NEAS[.]382e64580c2d93deefbc4f6504f93ce0[.]exe

General

Target

NEAS.382e64580c2d93deefbc4f6504f93ce0.exe
Size

29KB
MD5

382e64580c2d93deefbc4f6504f93ce0
SHA1

c1d006da3aefdfeaf89449d88572630109304971
SHA256

d43b67d6646fb123feea9ad7b5374bf5e99e8106868b27c7dca323c00d29267c
SHA512

bdb778fa392f61d1e00aa72bad585fe757c59f04757349a22d17fdf75da0848945c5cba88b71b8e99fa27fbd4f2df779568476893bc0fa986b0868cae5e4398b
SSDEEP

384:rL6CkMzd+Kkzin1gaty2NErjGaInD5vqPtNtUJTl92dSOj+Z:KCZCYw2N8jWcEN/Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.382e64580c2d93deefbc4f6504f93ce0.exe

Files

NEAS.382e64580c2d93deefbc4f6504f93ce0.exe
.sys windows:6 windows x64

05818a9fce59f6ec6aea4bff3bb45d94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_WDM_DRIVER

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExInterlockedInsertTailList
IofCompleteRequest
IoReleaseCancelSpinLock
IofCallDriver
KeClearEvent
IoRegisterDeviceInterface
IoSetDeviceInterfaceState
IoDeleteDevice
KeSetEvent
KeInitializeEvent
KeInitializeDpc
IoAttachDeviceToDeviceStack
ExInterlockedRemoveHeadList
IoCreateDevice
IoGetDeviceProperty
ObfDereferenceObject
IoIs32bitProcess
ExEventObjectType
ObReferenceObjectByHandle
KeInsertQueueDpc
KeBugCheckEx
PoRequestPowerIrp
PoSetPowerState
ExAllocatePool
ExFreePool
PoStartNextPowerIrp
PoCallDriver
KeRemoveQueueDpc
RtlInitUnicodeString
IoOpenDeviceInterfaceRegistryKey
ZwSetValueKey
IoDetachDevice
RtlFreeUnicodeString
ZwClose
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
DbgPrint
MmMapIoSpace
IoConnectInterrupt
IoDisconnectInterrupt

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 768B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

05818a9fce59f6ec6aea4bff3bb45d94

Headers

DLL Characteristics

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 1024B - Virtual size: 908B

.data Size: 1024B - Virtual size: 1024B

.pdata Size: 768B - Virtual size: 768B

INIT Size: 1KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 1024B - Virtual size: 908B

.data
Size: 1024B - Virtual size: 1024B

.pdata
Size: 768B - Virtual size: 768B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB