NEAS[.]9a97ea63f342e64398c87db1f1b2a160[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9a97ea63f342e64398c87db1f1b2a160.exe
Size

48KB
MD5

9a97ea63f342e64398c87db1f1b2a160
SHA1

a6337e7631f3be26d743cbc17798464558cfc086
SHA256

7feec7090008e9dd103086de26f629213b762a23412a80ae5894a22b57b7d683
SHA512

95d361e41772df3374a2e24086ae3cbcb562df09a2041921e119e84a12b5b37b363152fd6335d5400fd2a61b4cc7de8029e344c0df952260c4c012efda03769c
SSDEEP

768:cKbLLafH7L6QJakCiSWqZeZ82cP994Sa88YNNSmu8gCywLdOc2rejyf:TLLo7L1QkCipbcvpysOHD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9a97ea63f342e64398c87db1f1b2a160.exe

Files

NEAS.9a97ea63f342e64398c87db1f1b2a160.exe
.exe windows:5 windows x64

7acffe69d6dcf757961a699085083181

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

VirtualProtect
GetProcAddress
LoadLibraryA
GetLastError
SetUnhandledExceptionFilter
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
RaiseException
IsDebuggerPresent
VirtualQueryEx
ExitProcess
OutputDebugStringW
OutputDebugStringA
GetModuleHandleW
GetModuleHandleA
FreeLibrary
CloseHandle
LoadLibraryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
EncodePointer
Sleep
GetSystemTimeAsFileTime
GetSystemInfo
VirtualQuery

user32

MessageBoxA

randomizationtest_dll

?dll_function_after_PCLA@@YAX_N@Z
?dll_function_before_PCLA@@YAPEADXZ
?dll_call_objects@@YAXXZ
?incrementCounter@@YAXXZ
?dll_inloop_function_2@@YAX_N@Z
?dll_inloop_function_3@@YAX_N@Z
?dll_after_loop_function@@YAX_N@Z
?dll_print_objects@@YAXXZ
?printCounter@@YAXXZ
?dll_inloop_function_1@@YAX_N@Z
?dll_get_bad@@YAPEAVBad@@XZ
?dll_get_bar@@YAPEAVBar@@XZ
?dll_init_objects@@YAX_N@Z

msvcp100

?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?good@ios_base@std@@QEBA_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?endl@std@@YAAEAV?$basic_ostream@DU?$char_traits@D@std@@@1@AEAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?uncaught_exception@std@@YA_NXZ
?width@ios_base@std@@QEAA_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBAPEAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADXZ
?flags@ios_base@std@@QEBAHXZ
?width@ios_base@std@@QEBA_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

msvcr100

_onexit
_CxxThrowException
_lock
__dllonexit
_strdup
free
_wtoi
_wtoi64
exit
_wcsicmp
memcpy
??3@YAXPEAX@Z
fflush
__iob_func
strlen
??2@YAPEAX_K@Z
memset
__CxxFrameHandler3
memmove
printf
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_unlock

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7acffe69d6dcf757961a699085083181

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

randomizationtest_dll

msvcp100

msvcr100

Sections

.text Size: 20KB - Virtual size: 20KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 512B

.reloc Size: 512B - Virtual size: 512B

.idata Size: 5KB - Virtual size: 5KB

.text Size: 3KB - Virtual size: 3KB

.text
Size: 20KB - Virtual size: 20KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 512B

.reloc
Size: 512B - Virtual size: 512B

.idata
Size: 5KB - Virtual size: 5KB

.text
Size: 3KB - Virtual size: 3KB