NEAS[.]21cdf6183236c79ce4ec75a58ecad050[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.21cdf6183236c79ce4ec75a58ecad050.exe
Size

50KB
MD5

21cdf6183236c79ce4ec75a58ecad050
SHA1

ef9a0ae7cf5c9a288c07868e86b2fe1717eaebf3
SHA256

45fb342f00da75a64529e8731ccb482fdecdf9812169f2939fd37894829b613d
SHA512

97a6c87de53ef1a55ecbba1ea1bf5b9e8930d4f8c6cb508f97fc937192f49cbbb4881172da142c425f1e3d75e516d6790059b167926137ebe629e2032a79fe4b
SSDEEP

384:3uHU4xTv1hxbTfQ9aI1YSwQ/RLHaDAmT4mmt3l3OQfBXTUlOVDPjLAs:334JbTIj/aU3mm1l3HBDBVDP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.21cdf6183236c79ce4ec75a58ecad050.exe

Files

NEAS.21cdf6183236c79ce4ec75a58ecad050.exe
.dll windows:6 windows x64

8a0fc9d8ade98f79f55c4303d6c62fa1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcruntime140d

__vcrt_GetModuleHandleW
__C_specific_handler
__vcrt_GetModuleFileNameW
__C_specific_handler_noexcept
__current_exception_context
__current_exception
__std_type_info_destroy_list
__vcrt_LoadLibraryExW

ucrtbased

_wsplitpath_s
_wmakepath_s
__stdio_common_vsprintf_s
strcat_s
strcpy_s
terminate
_cexit
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_CrtDbgReportW
_CrtDbgReport
wcscpy_s

kernel32

MultiByteToWideChar
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
TerminateProcess
GetCurrentProcess
GetProcAddress
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
WideCharToMultiByte
InitializeSListHead
RaiseException
GetModuleHandleW
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind

Exports

Exports

CpsGetEventsInterfaceVersion
CpsGetLicenseAccessFilter
CpsOnEvent

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 337B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 381B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a0fc9d8ade98f79f55c4303d6c62fa1

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140d

ucrtbased

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 10KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 2KB - Virtual size: 1KB

.idata Size: 3KB - Virtual size: 3KB

.00cfg Size: 512B - Virtual size: 337B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 381B

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 2KB - Virtual size: 1KB

.idata
Size: 3KB - Virtual size: 3KB

.00cfg
Size: 512B - Virtual size: 337B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 381B