NEAS[.]3f930ae2ca234d50e419f23d96c47bd0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.3f930ae2ca234d50e419f23d96c47bd0.exe
Size

4.3MB
MD5

3f930ae2ca234d50e419f23d96c47bd0
SHA1

66ccbf24735f8ddcd8363803dcad6549d827735d
SHA256

8f0c25515839e77094cfeef42639cb7653fa7e4149dbf7755246749fc4c2d30e
SHA512

fe98ac2add9b50ca74ca5f0783988f30aa812ed763fb582b69dcb37880cd1c1bb6ee04af9ee224725a403fee327bbe25b2b260f27f007dd4371f0786c96cb968
SSDEEP

49152:jnz+d0gu6hDiBgpLKZIO5Yfe95rMOl/ijaAO7AyxAYeJuCGtlqyOGfwLXx4Q1dYX:0AYW/LOTdCi3FlAb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3f930ae2ca234d50e419f23d96c47bd0.exe

Files

NEAS.3f930ae2ca234d50e419f23d96c47bd0.exe
.dll windows:4 windows x64

6b4c18d8b8ac607bbb1ba750033fa4ba

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libvlccore

es_format_Init
var_Inherit
video_format_FixRgb
vlc_UrlClean
vlc_UrlParse
vlc_clone
vlc_fourcc_GetChromaDescription
vlc_fourcc_GetCodecFromString
vlc_fourcc_GetDescription
vlc_fourcc_IsYUV
vlc_frame_Alloc
vlc_frame_CopyProperties
vlc_frame_Realloc
vlc_frame_Release
vlc_join
vlc_meta_Set
vlc_obj_calloc
vlc_object_Log
vlc_sem_init
vlc_sem_post
vlc_sem_timedwait
vlc_thread_set_name
vlc_tick_now

advapi32

CryptAcquireContextA
CryptAcquireContextW
CryptCreateHash
CryptDecrypt
CryptDestroyHash
CryptGenRandom
CryptGetHashParam
CryptGetProvParam
CryptReleaseContext
CryptSetHashParam
CryptSetProvParam
CryptSignHashA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

crypt32

CertCloseStore
CertDeleteCertificateFromStore
CertEnumCRLsInStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
PFXImportCertStore

kernel32

CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FindClose
FindFirstFileA
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileType
GetFinalPathNameByHandleA
GetHandleInformation
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
PeekNamedPipe
ReadFile
ReleaseSemaphore
ResetEvent
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_errno
_exit
_findclose
_fstat64
_get_osfhandle
_getmaxstdio
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mkdir
_open_osfhandle
_setmaxstdio
_stricmp
_strnicmp
_time64
_unlock
_wassert
_wfindfirst64
_wfindnext64
_wfullpath
_wopen
abort
atoi
calloc
clock
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getc
getenv
iscntrl
islower
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
raise
rand
realloc
setbuf
setvbuf
srand
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncat
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
tolower
ungetc
vfprintf
wcscat
wcscpy
wcslen
_write
_stricmp
_strdup
_setmode
_read
_open
_getpid
_fileno
_fdopen
_dup2
_close
_access

ncrypt

BCryptCloseAlgorithmProvider
BCryptGenRandom
BCryptOpenAlgorithmProvider
NCryptDecrypt
NCryptDeleteKey
NCryptFreeObject
NCryptGetProperty
NCryptOpenKey
NCryptOpenStorageProvider
NCryptSignHash

user32

GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation

ws2_32

WSAGetLastError
WSASetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
getpeername
getsockname
htonl
htons
inet_addr
inet_ntop
inet_pton
ioctlsocket
listen
recv
select
send
setsockopt
socket

Exports

Exports

vlc_entry
vlc_entry_api_version
vlc_entry_copyright
vlc_entry_license

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 909KB - Virtual size: 908KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 9KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b4c18d8b8ac607bbb1ba750033fa4ba

Headers

DLL Characteristics

File Characteristics

Imports

libvlccore

advapi32

crypt32

kernel32

msvcrt

ncrypt

user32

ws2_32

Exports

Exports

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.data Size: 26KB - Virtual size: 26KB

.rodata Size: 512B - Virtual size: 64B

.rdata Size: 909KB - Virtual size: 908KB

.pdata Size: 88KB - Virtual size: 88KB

.xdata Size: 87KB - Virtual size: 86KB

.bss Size: - Virtual size: 9KB

.edata Size: 512B - Virtual size: 168B

.idata Size: 10KB - Virtual size: 9KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 11KB - Virtual size: 10KB

/4 Size: 512B - Virtual size: 28B

.text
Size: 3.1MB - Virtual size: 3.1MB

.data
Size: 26KB - Virtual size: 26KB

.rodata
Size: 512B - Virtual size: 64B

.rdata
Size: 909KB - Virtual size: 908KB

.pdata
Size: 88KB - Virtual size: 88KB

.xdata
Size: 87KB - Virtual size: 86KB

.bss
Size: - Virtual size: 9KB

.edata
Size: 512B - Virtual size: 168B

.idata
Size: 10KB - Virtual size: 9KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 11KB - Virtual size: 10KB

/4
Size: 512B - Virtual size: 28B