NEAS[.]0b8ca11b46bc259b24b8b8d85d4141b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0b8ca11b46bc259b24b8b8d85d4141b0.exe
Size

87KB
MD5

0b8ca11b46bc259b24b8b8d85d4141b0
SHA1

6452e3868033593f4a8c543e40881c2014d93709
SHA256

cd955b1bd27e7ebf9998f8ab1d7ded89c76d558a1a16569dac29c9d9e183f5bb
SHA512

5102d7ec76815a858601aa4ddc380767b519b0f71ea2eddc49b22cab71fe21bb96aad8f98e31a137368458a777299207f5984ed4b5fdd3f605478b3d203dbfbf
SSDEEP

1536:yLhuqXXr8jDCeiEmg19r/2aEGOfe6nF0nto5UOjiQ74REgOoklSn2/pk:yhuqXXr8HkEJ7r/0W6nFAtxElSw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0b8ca11b46bc259b24b8b8d85d4141b0.exe

Files

NEAS.0b8ca11b46bc259b24b8b8d85d4141b0.exe
.dll windows:6 windows x86

a8141d8754433c4cf58fa3637833c79c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetUnhandledExceptionFilter
WakeAllConditionVariable
AcquireSRWLockExclusive
WideCharToMultiByte
UnhandledExceptionFilter
SleepConditionVariableSRW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
ReleaseSRWLockExclusive

user32

GetForegroundWindow
GetAsyncKeyState
GetWindowTextA

advapi32

RegQueryValueExA
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey

msvcp140

?_Xlength_error@std@@YAXPBD@Z

s4modapi

?patch@AbstractPatch@hlib@@QAE_NXZ
?unpatch@AbstractPatch@hlib@@QAE_NXZ
?update@AbstractPatch@hlib@@QAE_NXZ
?isPatched@AbstractPatch@hlib@@QBE_NXZ
??0Patch@hlib@@QAE@_KEE@Z
??1AbstractPatch@hlib@@QAE@XZ
_S4CreateInterface@8
??0NopPatch@hlib@@QAE@_KI@Z
??0JmpPatch@hlib@@QAE@_KKI@Z
??0CallPatch@hlib@@QAE@_KKI@Z
??1Patch@hlib@@QAE@XZ
??0Patch@hlib@@QAE@_KK@Z
??0Patch@hlib@@QAE@_KE@Z

vcruntime140

_except_handler4_common
__std_exception_copy
__std_exception_destroy
memset
__std_type_info_destroy_list
_CxxThrowException
memcpy
__CxxFrameHandler3
memchr
memmove

api-ms-win-crt-runtime-l1-1-0

_crt_atexit
_execute_onexit_table
_register_onexit_function
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

Exports

Exports

PatchClassic2
PatchHistory2
PatchLive2
PatchTest2

Sections

.text
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8141d8754433c4cf58fa3637833c79c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

s4modapi

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

Exports

Exports

Sections

.text Size: 62KB - Virtual size: 62KB

.rdata Size: 14KB - Virtual size: 14KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 62KB - Virtual size: 62KB

.rdata
Size: 14KB - Virtual size: 14KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 6KB