327df9ddd0ca74fc4c71c4879e391be0_NEAS | Triage

Sharing

Copy URL Twitter E-mail

General

Target

327df9ddd0ca74fc4c71c4879e391be0_NEAS
Size

1.1MB
MD5

327df9ddd0ca74fc4c71c4879e391be0
SHA1

79ff08121694e9bba74f6dda712269c3e9b1f6b9
SHA256

a65216d87af41f48988d6b7d247e77e9ed43ca3f737eb56c11b8f3a16ac18157
SHA512

72fd83d3de2524622cf3e9fa975c14a578474451489ca800db0ed797d4612b0716622be77e95cf2828ecd4a0927d4c5e0ee03fe5e0566f58a51db65049bfb7ef
SSDEEP

24576:n8xUfKf1EARST2DSwzgeBgOQWnfTA3oHN0yWCCeXplLktlM5:n8xUfKf1EAshwzg2VQWbJHN0R8/LelM5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
327df9ddd0ca74fc4c71c4879e391be0_NEAS

Files

327df9ddd0ca74fc4c71c4879e391be0_NEAS
.dll windows:4 windows x86 arch:x86

d199cc285a0da176148791f03dd431e8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

U:\develop\global\Release\pdb\acextls.pdb

Imports

kernel32

GetModuleHandleA
GetProcAddress
GlobalAlloc
GlobalFree
ExitProcess

advapi32

RegCreateKeyA

gdi32

CreateCompatibleDC

user32

MessageBoxA

version

GetFileVersionInfoA

msvcr80

__dllonexit

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

stxt774
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

stxt371
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE