NEAS[.]e32d6c3709fdc9534214fd5086f75f70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e32d6c3709fdc9534214fd5086f75f70.exe
Size

95KB
MD5

e32d6c3709fdc9534214fd5086f75f70
SHA1

8836ea1e4c12853cbf164b46696a1e75d06d3df2
SHA256

9569e95f7ff90330651d61c0c13e86d8822928282211b0944de2890a218c3f44
SHA512

2e0f6c4e53c4f773e538ad68c9454c713a77330ddd066eaaf680947f113fb5f416d9b73222567ffcfd87da6b9ef7312e944e7a8e1bb6fa305812c3a4c83ee81f
SSDEEP

1536:X4f/EVpSdxQbA5rD4JDxbV1ilIq0kYwBvff:Io7xbVElIq0pwBvff

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e32d6c3709fdc9534214fd5086f75f70.exe

Files

NEAS.e32d6c3709fdc9534214fd5086f75f70.exe
.dll windows:6 windows x64

886b99ce0d33fb76a9a0aa5533356348

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

netapi32

NetWkstaTransportDel
NetShareSetInfo
NetShareDel
NetShareAdd
NetServerComputerNameAdd
NetStatisticsGet
NetServerEnum
NetServerComputerNameDel
NetWkstaGetInfo
NetWkstaSetInfo
NetWkstaTransportAdd
NetServerDiskEnum
NetServerGetInfo
NetServerSetInfo
NetWkstaTransportEnum
NetMessageNameEnum
NetMessageNameDel
NetGetDCName
NetGetAnyDCName
NetShareCheck
NetMessageBufferSend
NetMessageNameAdd
NetSessionEnum
NetSessionGetInfo
NetSessionDel
NetUseAdd
NetUseEnum
NetUseGetInfo
NetUseDel
NetUserSetInfo
NetUserChangePassword
NetUserModalsGet
NetUserModalsSet
NetUserGetGroups
NetUserAdd
NetUserDel
NetUserEnum
NetUserGetInfo
NetUserGetLocalGroups
NetWkstaUserEnum
NetShareGetInfo
NetGroupDel
NetLocalGroupAdd
NetGroupSetUsers
NetLocalGroupSetMembers
NetGroupAddUser
NetGroupEnum
NetLocalGroupGetMembers
NetGroupGetUsers
NetGroupSetInfo
NetShareEnum
NetGroupGetInfo
NetGroupAdd
NetLocalGroupDel
NetGroupDelUser
NetLocalGroupAddMembers
NetLocalGroupGetInfo
NetLocalGroupSetInfo
NetLocalGroupEnum
NetFileClose
NetApiBufferFree
NetFileGetInfo
NetLocalGroupDelMembers
NetFileEnum

advapi32

GetSecurityDescriptorLength
GetLengthSid

python36

_Py_TrueStruct
PyObject_IsTrue
PyErr_NoMemory
PyLong_FromVoidPtr
PyBytes_Size
PyMapping_Check
PyMapping_GetItemString
PyModule_Create2
PyLong_AsLong
PyMapping_SetItemString
PyModule_GetDict
PyLong_AsUnsignedLongMask
PyEval_SaveThread
Py_BuildValue
_Py_NoneStruct
PyErr_SetString
PyExc_ValueError
_Py_FalseStruct
PyUnicode_FromWideChar
PyExc_MemoryError
PyLong_FromLong
PyExc_RuntimeError
PyErr_Occurred
PyBytes_AsString
PyExc_TypeError
PyExc_NotImplementedError
PyBytes_FromStringAndSize
PyTuple_SetItem
PyDict_New
PyErr_Clear
_PyArg_ParseTuple_SizeT
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyLong_FromUnsignedLong
PyDict_SetItemString
PyTuple_New
_Py_BuildValue_SizeT
PyEval_RestoreThread
PyArg_ParseTuple
PyList_Append
PyList_New
PyList_SetItem

pywintypes36

??0PyWin_AutoFreeBstr@@QEAA@PEA_W@Z
??1PyWin_AutoFreeBstr@@QEAA@XZ
?SetBstr@PyWin_AutoFreeBstr@@QEAAXPEA_W@Z
?PyWinObject_AsBstr@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinLong_AsVoidPtr@@YAHPEAU_object@@PEAPEAX@Z
?PyWinExc_ApiError@@3PEAU_object@@EA
?PyWin_SetAPIError@@YAPEAU_object@@PEADJ@Z
?PyWinObject_AsSID@@YAHPEAU_object@@PEAPEAXH@Z
?PyWinSequence_Tuple@@YAPEAU_object@@PEAU1@PEAK@Z
??BPyWin_AutoFreeBstr@@QEAAPEA_WXZ
?PyWinGlobals_Ensure@@YAHXZ
?PyWinObject_FromSECURITY_DESCRIPTOR@@YAPEAU_object@@PEAX@Z
?PyWin_RegisterErrorMessageModule@@YAHKKPEAUHINSTANCE__@@@Z
?PyWinObject_AsSECURITY_DESCRIPTOR@@YAHPEAU_object@@PEAPEAXH@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W_J@Z
?PyWinObject_FromLARGE_INTEGER@@YAPEAU_object@@AEBT_LARGE_INTEGER@@@Z
?PyWinObject_FromFILETIME@@YAPEAU_object@@AEBU_FILETIME@@@Z
?PyWinObject_FreeWCHAR@@YAXPEA_W@Z
?PyWinObject_FromOLECHAR@@YAPEAU_object@@PEB_W@Z
?PyWinObject_AsWCHAR@@YAHPEAU_object@@PEAPEA_WHPEAK@Z
?PyWinObject_FromSID@@YAPEAU_object@@PEAX@Z

kernel32

IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
GetCurrentProcess
GetStartupInfoW
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryExW
GetModuleHandleW
GetProcAddress
TerminateProcess
IsDebuggerPresent
CompareStringW
LoadLibraryW
SetUnhandledExceptionFilter

vcruntime140

__std_type_info_destroy_list
__CxxFrameHandler3
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memset
memcpy
__C_specific_handler

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_initterm
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_configure_narrow_argv
terminate
_cexit
_crt_at_quick_exit

Exports

Exports

PyInit_win32net

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

886b99ce0d33fb76a9a0aa5533356348

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

advapi32

python36

pywintypes36

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 38KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 19KB - Virtual size: 20KB

.pdata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 852B

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 38KB - Virtual size: 38KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 19KB - Virtual size: 20KB

.pdata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 852B

.reloc
Size: 1KB - Virtual size: 1KB