NEAS[.]4826730763640b9e1122182a243355f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4826730763640b9e1122182a243355f0.exe
Size

350KB
MD5

4826730763640b9e1122182a243355f0
SHA1

52cb89e0ad203231d27b9bb65db7896413d9db86
SHA256

421a5efc9b423e73897d6805135c85a3024d645c4ddba46a998098b4813a4f8e
SHA512

213ef20c22094200944e5ff2a0c9c18bd572e8eb9bd477ce1debb1d203bd268180333177ce0784b32c2ff5e96d640f96a59a271e7882f57b0fb26b6ebea536f2
SSDEEP

384:0uI24ibdAa/4rzTaeA7evelegAfe0TjDNn2azly+b9jVj8wIbLbZmTCx9OOl:06z2aYeU9TjDfg+bFVXIYS9jl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4826730763640b9e1122182a243355f0.exe

Files

NEAS.4826730763640b9e1122182a243355f0.exe
.sys windows:6 windows x86

67c8ee57d210330701d0a505e7594835

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_vsnprintf
DbgPrint
KeServiceDescriptorTable
MmGetSystemRoutineAddress
RtlInitUnicodeString
ZwClose
ObfDereferenceObject
KeWaitForSingleObject
ZwReadFile
KeClearEvent
ObReferenceObjectByHandle
ExEventObjectType
IoCreateNotificationEvent
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwCreateFile
memset
RtlAppendUnicodeStringToString
IoVolumeDeviceToDosName
RtlCopyUnicodeString
ObQueryNameString
ZwQueryInformationFile
ZwSetInformationFile
ZwWriteFile
KeReleaseMutex
IofCompleteRequest
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
RtlTimeToTimeFields
ExSystemTimeToLocalTime
KeQuerySystemTime
KeSetEvent
memcpy
ExQueueWorkItem
ZwQuerySystemInformation
RtlFreeAnsiString
RtlFreeUnicodeString
wcsrchr
RtlAppendUnicodeToString
ExfInterlockedInsertTailList
KeQueryTimeIncrement
KeTickCount
KeInitializeEvent
wcsstr
_wcsupr
RtlUnicodeStringToAnsiString
IoGetRelatedDeviceObject
IoFileObjectType
_alldiv
_allmul
IoDeleteSymbolicLink
KeDelayExecutionThread
IoCreateSynchronizationEvent
ExfInterlockedRemoveHeadList
KeInitializeMutex
IoRegisterBootDriverReinitialization
InitSafeBootMode
KeBugCheckEx
RtlUnwind

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 321KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

67c8ee57d210330701d0a505e7594835

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 16KB - Virtual size: 16KB

.rdata Size: 1024B - Virtual size: 576B

.data Size: 321KB - Virtual size: 2.3MB

INIT Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 920B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 1024B - Virtual size: 576B

.data
Size: 321KB - Virtual size: 2.3MB

INIT
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 7KB - Virtual size: 6KB