NEAS[.]312708960b8c355f3570b782bcf78270[.]exe

General

Target

NEAS.312708960b8c355f3570b782bcf78270.exe
Size

2.3MB
MD5

312708960b8c355f3570b782bcf78270
SHA1

31b667e4f2f7822d5a9e2e8bd0596443b4fbc93b
SHA256

8d22edac359a66d44eefe736aa8a375a3617a24c33b859f559ae5ace7f861bf3
SHA512

b868417138ed88ad05296fac33f4380eded9a1295f42582db1a1d96ffbb64906d484fb07460eedc987177161a8e380e2b9d9911b910f52065e8509384cd18480
SSDEEP

6144:9wcsZ2ruVxaMJESXJddzQFGZoa8SRl+/aJGioydxfMbyhIY8sw:9wcs/xZESPdCGZ18oxG2xn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.312708960b8c355f3570b782bcf78270.exe

Files

NEAS.312708960b8c355f3570b782bcf78270.exe
.dll windows:5 windows x86

088ebb377aeb2c82293ad3abad0f46cf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
GetProcAddress
LoadLibraryA
GetCurrentThreadId
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetModuleFileNameW
VirtualQuery
FreeLibrary
TlsGetValue
GetModuleHandleW
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapValidate
IsBadReadPtr
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage
HeapSize
HeapReAlloc
VirtualAlloc
WriteFile
InitializeCriticalSectionAndSpinCount
OutputDebugStringA
WriteConsoleW
OutputDebugStringW
LoadLibraryW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LCMapStringA
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
CreateFileA
CloseHandle
FlushFileBuffers

Exports

Exports

RD_XXXX
StormPlayer_WinMain

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

088ebb377aeb2c82293ad3abad0f46cf

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 115KB - Virtual size: 114KB

.rdata Size: 32KB - Virtual size: 31KB

.data Size: 128KB - Virtual size: 135KB

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 115KB - Virtual size: 114KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 128KB - Virtual size: 135KB

.reloc
Size: 13KB - Virtual size: 13KB