NEAS[.]e28b5560b6e6524e2e268d8c12415ee0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e28b5560b6e6524e2e268d8c12415ee0.exe
Size

26KB
MD5

e28b5560b6e6524e2e268d8c12415ee0
SHA1

acefc26d4b023bf5d5370b9b80b17c1c62175be5
SHA256

64ecfcc761836be86ac29451cd25adfbe22974d39079e46cb91218608ee97c4b
SHA512

01371ecac94d4b07d5bbf6ad8e389e306fe7be54295ea4de1d5e0c43787f9f81c7a83c91fd0f4e03751a162545a2f239bb630ef87279547c1a87a8e4de32fb31
SSDEEP

384:FnNh8ijeoZsUBMtB4n4jRsw/dmi5wAZVn+z0RR2K9AqeWZDwku3RvFsMfKvRhoga:FVU4n4jZ7jn+4RVem8kYRvFsMtz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e28b5560b6e6524e2e268d8c12415ee0.exe

Files

NEAS.e28b5560b6e6524e2e268d8c12415ee0.exe
.dll windows:4 windows x64

739e77a13efe29e1265496b9c448a69c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libdarktable

darktable
dt_act_on_get_main_image
dt_action_register
dt_collection_get_count
dt_collection_get_query
dt_conf_get_int
dt_conf_set_int
dt_control_add_job
dt_control_change_cursor
dt_control_job_create
dt_control_job_get_params
dt_control_job_set_params
dt_control_log
dt_control_queue_redraw_center
dt_ctl_switch_mode_to
dt_database_get
dt_dev_image_ext
dt_free_align
dt_mipmap_cache_get_matching_size
dt_mipmap_cache_get_with_caller
dt_mipmap_cache_release_with_caller
dt_mouse_action_create_simple
dt_print
dt_shortcut_register
dt_thumbtable_get_offset
dt_thumbtable_set_offset
dt_ui_center
dt_ui_main_window
dt_ui_panel_show
dt_ui_thumbtable
dt_view_paint_buffer
dt_view_paint_pixbuf

libcairo-2

cairo_paint
cairo_restore
cairo_save

libgdk-3-0

gdk_display_get_monitor_at_window
gdk_monitor_get_geometry

libglib-2.0-0

g_free
g_source_remove
g_strdup_printf
g_timeout_add_seconds

libgtk-3-0

gtk_widget_get_display
gtk_widget_get_window
gtk_widget_grab_focus

libintl-8

DllMain
libintl_fprintf
libintl_gettext
libintl_ngettext

kernel32

DeleteCriticalSection
EnterCriticalSection
GetLastError
InitializeCriticalSection
LeaveCriticalSection
Sleep
TlsGetValue
VirtualProtect
VirtualQuery

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_execute_onexit_table
_exit
_initialize_narrow_environment
_initialize_onexit_table
_initialize_wide_environment
_initterm
_register_onexit_function
abort

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vfwprintf
fwrite

api-ms-win-crt-string-l1-1-0

strlen
strncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_tzset

libwinpthread-1

pthread_mutex_destroy
pthread_mutex_init
pthread_mutex_lock
pthread_mutex_unlock

libsqlite3-0

sqlite3_bind_int
sqlite3_column_int
sqlite3_errmsg
sqlite3_finalize
sqlite3_prepare_v2
sqlite3_step

Exports

Exports

button_pressed
button_released
cleanup
dt_module_dt_version
dt_module_mod_version
enter
expose
gui_init
init
leave
mouse_actions
mouse_moved
name
try_enter
view

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 1024B - Virtual size: 676B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 272B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

739e77a13efe29e1265496b9c448a69c

Headers

DLL Characteristics

File Characteristics

Imports

libdarktable

libcairo-2

libgdk-3-0

libglib-2.0-0

libgtk-3-0

libintl-8

kernel32

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

libwinpthread-1

libsqlite3-0

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 2KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 912B

.xdata Size: 1024B - Virtual size: 676B

.bss Size: - Virtual size: 272B

.edata Size: 512B - Virtual size: 368B

.idata Size: 5KB - Virtual size: 4KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 512B - Virtual size: 120B

/4 Size: 512B - Virtual size: 28B

.text
Size: 13KB - Virtual size: 12KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 2KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 912B

.xdata
Size: 1024B - Virtual size: 676B

.bss
Size: - Virtual size: 272B

.edata
Size: 512B - Virtual size: 368B

.idata
Size: 5KB - Virtual size: 4KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 512B - Virtual size: 120B

/4
Size: 512B - Virtual size: 28B