NEAS[.]881eb153d7653aca1cfc85bd0bee8740[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.881eb153d7653aca1cfc85bd0bee8740.exe
Size

1.6MB
MD5

881eb153d7653aca1cfc85bd0bee8740
SHA1

6053ddf38977eb9295613f63685081eb16076a02
SHA256

42c3ef112a92fb25a79ee778e30f55bebc207a92b2dc1b831c75e82544426d7c
SHA512

7e16ee04210b20426daa1792e6622751d014c9daadea109ae2d45bf50d1d44e1722e72358205a1d1233b39117b640a17d4159566be4542560828c56d04f5b29b
SSDEEP

12288:1jBC+gmXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:hBpgmsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.881eb153d7653aca1cfc85bd0bee8740.exe

Files

NEAS.881eb153d7653aca1cfc85bd0bee8740.exe
.exe windows:6 windows x64

d80feaa2ad97b5d6930d796d04721174

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dvacore

?AppDir@Dir@filesupport@dvacore@@SA?AV123@XZ
?FullPath@Dir@filesupport@dvacore@@QEBA?AV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@std@@XZ
??1Dir@filesupport@dvacore@@QEAA@XZ
?RationalApproximation@utility@dvacore@@YA?AV?$rational@H@boost@@N@Z
?UTF16to8@utility@dvacore@@YA?AV?$basic_string@EU?$char_traits@E@std@@V?$STLAllocator@E@SmallBlockAllocator@utility@dvacore@@@std@@AEBV?$basic_string@GU?$char_traits@G@std@@V?$STLAllocator@G@SmallBlockAllocator@utility@dvacore@@@4@@Z
?Dispose@SmallBlockAllocator@utility@dvacore@@YAXPEAX_K@Z

kernel32

InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
SetDllDirectoryW
CloseHandle
SetEvent
ResetEvent
OpenEventA
OpenProcess
MapViewOfFile
UnmapViewOfFile
WaitForMultipleObjects
CreateFileMappingA
OpenFileMappingA
GetLastError
FreeLibrary
GetProcAddress
FormatMessageA
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
RtlCaptureContext

msvcp140

??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list
_purecall
memset
memcpy
memcmp
_CxxThrowException
memmove
__std_terminate
__CxxFrameHandler3
__C_specific_handler

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_set_app_type
_cexit
_get_initial_narrow_environment
_initterm
_initterm_e
_crt_at_quick_exit
_exit
_register_onexit_function
__p___argc
__p___argv
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
_initialize_onexit_table
exit
terminate
_initialize_narrow_environment
_configure_narrow_argv
_execute_onexit_table
_invalid_parameter_noinfo_noreturn
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

malloc
free
_set_new_mode
_callnewh

api-ms-win-crt-convert-l1-1-0

atoi

api-ms-win-crt-stdio-l1-1-0

__p__commode
__stdio_common_vfprintf
__acrt_iob_func
_set_fmode
__stdio_common_vsprintf
__stdio_common_vsscanf

api-ms-win-crt-time-l1-1-0

clock

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d80feaa2ad97b5d6930d796d04721174

Headers

DLL Characteristics

File Characteristics

Imports

dvacore

kernel32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 87KB - Virtual size: 86KB

.rdata Size: 32KB - Virtual size: 32KB

.data Size: 2KB - Virtual size: 10KB

.pdata Size: 6KB - Virtual size: 5KB

.gfids Size: 512B - Virtual size: 60B

.rsrc Size: 1.4MB - Virtual size: 1.4MB

.text
Size: 87KB - Virtual size: 86KB

.rdata
Size: 32KB - Virtual size: 32KB

.data
Size: 2KB - Virtual size: 10KB

.pdata
Size: 6KB - Virtual size: 5KB

.gfids
Size: 512B - Virtual size: 60B

.rsrc
Size: 1.4MB - Virtual size: 1.4MB