771b2eac0d42bab90341eb9f10139fa0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

771b2eac0d42bab90341eb9f10139fa0_NEAS
Size

64KB
MD5

771b2eac0d42bab90341eb9f10139fa0
SHA1

ea620cdbeafc58783b146523748ba5e016fc582e
SHA256

eeb2a7fc3928ed6e48c5e732efd0152c1c70c0710ce8cfdeab70d32c2206dede
SHA512

67cd5788bc62b686a3b8a0c4a60eaffa87a2f0cc66ae817c76601d1f49acd6fa5220608ebbe712827eeae60035d268a04eced74fa70e165f15c90f38cfe2de2a
SSDEEP

768:v0mJF8U6hdPy+6FzW7oUzErUSEGy7GOgP:v1JF8duhFzW7o+ErUSEGyyOg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
771b2eac0d42bab90341eb9f10139fa0_NEAS

Files

771b2eac0d42bab90341eb9f10139fa0_NEAS
.exe windows:4 windows x86 arch:x86

bfd73a7a170d0fe078cf6ef3bc3e2d84

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\users\administrator\documents\visual studio 2005\projects\post_04_24\debug\post_04_24.pdb

Imports

kernel32

Sleep
GetModuleHandleW
GetCommandLineW
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
FreeLibrary
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
FatalAppExitA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
DebugBreak
RaiseException
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedExchange

mfc80ud

ord901
ord1577

msvcr80d

_except_handler4_common
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
?terminate@@YAXXZ
sprintf
memset
wprintf
strlen
strcat
__CxxFrameHandler3
??_V@YAXPAX@Z
_CRT_RTC_INITW
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
_CrtDbgReportW
_CrtSetCheckCount
__initenv
exit
_cexit
_XcptFilter
_exit
__getmainargs
_amsg_exit
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv

msvcp80d

?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?good@ios_base@std@@QBE_NXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?length@?$char_traits@D@std@@SAIPBD@Z
?width@ios_base@std@@QBEHXZ
?flags@ios_base@std@@QBEHXZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?eof@?$char_traits@D@std@@SAHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ

ws2_32

WSAGetLastError
recv
WSAStartup
send
htons
socket
connect
WSACleanup
gethostbyname

oleaut32

SysFreeString

Sections

.textbss
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bfd73a7a170d0fe078cf6ef3bc3e2d84

Headers

File Characteristics

PDB Paths

Imports

kernel32

mfc80ud

msvcr80d

msvcp80d

ws2_32

oleaut32

Sections

.textbss Size: - Virtual size: 64KB

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 1KB

.idata Size: 8KB - Virtual size: 4KB

.rsrc Size: 4KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 64KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 1KB

.idata
Size: 8KB - Virtual size: 4KB

.rsrc
Size: 4KB - Virtual size: 1KB