NEAS[.]5931e91742f3447ab2c045848dcd01f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5931e91742f3447ab2c045848dcd01f0.exe
Size

85KB
MD5

5931e91742f3447ab2c045848dcd01f0
SHA1

a2538554a8a75d5272431391d4c9bf84c668dd59
SHA256

51d5f82ca4ef692379ae54f21039efd7f118faf8ab6e0506532c6b5bf99f48f7
SHA512

42de2b2cee025cde3eabf2cc312adf9d3aefbb1499af94577ad32a22e35ee9f59d03cde9b05c03ef36363bc39333a36efa686eae9f8bf146f184655fedbecfcb
SSDEEP

1536:jJrhYU66WsJ1UOzrzkPMkrKDIprdKGekmCe2G4OZUiG:jJruUbUO7k5rKDIprdKGekmYG4OZUi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5931e91742f3447ab2c045848dcd01f0.exe

Files

NEAS.5931e91742f3447ab2c045848dcd01f0.exe
.dll windows:5 windows x86

a2440a6d3a4aa03049a0fed36426fbec

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
?__ExceptionPtrCopy@@YAXPAXPBX@Z
_except_handler4_common
??0exception@std@@QAE@ABV01@@Z
fclose
fwrite
fopen
??_V@YAXPAX@Z
??_U@YAPAXI@Z
toupper
__CxxUnregisterExceptionObject
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
sprintf
calloc
_cexit
__FrameUnwindFilter
??1exception@std@@UAE@XZ
_crt_debugger_hook
_malloc_crt
??3@YAXPAX@Z
?what@exception@std@@UBEPBDXZ

kernel32

GetSystemTimeAsFileTime
MultiByteToWideChar
OutputDebugStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WideCharToMultiByte
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer

msvcp100

?_Incref@facet@locale@std@@QAEXXZ

phsoftpkiapi

pkiOpenEnvelopeaAndVerifySign
pkiSealEnvelopeAndSignData
pkiGenExtECCKey
pkiEnd
pkiBase64Encode
pkiCloseApplication
pkiCloseDevice
pkiSoftInitApp
pkiHashData

phsoftenc

phSoft_SecureCommunication
phSoft_HttpPost

mscoree

_CorDllMain

Exports

Exports

phGenExtECCKey
phHttpPost
phOpenEnvelopeaAndVerifySign
phSealEnvelopeAndSignData
phSealHttpPost
phSoftHash

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a2440a6d3a4aa03049a0fed36426fbec

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

kernel32

msvcp100

phsoftpkiapi

phsoftenc

mscoree

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 2KB - Virtual size: 208KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 2KB - Virtual size: 208KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB