NEAS[.]108cd1f8e4c665442abc45666a8ab2d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.108cd1f8e4c665442abc45666a8ab2d0.exe
Size

312KB
MD5

108cd1f8e4c665442abc45666a8ab2d0
SHA1

2d1a89889a86a18886a4137b63a9a5be8e21bf47
SHA256

95a2e17523d2f0963be2c5b010d3829eed74ad49e66d35a1635374152fc9d595
SHA512

7aa5523066db3989c7a5a9f55389f33109df7d1233ef06aff939183a5ff91b56861e2fc44fa8760f8cb32855c127d200a51dcc8660c54bb5936341e2d82a3e64
SSDEEP

6144:0U/EMscKFe+izWnKj7M1e1uCmADDPQQF2dANQa1:HcMrB+iKS7MCn1DQQS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.108cd1f8e4c665442abc45666a8ab2d0.exe

Files

NEAS.108cd1f8e4c665442abc45666a8ab2d0.exe
.dll windows:6 windows x64

55dcedd14d869983c1f9e243a5214213

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

python311

PyModule_GetDict
PyEval_RestoreThread
PyUnicode_FromString
PyErr_Print
_Py_TrueStruct
PyExc_ImportError
PyList_AsTuple
PyModule_Type
PyObject_Str
PyExc_TypeError
PyBytes_FromStringAndSize
PyObject_GetItem
PyDict_GetItemString
PyErr_NoMemory
PyUnicode_Type
PySequence_Check
PyDict_New
PyDict_SetItem
PyObject_GenericSetAttr
PyMapping_Check
PyCapsule_New
PyMapping_GetItemString
PyUnicode_Decode
PyBytes_Type
PyList_Append
PyErr_Clear
PyType_Ready
PyModule_Create2
PyList_New
PyUnicode_FromFormat
PyUnicode_AsUTF8
_PyBytes_Resize
PyLong_AsLong
_PyArg_ParseTuple_SizeT
PyErr_ExceptionMatches
PySequence_Size
_Py_Dealloc
PyType_IsSubtype
PyLong_Type
_Py_FalseStruct
_PyArg_ParseTupleAndKeywords_SizeT
PyExc_ValueError
PyErr_SetString
PyExc_AttributeError
PyDict_SetItemString
PyLong_FromString
PyTuple_New
_Py_NoneStruct
PyRun_StringFlags
PyDict_Contains
PyLong_FromUnsignedLongLong
PyExc_MemoryError
PyErr_SetNone
PyObject_GC_UnTrack
PyLong_FromLong
PyEval_SaveThread
PyUnicode_AsUTF8AndSize
PyObject_GenericGetAttr
PyUnicode_DecodeUTF8
PyErr_Occurred
PySequence_GetItem
PyObject_Type
PyBytes_AsString
PyImport_ImportModule
PyExc_KeyError
PyType_GenericNew
_PyObject_CallFunction_SizeT
_Py_BuildValue_SizeT
PyErr_SetObject
PyUnicode_AsEncodedString

vcruntime140

strstr
memcpy
memmove
memset
memcmp
__C_specific_handler
__std_type_info_destroy_list
strchr

api-ms-win-crt-string-l1-1-0

strpbrk
toupper
strcmp
strnlen
strncmp
strncpy_s
isspace
_strdup
strncpy
_strnicmp
_stricmp
strtok_s
strtok

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
rewind
ftell
fseek
fread
fopen
fclose
__stdio_common_vfprintf
fgets
__acrt_iob_func
__stdio_common_vsprintf
_wfopen

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm
_errno
strerror_s
_initterm_e

api-ms-win-crt-heap-l1-1-0

realloc
malloc
calloc
free

api-ms-win-crt-convert-l1-1-0

strtod
atoi
strtol

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

ceil
floor
ceilf

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-conio-l1-1-0

_cputs

api-ms-win-crt-filesystem-l1-1-0

_access

kernel32

LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetLastError
GetConsoleCP
GetACP
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
InitOnceExecuteOnce
GetCurrentProcess
TerminateProcess
DeleteCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryExA
FormatMessageA
LocalAlloc
LocalFree
SwitchToFiber
DeleteFiber
CreateFiber
GetWindowsDirectoryA
GetSystemWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CancelIoEx
Sleep
CreateFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesA
GetFileSizeEx
IsProcessorFeaturePresent
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
ReadFile
CloseHandle
SetLastError
MultiByteToWideChar
GetConsoleMode
SetConsoleMode
ReadConsoleA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

advapi32

CryptReleaseContext
CryptGetKeyParam
CryptEncrypt
CryptDestroyKey
CryptImportKey
CryptAcquireContextA

wsock32

closesocket
inet_ntoa
recv
select
send
setsockopt
bind
socket
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
getservbyname
__WSAFDIsSet
shutdown
getsockopt
ntohs
connect

shlwapi

PathRemoveFileSpecA

ws2_32

freeaddrinfo
getaddrinfo

crypt32

CertFreeCertificateContext
CryptImportPublicKeyInfoEx2
CertGetCertificateContextProperty
CryptDecodeObjectEx
CryptStringToBinaryA
CryptImportPublicKeyInfo
CertOpenStore
CertDuplicateStore
CertCloseStore
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CertAddCertificateContextToStore
CertAddCRLContextToStore
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CryptQueryObject

secur32

DeleteSecurityContext
FreeContextBuffer
AcquireCredentialsHandleA
InitializeSecurityContextA
FreeCredentialsHandle
EncryptMessage
DecryptMessage
QueryContextAttributesA

bcrypt

BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptEncrypt
BCryptDestroyKey
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash

Exports

Exports

PyInit__mysql

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

55dcedd14d869983c1f9e243a5214213

Headers

DLL Characteristics

File Characteristics

Imports

python311

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-conio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

kernel32

advapi32

wsock32

shlwapi

ws2_32

crypt32

secur32

bcrypt

Exports

Exports

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 93KB - Virtual size: 92KB

.data Size: 30KB - Virtual size: 35KB

.pdata Size: 9KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 248B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 93KB - Virtual size: 92KB

.data
Size: 30KB - Virtual size: 35KB

.pdata
Size: 9KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 248B

.reloc
Size: 7KB - Virtual size: 6KB