NEAS[.]7c4551df05023f256c509b44f18dec60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7c4551df05023f256c509b44f18dec60.exe
Size

42KB
MD5

7c4551df05023f256c509b44f18dec60
SHA1

17dd83badd1c4cdd1b52e4d9d56acde8cb824daf
SHA256

639c7fa42f5590d946756ec5a67471be50afe8565965a57ae2ba03166d857ea8
SHA512

f96e49a23c973860105e2dc0a6ff08770fa7cfcd69daa2deb9f6a1712fb046c45b768d0a101b863b3cd11192fab728bbeaf665caa4df946f16c8596273e94168
SSDEEP

384:zBNIlQMJRr12V99ozUTTZTpya/1v6eKlvCRP9PK9dkPtHGTHS5Ien7GI7CnpS6/6:NmBvUnZTpyksdoYS57Kp12tugJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7c4551df05023f256c509b44f18dec60.exe

Files

NEAS.7c4551df05023f256c509b44f18dec60.exe
.dll windows:6 windows x86

280e6e908950cc775ee52dd0e126a39d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_vsnwprintf
memcpy
_vscwprintf
_except_handler4_common
_amsg_exit
_initterm
free
malloc
strchr
_XcptFilter
memset
_wcsicmp
??2@YAPAXI@Z
wcschr
??3@YAXPAX@Z

spp

SxTracerGetThreadContextRetail
SxTracerDebuggerBreak
SxTracerShouldTrackFailure

kernel32

InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
Sleep
GetLastError
IsWow64Process
GetDriveTypeW
GetVolumeInformationW
GetDiskFreeSpaceExW
ExpandEnvironmentStringsW
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
InterlockedExchange
LocalFree
GetSystemTimeAsFileTime
InterlockedDecrement
SetLastError
MultiByteToWideChar
GetModuleFileNameW
GetCommandLineW
DisableThreadLibraryCalls
SetUnhandledExceptionFilter

ntdll

RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlSetCurrentTransaction
RtlGetCurrentTransaction
EtwTraceMessage
RtlNtStatusToDosError
RtlGetLastNtStatus
RtlSetThreadErrorMode

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2

advapi32

RegCloseKey
TraceMessage
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegOpenKeyExW
RegCreateKeyExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
RegQueryValueExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegDeleteTreeW

Exports

Exports

DisableSR
DisableSRInternal
EnableSR
EnableSREx
EnableSRInternal
SRNewSystemId
SRRemoveRestorePoint
SRSetRestorePointA
SRSetRestorePointInternal
SRSetRestorePointW
SetSRStateAfterSetup

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 964B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

280e6e908950cc775ee52dd0e126a39d

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

spp

kernel32

ntdll

ole32

advapi32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 35KB

.data Size: 512B - Virtual size: 964B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 35KB - Virtual size: 35KB

.data
Size: 512B - Virtual size: 964B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 3KB