NEAS[.]b83d3ed131d0096fe0441800eb399f70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b83d3ed131d0096fe0441800eb399f70.exe
Size

1.1MB
MD5

b83d3ed131d0096fe0441800eb399f70
SHA1

94ae1a7bbc23c10bd9693dc977be61865d450520
SHA256

c9979f6a2d1a5ed65793f9da22bc84997c454f5aabda1c23ce3be2891e987f68
SHA512

0141a2f9a4e0e89f4413decd72754954dc0394ed1c0de19da9574071324e959d58a56990912d4cb76f2db31ef1b9d3e4fc1fc21be0ed163e0bf27fdcd85daa74
SSDEEP

24576:UgAkLhh3gcHibF+ADtddkcduSZR7AbiqtfFpD7l7:UgtLTgcHibF+etda6usR7Abiqt3N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b83d3ed131d0096fe0441800eb399f70.exe

Files

NEAS.b83d3ed131d0096fe0441800eb399f70.exe
.dll windows:4 windows x64

18e884d048ca4d228123658f524fbf94

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

libvlccore

access_vaDirectoryControlHelper
config_GetUserDir
input_item_AddInfo
net_Connect
var_Inherit
vlc_UrlClean
vlc_UrlParseFixup
vlc_credential_clean
vlc_credential_get
vlc_credential_init
vlc_credential_store
vlc_gettext
vlc_obj_calloc
vlc_object_Log
vlc_path2uri
vlc_readdir_helper_additem
vlc_readdir_helper_finish
vlc_readdir_helper_init
vlc_uri_decode_duplicate
vlc_uri_encode

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CancelIo
CloseHandle
CreateDirectoryA
CreateEventA
CreateFileA
CreateFileMappingA
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetACP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetFileSize
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetOverlappedResult
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetSystemTimeAsFileTime
GetTempPathA
GetThreadLocale
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
ReadFile
ResetEvent
SetEvent
SetFilePointerEx
SetHandleInformation
Sleep
SleepEx
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitNamedPipeA
WideCharToMultiByte
WriteFile

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_assert
_difftime64
_errno
_exit
_fstat64
_initterm
_lock
_lseeki64
_open_osfhandle
_time64
_unlock
_wassert
_wopen
abort
atoi
calloc
clock
fclose
feof
ferror
fflush
fgets
fopen
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
iscntrl
isspace
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
realloc
rewind
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strpbrk
strrchr
strspn
strstr
strtol
strtoul
vfprintf
wcslen
_write
_stricmp
_strdup
_setmode
_read
_open
_getpid
_fileno
_close
_access

user32

FindWindowA
GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation
SendMessageA

ws2_32

WSAGetLastError
__WSAFDIsSet
closesocket
getsockopt
ioctlsocket
recv
select
send

Exports

Exports

vlc_entry
vlc_entry_api_version
vlc_entry_copyright
vlc_entry_license

Sections

.text
Size: 899KB - Virtual size: 899KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 5KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 169B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

18e884d048ca4d228123658f524fbf94

Headers

DLL Characteristics

File Characteristics

Imports

libvlccore

advapi32

kernel32

msvcrt

user32

ws2_32

Exports

Exports

Sections

.text Size: 899KB - Virtual size: 899KB

.data Size: 17KB - Virtual size: 16KB

.rdata Size: 161KB - Virtual size: 160KB

.pdata Size: 31KB - Virtual size: 31KB

.xdata Size: 30KB - Virtual size: 30KB

.bss Size: - Virtual size: 5KB

.edata Size: 512B - Virtual size: 169B

.idata Size: 7KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 88B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 3KB - Virtual size: 3KB

/4 Size: 512B - Virtual size: 28B

.text
Size: 899KB - Virtual size: 899KB

.data
Size: 17KB - Virtual size: 16KB

.rdata
Size: 161KB - Virtual size: 160KB

.pdata
Size: 31KB - Virtual size: 31KB

.xdata
Size: 30KB - Virtual size: 30KB

.bss
Size: - Virtual size: 5KB

.edata
Size: 512B - Virtual size: 169B

.idata
Size: 7KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 88B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 3KB - Virtual size: 3KB

/4
Size: 512B - Virtual size: 28B