NEAS[.]c379ac1861ad33fb51776694dfc21380[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c379ac1861ad33fb51776694dfc21380.exe
Size

343KB
MD5

c379ac1861ad33fb51776694dfc21380
SHA1

aa93817c2b081b59398a91866661e2fa38628bd9
SHA256

dc6213d4a45c543ac52f3cc3287f2f15fb7aaa36a446851b920d6bb7b00a61d2
SHA512

645ab27798bd4ae314fc6e04c0856749aca59d791c94ca7de34d706570d45636001811d78b70663bda0ebf0a0a5cd8b8cd519d7fb3dc39598b6a9c5262fd30f6
SSDEEP

6144:+guvLr3qmh/lqCU0CAUdyQ72wO0+RPLnhDLCPbbgeJTsKNQoXJ2AW2FoYddcGta7:+1vLr3qmBlFgoQ72QAjnhDLCDbggTsWv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c379ac1861ad33fb51776694dfc21380.exe

Files

NEAS.c379ac1861ad33fb51776694dfc21380.exe
.dll windows:6 windows x86

4edcd6d6106398ed32511bf5ba5471b5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SwitchToThread
GetCurrentThreadId
CloseHandle
QueryPerformanceCounter
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
CreateThread
GetSystemTimeAsFileTime
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetProcAddress
SetCurrentDirectoryA
GetCurrentDirectoryA
EnterCriticalSection
LeaveCriticalSection
Sleep
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetCurrentProcessId

msvcr120

_i64toa_s
_ui64toa_s
_ltoa_s
_ultoa_s
_itow_s
_ltow_s
_ultow_s
_i64tow_s
_ui64tow_s
_makepath_s
_splitpath_s
gets_s
vprintf_s
vsprintf_s
vwprintf_s
memcpy_s
memset
memmove_s
_itoa_s
qsort
log
??3@YAXPAX@Z
strlen
_purecall
__RTDynamicCast
free
malloc
fclose
feof
ferror
fflush
fopen
fread
fseek
ftell
fwrite
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
??1type_info@@UAE@XZ
_vsnprintf_s
_except1
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
_except_handler4_common
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__clean_type_info_names_internal
strtok_s
__CxxFrameHandler3
_CxxThrowException
_hypot
strcmp

Exports

Exports

BIBGetGetProcAddress
BIBGetVersion
BIBInitialize
BIBInitialize2
BIBInitialize3
BIBInitialize4
BIBLockSmithAssertNoLocksImpl
BIBLockSmithDeleteImpl
BIBLockSmithLockImpl
BIBLockSmithUnlockImpl
BIBTerminate

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 242KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4edcd6d6106398ed32511bf5ba5471b5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr120

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 30KB - Virtual size: 29KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 242KB - Virtual size: 244KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 30KB - Virtual size: 29KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 242KB - Virtual size: 244KB