897bebd2aa580f895120e78aadc739a0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

897bebd2aa580f895120e78aadc739a0_NEAS
Size

133KB
MD5

897bebd2aa580f895120e78aadc739a0
SHA1

332375ce4d37d1ba54e73f0be919d156e07d5564
SHA256

96a1499d7122d366cace235637a785b0ad5b375f742c9ee64295df444dc412d6
SHA512

74ac08e9e563648b6ae154768062e21b477350f7adc87f1e0461b339e2a6fdb48753854c97b5cbc734019d308ee59528a61278d95c82491bcfe0d6b6d5aea7b2
SSDEEP

768:E6mlgl1Eq5UDjUBg7uGotKKmokStr9Ic4keOSZ8y9bmqleRCNBjmEN89/uR/af8s:csBPuuteQoBDNyG/HPBSloHFI75B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
897bebd2aa580f895120e78aadc739a0_NEAS

Files

897bebd2aa580f895120e78aadc739a0_NEAS
.exe windows:4 windows x86 arch:x86

90507d19b8271a4903d352d3465ab7af

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\Build\npLogCollector\npEfdsCtrlUnInst\release\npEfdsWCtrlUnInst.pdb

Imports

kernel32

GetProcessHeap
HeapFree
CreateFileW
WriteFile
CreateProcessW
SetThreadPriority
GetCurrentThread
SetPriorityClass
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetSystemInfo
Process32NextW
Sleep
Process32FirstW
CreateToolhelp32Snapshot
ProcessIdToSessionId
GetCurrentProcess
GetModuleFileNameW
FindClose
FindNextFileW
FindFirstFileW
SetLastError
CloseHandle
OpenProcess
SetFileAttributesW
FreeLibrary
GetProcAddress
GetLastError
LoadLibraryExW
SetErrorMode
GetSystemDirectoryW
LoadLibraryW
ResumeThread
DeleteFileW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
GetStartupInfoA
RaiseException
RtlUnwind
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapSize
ExitProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
SetFilePointer
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
GetStringTypeA
GetStringTypeW

user32

MessageBoxW

advapi32

RegEnumKeyExW
RegOpenKeyExW
FreeSid
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
RegDeleteKeyW
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

SHGetFolderPathW

ole32

OleUninitialize
OleInitialize

shlwapi

PathFileExistsW
PathAppendW
PathIsDirectoryW
PathRemoveFileSpecW

psapi

GetModuleBaseNameW

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90507d19b8271a4903d352d3465ab7af

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

shlwapi

psapi

Sections

.text Size: 68KB - Virtual size: 65KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 28KB - Virtual size: 25KB

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 28KB - Virtual size: 25KB