4e0b74243be53c9c553b731df38dd7e0_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

4e0b74243be53c9c553b731df38dd7e0_NEAS
Size

3.2MB
MD5

4e0b74243be53c9c553b731df38dd7e0
SHA1

1a7f42acdb7d07878c16e6ec8fed7df8c688c8ed
SHA256

4133d24e21233efafdc210f64e88016e640f01c972d0aca7b9f906445a738be8
SHA512

34d3681a00c67b94d408921c7140893d0be2e0303c1008df4d201b49d848d0bb7ecca45cf013abef0bc3fc9362cf0c9f8a9e03e78de92a3bee73bcc8fb1a6acf
SSDEEP

49152:w4ihB/lKF0lJTL6yelTiRJVL76l4/ef+81:bMJTLSyV1e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4e0b74243be53c9c553b731df38dd7e0_NEAS

Files

4e0b74243be53c9c553b731df38dd7e0_NEAS
.dll windows:6 windows x64 arch:x64

2eb8d798fd1231fa1f10d2f5aad29137

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\builds\build-sourcemod-msvc12\windows-1.11\OUTPUT\extensions\mysql\dbi.mysql.ext\windows-x86_64\dbi.mysql.ext.pdb

Imports

wsock32

getsockname
getpeername
shutdown
setsockopt
send
recv
htonl
WSAStartup
WSACleanup
select
__WSAFDIsSet
inet_ntoa
getservbyname
ntohs
socket
WSAGetLastError
closesocket
connect

secur32

InitializeSecurityContextW
CompleteAuthToken
FreeContextBuffer
AcquireCredentialsHandleA
DeleteSecurityContext
FreeCredentialsHandle

ws2_32

getaddrinfo
WSAIoctl
getnameinfo
freeaddrinfo

kernel32

HeapSize
GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
GetCPInfo
GetConsoleOutputCP
ReadConsoleW
GetConsoleMode
HeapReAlloc
LCMapStringW
CloseHandle
SetNamedPipeHandleState
WaitNamedPipeA
GetLastError
CreateFileA
UnmapViewOfFile
WaitForSingleObject
SetEvent
MapViewOfFile
OpenFileMappingA
OpenEventA
GetConsoleCP
CreateEventA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetFullPathNameA
FindClose
FindNextFileA
FindFirstFileA
EnterCriticalSection
LeaveCriticalSection
GetLocaleInfoA
FreeLibrary
DeleteCriticalSection
FormatMessageA
LoadLibraryExA
InitializeCriticalSection
QueryPerformanceCounter
GetSystemTimeAsFileTime
QueryPerformanceFrequency
TlsGetValue
TlsFree
TlsSetValue
GetCurrentThreadId
TlsAlloc
Sleep
GetOverlappedResult
CancelIo
ReadFile
WriteFile
PeekNamedPipe
DisconnectNamedPipe
WaitForMultipleObjects
GetFileAttributesExA
GetLogicalDrives
TryEnterCriticalSection
ResetEvent
SetFilePointerEx
SetEndOfFile
GetStdHandle
GetFileSizeEx
GetCurrentProcess
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeCriticalSectionEx
RtlUnwind
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
TerminateProcess
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
SetLastError
EncodePointer
InitializeCriticalSectionAndSpinCount
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetFileType
GetModuleFileNameW
WriteConsoleW
SetConsoleCtrlHandler
GetTimeZoneInformation
SetStdHandle
FindFirstFileExW
FindNextFileW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFullPathNameW
SetEnvironmentVariableW
GetCurrentDirectoryW
HeapFree
HeapAlloc
CompareStringW

advapi32

RegEnumValueA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetSMExtAPI

Sections

.text
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2.5MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2eb8d798fd1231fa1f10d2f5aad29137

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wsock32

secur32

ws2_32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 527KB - Virtual size: 527KB

.rdata Size: 156KB - Virtual size: 156KB

.data Size: 2.5MB - Virtual size: 2.9MB

.pdata Size: 31KB - Virtual size: 31KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 527KB - Virtual size: 527KB

.rdata
Size: 156KB - Virtual size: 156KB

.data
Size: 2.5MB - Virtual size: 2.9MB

.pdata
Size: 31KB - Virtual size: 31KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 12KB - Virtual size: 11KB