NEAS[.]b76ff12c76ebdf3d0cd1c4dc35f9c370[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.b76ff12c76ebdf3d0cd1c4dc35f9c370.exe
Size

51KB
MD5

b76ff12c76ebdf3d0cd1c4dc35f9c370
SHA1

08b91a458f3b73d8e653633e101a62ef89d64ab1
SHA256

2388b07275b4117e6a3af044f64a2b650ec09aa63d880750a3601f8aa10096d0
SHA512

d1b03bc4b090efc1273cf710c8a2232112714f5cb2d4e53665e15861cf9e03fe0e6080c12739563f1b8ccdaa5de4378a12cf49d41a8b6735a265029ec645b71f
SSDEEP

384:IbaE2d5OKkjpAU3XdjINLK4iO+EwOlMnSRR8:Ibapd5ha8E3fK8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b76ff12c76ebdf3d0cd1c4dc35f9c370.exe

Files

NEAS.b76ff12c76ebdf3d0cd1c4dc35f9c370.exe
.dll windows:4 windows x64

7535c61f6994b37dad7cb48ccbd715c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
GetModuleHandleA
GetProcAddress
GetTickCount
HeapAlloc
HeapReAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memcmp
memmove
strchr
strcmp
strcpy
strcspn
strlen

Exports

Exports

OleBlockServer
OleQueryServerVersion
OleRegisterServer
OleRegisterServerDoc
OleRenameServerDoc
OleRevertServerDoc
OleRevokeObject
OleRevokeServer
OleRevokeServerDoc
OleSavedServerDoc
OleUnblockServer
WEP

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 384B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 965B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7535c61f6994b37dad7cb48ccbd715c8

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ntdll

ucrtbase

Exports

Exports

Sections

.text Size: 4KB - Virtual size: 3KB

.data Size: 4KB - Virtual size: 128B

.rodata Size: 4KB - Virtual size: 120B

.rdata Size: 4KB - Virtual size: 736B

.pdata Size: 4KB - Virtual size: 288B

.xdata Size: 4KB - Virtual size: 248B

.bss Size: - Virtual size: 384B

.edata Size: 4KB - Virtual size: 965B

.idata Size: 4KB - Virtual size: 980B

.reloc Size: 4KB - Virtual size: 32B

.text
Size: 4KB - Virtual size: 3KB

.data
Size: 4KB - Virtual size: 128B

.rodata
Size: 4KB - Virtual size: 120B

.rdata
Size: 4KB - Virtual size: 736B

.pdata
Size: 4KB - Virtual size: 288B

.xdata
Size: 4KB - Virtual size: 248B

.bss
Size: - Virtual size: 384B

.edata
Size: 4KB - Virtual size: 965B

.idata
Size: 4KB - Virtual size: 980B

.reloc
Size: 4KB - Virtual size: 32B