NEAS[.]d7c4a786a5c2fb0900ab3e2c7bce4d90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d7c4a786a5c2fb0900ab3e2c7bce4d90.exe
Size

101KB
MD5

d7c4a786a5c2fb0900ab3e2c7bce4d90
SHA1

adf65c797b93e79ca029090f39467d7a17272588
SHA256

b0d009448e2f1769334a3d10673d4715de9a41ce65cb1a3e75456ccc65d0aeb2
SHA512

1a108b49f310ce37ab0f2436c6c45faf7cb6f0fb867c7d74fa30639ed12d991ce6c5294652bc4151becc0743fffa5e079f8c227450d377aa1da8d3ceb970265a
SSDEEP

1536:RLD8fpnncdWZj0bmOr7LfKeAJP+5FHZxks3H0jHkdVDG:1Ypn5ZjAvr7Lie0GX/H0KlG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d7c4a786a5c2fb0900ab3e2c7bce4d90.exe

Files

NEAS.d7c4a786a5c2fb0900ab3e2c7bce4d90.exe
.exe windows:5 windows x86

2ce75f2943023161505d4bb32eae82b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

nss3

PR_DestroyLock
PR_Lock
PR_ExitMonitor
PR_Unlock
PR_AssertCurrentThreadOwnsLock
PR_CallOnce
PR_GetThreadPrivate
PR_Assert
PR_WaitCondVar
PR_EnterMonitor
PR_dtoa
PR_Free
PR_SetCurrentThreadName
PR_snprintf
PR_Now
PR_IntervalNow
PR_GetCurrentThread
PR_smprintf_free
PR_Seek64
PR_smprintf
PR_NewThreadPrivateIndex
PR_NewLock
PR_sscanf
PR_FileDesc2NativeHandle
PR_AssertCurrentThreadInMonitor
PR_Wait
PR_SetThreadPrivate
PR_GetEnv

xul

NS_UTF16ToCString
NS_CStringGetMutableData
NS_StringCopy
NS_StringGetMutableData
NS_StringGetData
?outOfLineKind@GCCellPtr@JS@@ABE?AW4JSGCTraceKind@@XZ
?toScript@GCCellPtr@JS@@QBEPAVJSScript@@XZ
?toObject@GCCellPtr@JS@@QBEPAVJSObject@@XZ
?isScript@GCCellPtr@JS@@QBE_NXZ
?isObject@GCCellPtr@JS@@QBE_NXZ
??0GCCellPtr@JS@@QAE@ABVValue@1@@Z
??0GCCellPtr@JS@@QAE@PAVJSScript@@@Z
??0GCCellPtr@JS@@QAE@PAVJSString@@@Z
??0GCCellPtr@JS@@QAE@PAVJSFunction@@@Z
??0GCCellPtr@JS@@QAE@PAVJSObject@@@Z
??0GCCellPtr@JS@@QAE@PAXW4JSGCTraceKind@@@Z
?_external_GetObserverService@services@mozilla@@YG?AU?$already_AddRefed@VnsIObserverService@@@@XZ
NS_CStringCloneData
NS_CStringGetData
NS_Free
NS_GetComponentManager
NS_GetServiceManager
NS_CStringCopy
NS_CStringSetDataRange
NS_CStringSetData
NS_StringSetDataRange
NS_LogDtor
NS_LogCtor
NS_Alloc
NS_GetMemoryManager
NS_CStringToUTF16
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_CStringContainerInit
NS_StringContainerFinish
NS_StringContainerInit2
NS_StringContainerInit
NS_LogCOMPtrRelease
NS_LogCOMPtrAddRef
NS_LogRelease
NS_LogAddRef
NS_DebugBreak
NS_NewLocalFile
NS_ShutdownXPCOM
NS_InitXPCOM2

kernel32

ReadFile
DecodePointer
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
EncodePointer
CloseHandle
OutputDebugStringA
IsDebuggerPresent
SetFilePointerEx
SetEndOfFile
IsProcessorFeaturePresent
CreateFileW
WideCharToMultiByte
MultiByteToWideChar
VerifyVersionInfoA
SetThreadPriority
GetCurrentThread
VerSetConditionMask
GetCurrentProcess
TerminateProcess

msvcr120

printf
fseek
fread
fclose
wcstol
strtol
rand
wcspbrk
wcsncmp
wcschr
strpbrk
strncpy
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
_controlfp_s
_invoke_watson
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
strchr
_vsnprintf
_commode
_fmode
__initenv
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
_snprintf
_dup
_vscprintf
vfprintf
fputs
_fdopen
srand
memset
memcpy
memmove
_wfopen
memcmp
_hypot
exit
vprintf
putchar
fprintf
fflush
__iob_func
_purecall
ftell

mozglue

malloc
wcsdup
strdup
moz_xrealloc
moz_xmalloc
free
realloc

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2ce75f2943023161505d4bb32eae82b0

Headers

DLL Characteristics

File Characteristics

Imports

nss3

xul

kernel32

msvcr120

mozglue

Sections

.text Size: 75KB - Virtual size: 74KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 5KB

.text
Size: 75KB - Virtual size: 74KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB