NEAS[.]ddd99d4f69383c4c149bc8a691cfd1d0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.ddd99d4f69383c4c149bc8a691cfd1d0.exe
Size

18KB
MD5

ddd99d4f69383c4c149bc8a691cfd1d0
SHA1

1bc173618b7be74b5b5712aa394e2878fecd810b
SHA256

9b31639f99ee4ba7afd0406041918e02312a089873774d3b3437379cb48ae8ed
SHA512

aa3443d4a9fcc97560d014ef797cd43523911b7adf8b1cc5a4031c66625568f52caca8db78eeec4cef333e68c795c702e69ce8ffae8f1459eadb2f78eea54337
SSDEEP

384:xsHfPsuRY0HpayQT430eETLxBo3nvG/d+YuMEf0qPZIWfzW1:ufPBRYk4zTqYd0BDdPLE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ddd99d4f69383c4c149bc8a691cfd1d0.exe

Files

NEAS.ddd99d4f69383c4c149bc8a691cfd1d0.exe
.dll windows:10 windows x86

db52661b2086890353cc6a7d892692cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnwprintf
malloc
_except_handler4_common
_initterm
free
_amsg_exit
_XcptFilter
memmove

shlwapi

ord219

api-ms-win-core-com-l1-1-1

CoCreateInstance
StringFromGUID2
CoTaskMemFree
StringFromCLSID

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
UnregisterTraceGuids
TraceMessage
GetTraceLoggerHandle

api-ms-win-core-synch-l1-2-0

Sleep
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapFree
HeapAlloc
HeapReAlloc

api-ms-win-core-libraryloader-l1-2-0

GetModuleHandleW
GetProcAddress
DisableThreadLibraryCalls

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-2

TerminateProcess
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemTimeAsFileTime

api-ms-win-core-errorhandling-l1-1-1

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError

ole32

CoGetObject

user32

SetCursor
LoadCursorW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

db52661b2086890353cc6a7d892692cf

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

shlwapi

api-ms-win-core-com-l1-1-1

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-errorhandling-l1-1-1

ole32

user32

Exports

Exports

Sections

.text Size: 11KB - Virtual size: 11KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 2KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 964B

.text
Size: 11KB - Virtual size: 11KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 964B