5974f792ba1f46c69d0de9dc294701b0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

5974f792ba1f46c69d0de9dc294701b0_NEAS
Size

401KB
MD5

5974f792ba1f46c69d0de9dc294701b0
SHA1

d34726f540dd490c5d0c2d31e18935c43d238dc1
SHA256

af291107c834483da4c855dcca41888a908c422d845f5e3e24f34c98224e1862
SHA512

f3920464016163b9dc8f7add0ea27502e5337df3f5100e4dc6312444296c4c66e72b0f8d93e4f4fddeb37c746bfa1dcbf551580b368bfac5ac4e72fc1b89581b
SSDEEP

12288:Ky5s4n0QvBJWw2X0K7qEnq28F+oxBtFwZZ3BcB6Lr:Ky5s4nJ02EnsvzFoS6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5974f792ba1f46c69d0de9dc294701b0_NEAS

Files

5974f792ba1f46c69d0de9dc294701b0_NEAS
.dll windows:6 windows x86 arch:x86

75ef3a770fe2bc4c9f3ca89c6bcce151

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetACP
GetCurrentProcessId
GetCurrentProcess
InitializeSListHead
CloseHandle
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess

stk

?index@ObsoleteRegexp@@QBEIABVObsoleteString@@PAII@Z
??1?$UString@$0A@@ex@stk@@QAE@XZ
??0?$UString@$0A@@ex@stk@@QAE@PBDIABVEncoding@12@@Z
??0ObsoleteRegexp@@QAE@PBD@Z
??1?$PimplBase@VObsoleteRegexpImpl@@@detail@ex@stk@@IAE@XZ

msvcp140

?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?id@?$numpunct@D@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
_Getcvt
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getfalse@_Locinfo@std@@QBEPBDXZ
?_Gettrue@_Locinfo@std@@QBEPBDXZ
??Bid@locale@std@@QAEIXZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?classic@locale@std@@SAABV12@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z

vcruntime140

__std_exception_copy
__std_exception_destroy
_purecall
__vcrt_InitializeCriticalSectionEx
__std_type_info_destroy_list
memcpy
__CxxFrameHandler3
_CxxThrowException
memmove
strchr
memchr
_except_handler4_common
__std_terminate
memset

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_initterm
_initterm_e
_execute_onexit_table
_seh_filter_dll
_register_onexit_function
_configure_narrow_argv
_initialize_narrow_environment
exit
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

tolower
strncmp

api-ms-win-crt-convert-l1-1-0

_strtoui64
_strtoi64

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_callnewh

api-ms-win-crt-math-l1-1-0

_copysign
_libm_sse2_sqrt_precise
_libm_sse2_log_precise
_libm_sse2_log10_precise
_finite
_CIatan2
_libm_sse2_exp_precise
ceil
floor
_libm_sse2_pow_precise
_except1
ldexp
frexp
_isnan

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vfprintf
__acrt_iob_func

api-ms-win-crt-locale-l1-1-0

setlocale
_create_locale
_free_locale
localeconv

api-ms-win-crt-utility-l1-1-0

rand

Exports

Exports

FME_acceptSession
FME_apiVersion
FME_createFactory
FME_destroyFactory
FME_initialize

Sections

.text
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

75ef3a770fe2bc4c9f3ca89c6bcce151

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

stk

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 285KB - Virtual size: 284KB

.rdata Size: 54KB - Virtual size: 53KB

.data Size: 18KB - Virtual size: 182KB

.gfids Size: 512B - Virtual size: 72B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 16KB - Virtual size: 16KB

.reloc Size: 25KB - Virtual size: 25KB

.text
Size: 285KB - Virtual size: 284KB

.rdata
Size: 54KB - Virtual size: 53KB

.data
Size: 18KB - Virtual size: 182KB

.gfids
Size: 512B - Virtual size: 72B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 16KB - Virtual size: 16KB

.reloc
Size: 25KB - Virtual size: 25KB