39b508f8b7e173f74a0c61102cb7f560_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

39b508f8b7e173f74a0c61102cb7f560_NEAS
Size

208KB
MD5

39b508f8b7e173f74a0c61102cb7f560
SHA1

7294d97effa23feb054d22ef79aecdf7f8b9ee4c
SHA256

68b941342f2a75912a600ebde4894670f2ed9b65fa9ff215d16c13f5e4e54d65
SHA512

2bfc2ecb07bcdb9803fb2d1d07962b64900dddf5587fe597f45f718b4a0e1cf1fad32d0ce3620e1c8832307b71c7a089712e098685536b12fdf3bda3b5dea5be
SSDEEP

384:3JeJPpYHGrBAnXb8JWk8zMtxS6yhqgHZNH9ruhiR:IPGiAnTk8zMy6ykgHZR9rjR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
39b508f8b7e173f74a0c61102cb7f560_NEAS

Files

39b508f8b7e173f74a0c61102cb7f560_NEAS
.dll windows:5 windows x86 arch:x86

263b1290e607071ff5affde2318948eb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

g:\Xunlei\Projects\xl_framework\vc9\3rd\minizip\Release\minizip.pdb

Imports

zlib1

deflateInit2_
deflateEnd
deflate
inflateInit2_
get_crc_table
inflateEnd
inflate
crc32

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
CloseHandle
CreateFileA
GetLastError
ReadFile
WriteFile
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
UnhandledExceptionFilter

msvcr90

fclose
ferror
malloc
free
_errno
strcpy
strlen
fseek
scanf
strcat
strncpy
memset
_chdir
_time64
rand
srand
memcpy
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
ftell
fwrite
fread
fopen
_mkdir
exit
strcmp

Exports

Exports

mini_unzip_dll
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetFilePos
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGetOffset
unzGoToFilePos
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzOpenCurrentFile3
unzOpenCurrentFilePassword
unzReadCurrentFile
unzSetOffset
unzStringFileNameCompare
unzeof
unztell
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpen2
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipOpenNewFileInZip3
zipWriteInFileInZip

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 664B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

263b1290e607071ff5affde2318948eb

Headers

File Characteristics

PDB Paths

Imports

zlib1

kernel32

msvcr90

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 3KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 872B

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 1024B - Virtual size: 664B

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 872B

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 1024B - Virtual size: 664B