NEAS[.]a3cbe5ab2ba20811642fe7723d956fb0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a3cbe5ab2ba20811642fe7723d956fb0.exe
Size

23KB
MD5

a3cbe5ab2ba20811642fe7723d956fb0
SHA1

b6bc52c0f5ccbdeff1d8b25528f8ceb4088f4871
SHA256

c48a5c0ba9c99d1117dbbf59c6e6a1b2b1fa7db74f41d873fc1e437fd41bfefb
SHA512

1de530b3db0d29483f39a776b3e063c3a121a89c153c33a9f9b17b065b7175880844932843ccd12375c373a1323b88233324d2d1a17a1355f4e04aa966255c89
SSDEEP

384:M1JEXQTR0O0pUW6LLEKxHNaCujeLNVkyqB:STR0XUrLwWMCuCLN7qB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a3cbe5ab2ba20811642fe7723d956fb0.exe

Files

NEAS.a3cbe5ab2ba20811642fe7723d956fb0.exe
.dll windows:6 windows x64

3699364b9beecebf1d32eafe9b5b535d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libxml2

xmlDetectCharEncoding
xmlGetCharEncodingName
xmlParseCharEncoding
xmlAddEncodingAlias

libapr-1

apr_table_unset
apr_pstrdup
apr_pstrndup
apr_pstrcat
apr_array_push
apr_palloc
apr_array_make

libaprutil-1

apr_optional_hook_get
apr_dynamic_fn_register
apr_bucket_type_flush
apr_brigade_cleanup
apr_xlate_conv_buffer
apr_xlate_open
apr_brigade_partition
apr_brigade_length
apr_brigade_write
apr_brigade_create
apr_bucket_transient_create
apr_bucket_type_eos
apr_brigade_flatten

libhttpd

ap_log_assert
ap_log_rerror_
ap_check_cmd_context
ap_fflush
ap_filter_flush
ap_remove_output_filter
ap_add_output_filter
ap_register_output_filter_protocol
ap_pass_brigade
ap_strcasestr
ap_pregcomp
ap_regexec

vcruntime140

memset
__std_type_info_destroy_list
__C_specific_handler
memcpy
strstr
strchr

api-ms-win-crt-string-l1-1-0

_strnicmp
strncmp
strcspn
tolower
isupper

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv

kernel32

QueryPerformanceCounter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
RtlCaptureContext
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry

Exports

Exports

xml2enc_module
xml2enc_run_preprocess

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3699364b9beecebf1d32eafe9b5b535d

Headers

DLL Characteristics

File Characteristics

Imports

libxml2

libapr-1

libaprutil-1

libhttpd

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 1024B - Virtual size: 768B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 84B

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1024B - Virtual size: 768B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 84B