NEAS[.]309b10d36392d56ffb0ec3f0deead340[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.309b10d36392d56ffb0ec3f0deead340.exe
Size

272KB
MD5

309b10d36392d56ffb0ec3f0deead340
SHA1

9e0b8840de67bd2d2347a6702fe68ef5253da2df
SHA256

ed154573977328983345ed91569f9312f25a08be42b80085c34a340d493a7b6c
SHA512

4b826c9ab72f0ef8a788fbbe1aaf429cebd6d73b826d440865c91acdb13be12f70275cec794ba75b6ab50d8172dd7eeadfaa4e0be0ec890fbb62586728890beb
SSDEEP

6144:7JZsq8GEpxqz9T1gcos7MHopiLYIQnk2WKj:7Ps1o9T1nvkcA

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 1 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
sample	vmprotect

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.309b10d36392d56ffb0ec3f0deead340.exe

Files

NEAS.309b10d36392d56ffb0ec3f0deead340.exe
.dll windows:4 windows x86

235eed7bf29535feae82b0883c2c60a9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetFilePointer
FlushFileBuffers
SetEndOfFile
CreateFileA
GetCPInfo
GetOEMCP
ExitProcess
RtlUnwind
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
WriteFile
QueryPerformanceCounter
GetTickCount
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetTimeZoneInformation
SetUnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
ReadFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalFlags
InterlockedIncrement
RaiseException
SetErrorMode
lstrcatA
InterlockedDecrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GlobalAddAtomA
GetCurrentThread
GetCurrentThreadId
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleFileNameA
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadResource
LockResource
SizeofResource
FindResourceA
WritePrivateProfileStringA
GetPrivateProfileIntA
WriteProcessMemory
GetModuleHandleA
GetProcAddress
CloseHandle
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
OpenThread
TerminateThread
GetCurrentProcess
SetProcessWorkingSetSize
TerminateProcess
Sleep
GetPrivateProfileStringA
GetLastError
lstrlenA
lstrcmpiA
WideCharToMultiByte
CompareStringA
CompareStringW
MultiByteToWideChar
GetVersion
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
GetVersionExA
GetModuleHandleA
LoadLibraryA
LocalAlloc
LocalFree
GetModuleFileNameA
ExitProcess

user32

WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
DefWindowProcA
CallWindowProcA
SystemParametersInfoA
IsIconic
GetWindowPlacement
CopyRect
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
SetWindowTextA
GetClassNameA
wsprintfA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
DestroyMenu
RegisterWindowMessageA
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
MessageBoxA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SendMessageA
SetCursor
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
IsCharAlphaNumericA
GetWindowTextA
ShowWindow
PostMessageA
GetWindow

gdi32

DeleteDC
GetStockObject
ExtTextOutA
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
DeleteObject
CreateBitmap
Escape

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegEnumKeyA
RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegCloseKey
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegOpenKeyA

comctl32

ord17

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear

winmm

timeGetTime

ws2_32

ntohl

Exports

Exports

_xOnTstD

Sections

.text
Size: - Virtual size: 375KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 54.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vmp0
Size: - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp1
Size: - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.vmp2
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

235eed7bf29535feae82b0883c2c60a9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

winmm

ws2_32

Exports

Exports

Sections

.text Size: - Virtual size: 375KB

.rdata Size: - Virtual size: 61KB

.data Size: - Virtual size: 54.2MB

.rsrc Size: 4KB - Virtual size: 14KB

.vmp0 Size: - Virtual size: 166KB

.vmp1 Size: - Virtual size: 41KB

.vmp2 Size: 260KB - Virtual size: 259KB

.reloc Size: 4KB - Virtual size: 236B

.text
Size: - Virtual size: 375KB

.rdata
Size: - Virtual size: 61KB

.data
Size: - Virtual size: 54.2MB

.rsrc
Size: 4KB - Virtual size: 14KB

.vmp0
Size: - Virtual size: 166KB

.vmp1
Size: - Virtual size: 41KB

.vmp2
Size: 260KB - Virtual size: 259KB

.reloc
Size: 4KB - Virtual size: 236B