NEAS[.]4275f1d9f111dcf6862e51afc38bf260[.]exe

General

Target

NEAS.4275f1d9f111dcf6862e51afc38bf260.exe
Size

68KB
MD5

4275f1d9f111dcf6862e51afc38bf260
SHA1

fbce4a1766f670cffdc0d579897b2135df44528f
SHA256

8fc1607664942b95b67acef24c49b29bf4cd5faae5400e374bc6bf2c726bcb26
SHA512

1fa38c92db45e73d36439733ba2d7f463eef4995309a5ac24568a9a1ac93c14862b0de2ddb0aa3cb61a49c4b21d7b4623702bdb3365c1b153cc37b39a4794187
SSDEEP

768:G4/yGuJVCaFD1p7r8bmXTkHIQHpjetXKNsOQno6Iuy:GwyGuJVB1sITkoQUaanozu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4275f1d9f111dcf6862e51afc38bf260.exe

Files

NEAS.4275f1d9f111dcf6862e51afc38bf260.exe
.sys windows:6 windows x86

d5632d1e0626f77fb91d6052de36f8a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteSymbolicLink
RtlAssert
RtlInitAnsiString
memset
_strnicmp
PsGetProcessImageFileName
MmIsAddressValid
IoGetCurrentProcess
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
_stricmp
RtlImageDirectoryEntryToData
memcpy
ZwClose
ZwWriteFile
IofCompleteRequest
strstr
strncat
strncpy
ExAllocatePool
strncmp
MmMapLockedPagesSpecifyCache
PsCreateSystemThread
KeDelayExecutionThread
PsSetLoadImageNotifyRoutine
CmRegisterCallback
IoStartTimer
IoInitializeTimer
IoRegisterShutdownNotification
KeTickCount
KeBugCheckEx
RtlUnwind
PsGetVersion
RtlInitUnicodeString
IoCreateDevice
DbgPrint
IoCreateSymbolicLink
ZwCreateFile
IoDeleteDevice

hal

KfAcquireSpinLock
KfReleaseSpinLock

ndis.sys

NdisFreeMemory
NdisAllocateMemoryWithTag

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 47KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 1020B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d5632d1e0626f77fb91d6052de36f8a0

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 512B - Virtual size: 420B

.data Size: 47KB - Virtual size: 49KB

INIT Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 1020B

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 512B - Virtual size: 420B

.data
Size: 47KB - Virtual size: 49KB

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 1020B