NEAS[.]1417b0c5d310d82b4aa0939020f41dc0[.]exe

General

Target

NEAS.1417b0c5d310d82b4aa0939020f41dc0.exe
Size

17KB
MD5

1417b0c5d310d82b4aa0939020f41dc0
SHA1

d8039c3fb8d95cad14bfbb1f5ccdfe9133086734
SHA256

2c4e8582c66d354078672afdefa1620ca896488fd9f601d7fec3f73ac9a10b8d
SHA512

669d8cad1deb8a2784517e396e37dbced2d9fda57e9667a38d598fa9ce0f6daba2233d7025e78d9bfae43f9c3868338228aae92b9a89d8f3a24def1e09054090
SSDEEP

384:M/NOTCky1w0UFm6wFFwK+TeA3oZZLHDziQfvyfNSYs8uC6luJzarAmrHIg:dy1w0UFmrwK+joZZLHDzLXmSGuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1417b0c5d310d82b4aa0939020f41dc0.exe

Files

NEAS.1417b0c5d310d82b4aa0939020f41dc0.exe
.dll windows:5 windows x64

16908736edef18fbd57a5d642b83e0f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAStartup
ntohl

iphlpapi

GetIfEntry
GetIpForwardTable
GetAdaptersAddresses

python27

Py_InitModule4_64
PyModule_AddIntConstant
PyModule_AddObject
PyModule_AddStringConstant
PyDict_GetItemString
PyUnicodeUCS2_FromUnicode
_Py_ZeroStruct
_Py_TrueStruct
PyTuple_Pack
PyObject_IsTrue
PyErr_NoMemory
PyErr_SetFromWindowsErr
PyArg_ParseTuple
PyDict_New
PyExc_MemoryError
PyErr_SetString
PyExc_OSError
PyDict_SetItemString
PyExc_ValueError
PyObject_Size
PyInt_FromLong
PyDict_GetItem
PyList_New
PyDict_SetItem
PyList_Append
PyUnicodeUCS2_FromWideChar
PyUnicodeUCS2_FromString

msvcr90

memset
free
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
__C_specific_handler
_amsg_exit
_decode_pointer
_encoded_null
_initterm_e
_initterm
_malloc_crt
_encode_pointer
_wcsnicmp
malloc
sprintf
realloc

kernel32

LoadLibraryA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
GetModuleHandleA
FreeLibrary

Exports

Exports

initnetifaces

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16908736edef18fbd57a5d642b83e0f2

Headers

File Characteristics

Imports

ws2_32

iphlpapi

python27

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 2KB - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 468B

.reloc Size: 512B - Virtual size: 80B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 2KB - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 468B

.reloc
Size: 512B - Virtual size: 80B