NEAS[.]1ae7abaf67a9ffd4073a28b752266400[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1ae7abaf67a9ffd4073a28b752266400.exe
Size

40KB
MD5

1ae7abaf67a9ffd4073a28b752266400
SHA1

6ad13f5a282614ff817a76e5bd5ed41099c7d0b9
SHA256

7d2483d025a8721f8c962244ef89a36a2321477e0a8d2ff94368f54015708db9
SHA512

0b65e95d1c1859acc1c4f6dbc08bf3137f10fab10879a691cd258dbab62bfc8eed097fbab5d99f5ab2d6246f09867b34757e632fe237733a2408dc26d88cf2b0
SSDEEP

768:GRlKqS/lYMDvxgE/fD7p62zuMH599FWRkNorAiXOQCY:TzfLxgE/fD7p62yMHH9FWRkNorAvQL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1ae7abaf67a9ffd4073a28b752266400.exe

Files

NEAS.1ae7abaf67a9ffd4073a28b752266400.exe
.dll windows:4 windows x64

78f514a2fddcd2a9c33a52215253e88c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libdarktable

darktable
dt_action_entry_new
dt_bauhaus_combobox_add
dt_bauhaus_combobox_add_aligned
dt_bauhaus_combobox_clear
dt_bauhaus_combobox_get
dt_bauhaus_combobox_get_text
dt_bauhaus_combobox_new
dt_bauhaus_combobox_new_action
dt_bauhaus_combobox_new_full
dt_bauhaus_combobox_set
dt_bauhaus_widget_set_label
dt_conf_get_int
dt_conf_get_string
dt_conf_set_int
dt_conf_set_string
dt_control_log
dt_curl_init
dt_image_cache_get
dt_image_cache_read_release
dt_image_path_append_version_no_db
dt_imageio_export
dt_loc_get_tmp_dir
dt_metadata_get
dt_print
dt_pwstorage_get
dt_pwstorage_set
dt_tag_get_list_export
dt_util_glist_to_str
dtgtk_button_new
dtgtk_cairo_paint_refresh

libcurl-4

curl_easy_cleanup
curl_easy_init
curl_easy_perform
curl_easy_setopt
curl_mime_addpart
curl_mime_data
curl_mime_filedata
curl_mime_free
curl_mime_init
curl_mime_name

libglib-2.0-0

g_free
g_hash_table_destroy
g_hash_table_insert
g_hash_table_iter_init
g_hash_table_iter_next
g_list_append
g_list_free
g_list_free_full
g_main_context_invoke
g_malloc0
g_path_get_basename
g_strchomp
g_strchug
g_strconcat
g_strdup
g_strdup_printf
g_string_append_len
g_string_free
g_string_insert_len
g_string_new
g_strlcat
g_strlcpy
g_strrstr
g_unlink
g_uri_escape_string

libgobject-2.0-0

g_object_set
g_object_unref
g_signal_connect_data

libgtk-3-0

gtk_box_new
gtk_box_pack_start
gtk_button_new_with_label
gtk_entry_get_text
gtk_entry_new
gtk_entry_set_text
gtk_entry_set_visibility
gtk_entry_set_width_chars
gtk_label_new
gtk_label_set_ellipsize
gtk_label_set_markup
gtk_label_set_xalign
gtk_widget_hide
gtk_widget_set_halign
gtk_widget_set_hexpand
gtk_widget_set_no_show_all
gtk_widget_set_sensitive
gtk_widget_set_tooltip_markup
gtk_widget_set_tooltip_text
gtk_widget_show_all

libintl-8

DllMain
libintl_gettext
libintl_ngettext
libintl_snprintf

libjson-glib-1.0-0

json_array_get_length
json_array_get_object_element
json_builder_add_string_value
json_builder_begin_object
json_builder_end_object
json_builder_get_root
json_builder_new
json_builder_set_member_name
json_generator_new
json_generator_set_pretty
json_generator_set_root
json_generator_to_data
json_node_free
json_node_get_node_type
json_node_get_object
json_object_get_array_member
json_object_get_int_member
json_object_get_member
json_object_get_null_member
json_object_get_string_member
json_object_has_member
json_parser_get_root
json_parser_load_from_data
json_parser_new

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTimeZoneInformation
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc

api-ms-win-crt-private-l1-1-0

memcpy
memmove

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strcmp
strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

libwinpthread-1

pthread_mutex_lock
pthread_mutex_unlock

Exports

Exports

conflict_action
dt_module_dt_version
dt_module_mod_version
finalize_store
free_params
get_params
gui_cleanup
gui_init
gui_reset
init
name
params_size
set_params
store
supported

Sections

.text
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 288B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78f514a2fddcd2a9c33a52215253e88c

Headers

DLL Characteristics

File Characteristics

Imports

libdarktable

libcurl-4

libglib-2.0-0

libgobject-2.0-0

libgtk-3-0

libintl-8

libjson-glib-1.0-0

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

libwinpthread-1

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 22KB

.data Size: 512B - Virtual size: 304B

.rdata Size: 4KB - Virtual size: 3KB

.pdata Size: 1024B - Virtual size: 924B

.xdata Size: 1024B - Virtual size: 768B

.bss Size: - Virtual size: 288B

.edata Size: 512B - Virtual size: 381B

.idata Size: 8KB - Virtual size: 7KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 136B

/4 Size: 512B - Virtual size: 24B

.text
Size: 22KB - Virtual size: 22KB

.data
Size: 512B - Virtual size: 304B

.rdata
Size: 4KB - Virtual size: 3KB

.pdata
Size: 1024B - Virtual size: 924B

.xdata
Size: 1024B - Virtual size: 768B

.bss
Size: - Virtual size: 288B

.edata
Size: 512B - Virtual size: 381B

.idata
Size: 8KB - Virtual size: 7KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 136B

/4
Size: 512B - Virtual size: 24B