f567fc12924062df6974760b90500[.]exe

General

Target

NEAS.bc6f567fc12924062df6974760b90500.exe
Size

772KB
MD5

bc6f567fc12924062df6974760b90500
SHA1

0bd3690c2a366bdce8ece505a320c014dde50cc9
SHA256

ff1901d82c441db27a0d9154e399df79326b51872f1268f40c213e6c56a8c69a
SHA512

db35b90bf382cdf357836967bc90fa1b9824e413be57382cbaee0101b3950912f9031e47615842fcc488ec5f269b61f049098fc3c9c0c885f032d4c7692047cc
SSDEEP

12288:6K6lGHegSL7Q2ktZwdZzaclUxXm4GT/YESxpEWTR+pG9H3/bCbD:6vl1vo2ktZYZmclU1m4UGHTR+Yx3zCX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bc6f567fc12924062df6974760b90500.exe

Files

NEAS.bc6f567fc12924062df6974760b90500.exe
.dll windows:4 windows x86

91e9ff447fc7a9a4de8035b8106bd943

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

p2x584

Perl_form
Perl_newXS
Perl_Isv_yes_ptr
Perl_ILIO_ptr
Perl_sv_2nv
Perl_sv_isobject
Perl_hv_fetch
Perl_push_scope
Perl_Ttmps_floor_ptr
Perl_save_int
Perl_Ttmps_ix_ptr
Perl_Tmarkstack_max_ptr
Perl_markstack_grow
Perl_call_method
Perl_croak_nocontext
Perl_TSv_ptr
Perl_free_tmps
Perl_pop_scope
Perl_Isv_undef_ptr
Perl_Tstack_max_ptr
Perl_stack_grow
Perl_newSViv
Perl_sv_derived_from
Perl_newSVpv
Perl_sv_2mortal
Perl_get_sv
Perl_sv_setpv
Perl_safesysfree
Perl_safesysmalloc
Perl_sv_2pv_flags
Perl_sv_2io
PerlIO_findFILE
Perl_sv_setref_pv
Perl_sv_setiv
Perl_get_context
Perl_Tstack_sp_ptr
Perl_Tmarkstack_ptr_ptr
Perl_Tstack_base_ptr
Perl_croak
Perl_sv_2pv_nolen
Perl_sv_2iv
Perl_Top_ptr
Perl_Tcurpad_ptr
Perl_sv_newmortal
Perl_sv_setnv
Perl_mg_set

kernel32

DisableThreadLibraryCalls
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection

msvcrt

_initterm
_strdup
_access
fclose
fopen
memmove
atol
__mb_cur_max
_isctype
_pctype
qsort
strrchr
strtod
strcpy
pow
fabs
abs
memcmp
abort
_adjust_fdiv
ftell
fseek
putc
fread
fwrite
bsearch
getenv
strtok
free
realloc
malloc
calloc
strncpy
strncmp
sprintf
printf
fflush
exit
longjmp
_iob
vfprintf
strcmp
_errno
memset
memcpy
strlen
_snprintf
strerror
_ftol
fprintf
sscanf
getc
atoi
strchr
fgets
_setjmp3

Exports

Exports

_boot_GD
boot_GD

Sections

.text
Size: 464KB - Virtual size: 460KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 216KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91e9ff447fc7a9a4de8035b8106bd943

Headers

File Characteristics

Imports

p2x584

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 464KB - Virtual size: 460KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 216KB - Virtual size: 278KB

.reloc Size: 20KB - Virtual size: 18KB

.text
Size: 464KB - Virtual size: 460KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 216KB - Virtual size: 278KB

.reloc
Size: 20KB - Virtual size: 18KB