NEAS[.]73438cf0fe44345186adb62783c9d3e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.73438cf0fe44345186adb62783c9d3e0.exe
Size

30KB
MD5

73438cf0fe44345186adb62783c9d3e0
SHA1

8f5587e6b8da2e70cd60179ce7ec64e9c00a3414
SHA256

f4970a9ebde375658d4106318b5bf03bd0e6fb7d38e1ddf8bd09dd6081248d73
SHA512

cea7c9248f538b30b9a4cee035462460ab57948d6ed638ec590d40504399f3700d5e3280b1ac5132ad68af99b87a6bb5aefa7f82754c470189d59664c30982b5
SSDEEP

768:vqSUGGl2O7Yzro2xs3XKc3fdfDFO7T0IKIMe1Zy:FXuXHfd7FUT0IKIMe1Zy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.73438cf0fe44345186adb62783c9d3e0.exe

Files

NEAS.73438cf0fe44345186adb62783c9d3e0.exe
.dll windows:6 windows x86

7da3c8a65e6890d0195ed66e0a974b57

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

liblzma

lzma_get_check
lzma_alone_decoder
lzma_alone_encoder
lzma_lzma_preset
lzma_raw_decoder
lzma_stream_decoder
lzma_code
lzma_stream_encoder
lzma_raw_encoder
lzma_properties_size
lzma_easy_encoder
lzma_properties_decode
lzma_check_is_supported
lzma_end
lzma_auto_decoder
lzma_properties_encode

python310

PyObject_GetBuffer
PyList_New
PyExc_EOFError
PyErr_Clear
PyThread_release_lock
PyMapping_GetItemString
PyType_GetModuleState
PyMapping_Check
PyDict_New
PyErr_NewExceptionWithDoc
PyThread_free_lock
PyMem_Free
PyErr_NoMemory
PyModuleDef_Init
PyBytes_FromStringAndSize
PyExc_TypeError
PyType_FromModuleAndSpec
PyMem_Realloc
PyMem_Malloc
_PyLong_AsInt
PyModule_GetState
PyExc_SystemError
PyMem_RawFree
PyBuffer_Release
PyEval_RestoreThread
PyModule_AddObject
PyErr_ExceptionMatches
_Py_Dealloc
PyExc_OverflowError
PyModule_AddType
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_ValueError
_PyArg_UnpackKeywords
PyErr_SetString
_PyArg_BadArgument
PyThread_acquire_lock
PyLong_FromLongLong
PyTuple_New
_Py_NoneStruct
PyMem_RawMalloc
PyLong_AsUnsignedLongLong
PyThread_allocate_lock
PyLong_FromUnsignedLongLong
PyExc_MemoryError
_PyDict_SetItemId
PyErr_SetNone
PyBuffer_IsContiguous
PyEval_SaveThread
PyErr_Occurred
PySequence_GetItem
PyExc_KeyError
_PyArg_CheckPositional
PyLong_AsSsize_t
PyType_GenericNew
PyModule_AddIntConstant
_PyNumber_Index
PyBool_FromLong
PyMem_Calloc
PySequence_Size
PyList_Append

vcruntime140

memcpy
memset
memmove
_except_handler4_common
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initterm
_initialize_onexit_table
_execute_onexit_table
_cexit
_initialize_narrow_environment

kernel32

GetCurrentProcessId
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

Exports

Exports

PyInit__lzma

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7da3c8a65e6890d0195ed66e0a974b57

Headers

DLL Characteristics

File Characteristics

Imports

liblzma

python310

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 13KB - Virtual size: 12KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 13KB - Virtual size: 12KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB