NEAS[.]b06acab5927fced880ca7abc4abb7600[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b06acab5927fced880ca7abc4abb7600.exe
Size

215KB
MD5

b06acab5927fced880ca7abc4abb7600
SHA1

3c780231ce115a26214ed2ec4521576471afd5db
SHA256

f399881a56abfd70f5b61a103d54b095137cc7335d6710b66da20d0bc5e6b9ed
SHA512

5920d88af6539e46a14697687288040d9659e25eb413cdf8fa7dd8adadb64a9e98ffda9df3eedaf72240d01b30c960a7769d9deddc107ff8ada0ed784315f07c
SSDEEP

3072:SGhC1AkfNQ3W9kFnBgdZvSqbMwSxUwj4QQrnYWRI4bSH1LdRz3iqf5br5vY7FzII:SGhC1Akv9wQUCMhUwU1rp6VnX5bdvC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b06acab5927fced880ca7abc4abb7600.exe

Files

NEAS.b06acab5927fced880ca7abc4abb7600.exe
.dll windows:6 windows x64

e1384b86d39bb9c06713d697bb7ab904

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcessId
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RtlCaptureContext

python38

PyErr_ExceptionMatches
PyModule_AddObject
_PyArg_ParseTuple_SizeT
PyObject_GC_Del
PyObject_CallFunctionObjArgs
_PyBytes_Resize
PyObject_ClearWeakRefs
_PyTrash_thread_destroy_chain
PyUnicode_AsUTF8
PyUnicode_FromFormat
PyObject_GetBuffer
PySequence_Fast
PyList_New
PyModule_Create2
_PyObject_GetAttrId
PyType_Ready
PyExc_SyntaxError
PyObject_GetAttrString
PyErr_NewException
PyErr_Clear
PyList_Append
PyBytes_Type
PyObject_RichCompareBool
PyDict_SetItem
PyDict_New
PyUnicode_Type
PyNumber_Index
PyMem_Free
PyExc_StopIteration
PyUnicode_Join
PyCapsule_Import
PyList_Type
PyErr_NoMemory
PyObject_Realloc
PyObject_GC_Track
PyBytes_FromStringAndSize
Py_ReprLeave
PyDict_DelItem
PyNumber_AsSsize_t
_PyObject_MakeTpCall
Py_ReprEnter
PyExc_TypeError
PyMem_Realloc
PyObject_Free
PyObject_IsTrue
PyDict_Copy
PyTuple_Pack
_PyUnicode_Ready
PyCallable_Check
PyMem_Malloc
PyExc_IndexError
PyExc_ImportError
PyState_FindModule
PyModule_GetState
_PyObject_GC_New
PyList_SetItem
PyDict_Keys
PyUnicode_FromString
PyBuffer_Release
PyUnicode_FromStringAndSize
PyUnicode_AsEncodedString
PyType_IsSubtype
PyFloat_Type
PyDict_Type
PyErr_Format
_PyArg_ParseTupleAndKeywords_SizeT
PyDict_Next
PyExc_ValueError
_PyArg_UnpackKeywords
PyNumber_Add
_PyObject_LookupAttrId
PyErr_SetString
_Py_Dealloc
_Py_CheckFunctionResult
_PyArg_BadArgument
PyUnicode_New
_PyObject_CallMethodIdObjArgs
PyExc_AttributeError
PyDict_Items
_Py_HashSecret
PyTuple_New
_Py_NoneStruct
PyDict_GetItemWithError
PyErr_SetNone
PyObject_GC_UnTrack
PySlice_Unpack
PyLong_FromLong
PyObject_SetAttrString
_PyTrash_thread_deposit_object
PyExc_RuntimeError
PyList_SetSlice
PyUnicode_AsUTF8AndSize
PyObject_GenericGetAttr
PyUnicode_DecodeUTF8
PyExc_OverflowError
PyLong_FromSsize_t
PyErr_Occurred
PyDict_Update
PyObject_SelfIter
PyImport_ImportModule
PySlice_Type
PyExc_DeprecationWarning
_PyArg_CheckPositional
PyLong_AsSsize_t
PyExc_RuntimeWarning
PyErr_WarnEx
PyObject_Malloc
_PyObject_SetAttrId
_PyObject_CallFunction_SizeT
_Py_BuildValue_SizeT
PyErr_SetObject
PySlice_AdjustIndices
PyThreadState_Get
PyType_GenericAlloc

vcruntime140

memmove
memcpy
memcmp
__std_type_info_destroy_list
memset
__C_specific_handler

api-ms-win-crt-string-l1-1-0

strncat
strcmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf

api-ms-win-crt-math-l1-1-0

_fdclass

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_register_onexit_function
_initterm_e
_initterm
_initialize_narrow_environment
_crt_atexit
_crt_at_quick_exit
_errno
_cexit
terminate
_execute_onexit_table
_initialize_onexit_table
_seh_filter_dll

api-ms-win-crt-utility-l1-1-0

rand_s

api-ms-win-crt-environment-l1-1-0

getenv

Exports

Exports

PyInit__elementtree

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e1384b86d39bb9c06713d697bb7ab904

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

python38

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-environment-l1-1-0

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 37KB - Virtual size: 37KB

.data Size: 4KB - Virtual size: 5KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 37KB - Virtual size: 37KB

.data
Size: 4KB - Virtual size: 5KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 1KB - Virtual size: 1KB