NEAS[.]4a9d73955f608463a94f17a06b7a5ea0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4a9d73955f608463a94f17a06b7a5ea0.exe
Size

88KB
MD5

4a9d73955f608463a94f17a06b7a5ea0
SHA1

8ba039e2acc76f43fdacf67bdb576e46cd5224be
SHA256

9cffc0f255d038473b770c4e08bbc3d69e9579b6dadbc312112190c5e50df70d
SHA512

b49ed8f9c378017f1cd7d23e98fa0f03a54a25174dad172a88befe3814353840f8898c44db2479c832d55d3e2184e4d580c24f22d7d119f63679be741461cc27
SSDEEP

1536:T/yQ8vV1YNoeT41+Iw2MVuxKi4EEQFm3IllZTY:T/OrYNoN11w2MhizJgoq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4a9d73955f608463a94f17a06b7a5ea0.exe

Files

NEAS.4a9d73955f608463a94f17a06b7a5ea0.exe
.sys windows:4 windows x86

e79e5989416819f2fa32fe138ba13fbd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeSpinLock
DbgPrint
MmMapLockedPages
ExfInterlockedAddUlong
KeCancelTimer
KeSynchronizeExecution

hal

READ_PORT_USHORT
IoFlushAdapterBuffers
IoMapTransfer
READ_PORT_UCHAR
KfAcquireSpinLock
WRITE_PORT_USHORT
READ_PORT_ULONG
WRITE_PORT_ULONG
KfReleaseSpinLock
KeStallExecutionProcessor

ndis.sys

NdisCompleteCloseAdapter
EthFilterAdjust
EthChangeFilterAddresses
NdisInitializeInterrupt
NdisWritePciSlotInformation
NdisImmediateWritePciSlotInformation
NdisReadPciSlotInformation
TrShouldAddressLoopBack
NdisFreeMemory
NdisDeregisterAdapter
NdisRemoveInterrupt
NdisWriteErrorLogEntry
NdisCloseConfiguration
NdisRegisterAdapterShutdownHandler
TrCreateFilter
EthCreateFilter
NdisInitializeTimer
NdisAllocateMemory
NdisReadConfiguration
NdisOpenConfiguration
TrChangeFunctionalAddress
NdisSetTimer
EthDeleteFilterOpenAdapter
TrDeleteFilterOpenAdapter
NdisAllocateSharedMemory
NdisTerminateWrapper
NdisRegisterMac
NdisInitializeWrapper
TrChangeGroupAddress
NdisDeregisterMac
EthShouldAddressLoopBack
TrFilterAdjust
NdisImmediateReadPciSlotInformation
NdisPciAssignResources
EthFilterIndicateReceiveComplete
TrFilterIndicateReceiveComplete
EthFilterIndicateReceive
TrFilterIndicateReceive
EthQueryGlobalFilterAddresses
NdisFreeSharedMemory
EthNoteFilterOpenAdapter
TrNoteFilterOpenAdapter
NdisCompleteOpenAdapter
NdisCompleteQueryStatistics
EthQueryOpenFilterAddresses
NdisMapIoSpace
NdisRegisterAdapter
TrDeleteFilter
EthDeleteFilter
NdisDeregisterAdapterShutdownHandler
NdisCopyFromPacketToPacket

Sections

.text
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 928B - Virtual size: 900B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e79e5989416819f2fa32fe138ba13fbd

Headers

File Characteristics

Imports

ntoskrnl.exe

hal

ndis.sys

Sections

.text Size: 50KB - Virtual size: 50KB

.data Size: 9KB - Virtual size: 9KB

INIT Size: 2KB - Virtual size: 2KB

.rsrc Size: 928B - Virtual size: 900B

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 50KB - Virtual size: 50KB

.data
Size: 9KB - Virtual size: 9KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 928B - Virtual size: 900B

.reloc
Size: 2KB - Virtual size: 2KB