950363def3f51121fb518143b610e150_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

950363def3f51121fb518143b610e150_NEAS
Size

36KB
MD5

950363def3f51121fb518143b610e150
SHA1

942d3c6001768a3f90733cc6e624141e3b01bac4
SHA256

473de1a71baf5df4979275237ddf976158a172b0140ae342b3c7e9e7545da33f
SHA512

353b58dbd2326734bbecc6d9ac3b785c72ffe894b4aec54aa7e6669b850b708d55212ab9637b3c68175868d099c3fa8fff555ac8deb53cf45694f380054d25fc
SSDEEP

768:aZZLF/aFTm3Lcs81zLtwUr0+dRVSogWb2/QU70QGPL4vzZq2o9W7GsxBbPr:aZnyRaLcs81zLrr0+dRVSoi/JnGCq2iM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
950363def3f51121fb518143b610e150_NEAS

Files

950363def3f51121fb518143b610e150_NEAS
.exe windows:6 windows x86 arch:x86

38d2a3f850a0325bb911c94ba2a096ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\Win32\Release\idevicesyslog.pdb

Imports

kernel32

GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetStdHandle
Sleep
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetModuleHandleW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter

getopt

optarg_a
getopt_long_a

imobiledevice

syslog_relay_client_new
idevice_free
syslog_relay_start_capture_raw
idevice_set_debug_level
idevice_get_device_list_extended
idevice_new_with_options
idevice_event_unsubscribe
idevice_event_subscribe
lockdownd_client_new_with_handshake
idevice_device_list_extended_free
lockdownd_client_free
lockdownd_start_service
syslog_relay_client_free
lockdownd_service_descriptor_free

vcruntime140

_except_handler4_common
memset
__current_exception_context
__current_exception
strstr
strrchr
memcpy

api-ms-win-crt-stdio-l1-1-0

__p__commode
_set_fmode
fflush
__acrt_iob_func
_isatty
__stdio_common_vfprintf
fwrite

api-ms-win-crt-string-l1-1-0

_strdup
strncmp

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
malloc
free

api-ms-win-crt-runtime-l1-1-0

_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_initterm
_initterm_e
_seh_filter_exe
signal
_exit
exit
__p___argc
__p___argv
_cexit
_c_exit
_register_thread_local_exe_atexit_callback
_crt_atexit
terminate
_initialize_onexit_table
_register_onexit_function
_set_app_type
_controlfp_s

api-ms-win-crt-convert-l1-1-0

strtol

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

�I��uh
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

38d2a3f850a0325bb911c94ba2a096ae

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

getopt

imobiledevice

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 9KB - Virtual size: 8KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 512B - Virtual size: 1008B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 1KB - Virtual size: 1KB

�I���uh Size: 16KB - Virtual size: 20KB

.text
Size: 9KB - Virtual size: 8KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1008B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 1KB - Virtual size: 1KB

�I��uh
Size: 16KB - Virtual size: 20KB