NEAS[.]94c9000cc30066e99ac8904cec6b11f0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.94c9000cc30066e99ac8904cec6b11f0.exe
Size

46KB
MD5

94c9000cc30066e99ac8904cec6b11f0
SHA1

4d6a142d6e49728aba3bd5d5eb434015a063f070
SHA256

fa2b98b571be9a87a656407ac8f14b8f3188610b6699a949bb86a700704797af
SHA512

6203fed8e841402d9abf84dd9f392af925d93602edde86a46d2b69cdb6dd201706ee11004e5d1130e9747e2ad64807ed50af5fc5b7046dbe0384fa1997189354
SSDEEP

768:eEuSsljkfHjFfudoNzZyXDWqP8CJzYkH4xbEMPGb:eEuLjkfHjFfoo/LgQxbEb

Score

1^/10

Malware Config

Signatures

Files

NEAS.94c9000cc30066e99ac8904cec6b11f0.exe
.dll windows:6 windows x64

3ee843c6070ccf6559d33542803245cb

Code Sign

1b:e7:15
Certificate

Issuer

OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Not Before

01/01/2014, 07:00

Not After

30/05/2031, 07:00

Subject

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

07
Certificate

Issuer

CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

03/05/2011, 07:00

Not After

03/05/2031, 07:00

Subject

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d0:9d:c1:0c:35:b3:65:b8
Certificate

Issuer

CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

22/05/2020, 10:19

Not After

22/05/2023, 03:38

Subject

CN=Facepunch Studios Ltd,O=Facepunch Studios Ltd,L=Walsall,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:35:72:5c:97:f0:bd:65:8f:a3:0e:77:6b:2e:f2:65:54:cd:eb:60
Signer

Actual PE Digest

eb:35:72:5c:97:f0:bd:65:8f:a3:0e:77:6b:2e:f2:65:54:cd:eb:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
FreeLibrary
Sleep
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
LocalFree
GetModuleHandleW
SetLastError
GetLastError
LoadLibraryExW
VerifyVersionInfoW
VerSetConditionMask
LocalAlloc
GetSystemDirectoryW
GetFileAttributesW
GetFullPathNameW
IsDebuggerPresent
GetModuleFileNameW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead

vcruntime140

wcsrchr
wcsstr
__C_specific_handler
__std_type_info_destroy_list
memset

api-ms-win-crt-string-l1-1-0

_wcsnicmp
isdigit
_wcsicmp
isalpha

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm
_initterm_e
_cexit
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_seh_filter_dll
_execute_onexit_table
_crt_atexit

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

NvLL_Plugin_GetLatency
NvLL_Plugin_GetRenderEventAndDataFunc
NvLL_Plugin_GetSleepStatus
NvLL_Plugin_SetLatencyMarker
NvLL_Plugin_SetSleepMode
NvLL_Plugin_Sleep
UnityPluginLoad
UnityPluginUnload

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3ee843c6070ccf6559d33542803245cb

Code Sign

1b:e7:15Certificate

Key Usages

07Certificate

Key Usages

d0:9d:c1:0c:35:b3:65:b8Certificate

Extended Key Usages

Key Usages

eb:35:72:5c:97:f0:bd:65:8f:a3:0e:77:6b:2e:f2:65:54:cd:eb:60Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 7KB - Virtual size: 25KB

.pdata Size: 1KB - Virtual size: 1KB

.gfids Size: 512B - Virtual size: 20B

.reloc Size: 512B - Virtual size: 68B

1b:e7:15
Certificate

07
Certificate

d0:9d:c1:0c:35:b3:65:b8
Certificate

eb:35:72:5c:97:f0:bd:65:8f:a3:0e:77:6b:2e:f2:65:54:cd:eb:60
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 7KB - Virtual size: 25KB

.pdata
Size: 1KB - Virtual size: 1KB

.gfids
Size: 512B - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 68B