6ae921766e468fa8f380b7a994ea9130_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

6ae921766e468fa8f380b7a994ea9130_NEAS
Size

2.7MB
MD5

6ae921766e468fa8f380b7a994ea9130
SHA1

7334281a5ae67915d52ff10d4b7e0253741ea9f5
SHA256

2b6a5af29df6069e92f4009cb5cfb5e22a603eb6b51415ac9e5e65a1c945cd44
SHA512

c686f0669d806603a7b67d69ffd0baa5474256ad001dad5d318dd0e394897c9de0f21143236ff84b3c75b312c7e36a7b345c6f84d753173d01c50c1810a6da1c
SSDEEP

49152:YsHF7U8c85KiqrCIGt6qs5ngG902sd2ZYn8SWyqft/DUr9:YslA8c8AOy5n/90Jdd+yqfRD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6ae921766e468fa8f380b7a994ea9130_NEAS

Files

6ae921766e468fa8f380b7a994ea9130_NEAS
.exe windows:5 windows x86 arch:x86

8ef77407540a6991461254b8433b353a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\projects\vim-win32-installer\vim\src\vim.pdb

Imports

kernel32

GetSystemInfo
GlobalLock
LocalFree
FindVolumeClose
GetConsoleWindow
GetVolumePathNamesForVolumeNameW
FormatMessageA
IsBadReadPtr
FindNextVolumeW
GlobalUnlock
MulDiv
SetConsoleTitleW
VirtualQuery
FlushFileBuffers
GetModuleFileNameA
FillConsoleOutputCharacterA
SetConsoleCtrlHandler
SearchPathW
Process32First
SetHandleInformation
GetConsoleScreenBufferInfo
CreateNamedPipeA
SetConsoleTextAttribute
GetCommandLineW
GetFullPathNameW
GetCurrentProcess
SetConsoleScreenBufferSize
ScrollConsoleScreenBufferA
WriteConsoleA
WriteFile
SetConsoleMode
GetConsoleCursorInfo
AssignProcessToJobObject
GetNumberOfConsoleMouseButtons
TerminateProcess
WaitForMultipleObjects
SetConsoleWindowInfo
GetProcessId
CreatePipe
SetErrorMode
GetConsoleTitleW
WaitForSingleObject
ResumeThread
SetCurrentDirectoryA
SetFileAttributesW
CreateToolhelp32Snapshot
Sleep
GetFileInformationByHandle
GetLargestConsoleWindowSize
AttachConsole
GetModuleHandleA
ReadConsoleInputW
CreateFileA
ReadConsoleOutputW
LoadLibraryA
GetVersionExA
Process32Next
GetConsoleTitleA
GlobalFree
WriteConsoleOutputAttribute
FreeConsole
GetCurrentDirectoryW
FillConsoleOutputAttribute
SetCurrentDirectoryW
PeekConsoleInputW
CreateJobObjectA
GetComputerNameW
GetCurrentProcessId
GlobalMemoryStatusEx
CreateProcessW
GetFileType
InterlockedIncrement
TerminateJobObject
BackupRead
SetConsoleCursorPosition
BackupSeek
WriteConsoleInputA
GetEnvironmentStringsW
FreeEnvironmentStringsA
WriteConsoleOutputW
MoveFileW
GenerateConsoleCtrlEvent
ReadConsoleOutputAttribute
WriteConsoleOutputCharacterW
GetExitCodeProcess
GlobalSize
GlobalAlloc
GetModuleHandleW
GetStartupInfoA
CreateProcessA
ConnectNamedPipe
ReadFile
PeekNamedPipe
DisconnectNamedPipe
GetOverlappedResult
GetFileAttributesW
CreateFileW
SetConsoleTitleA
FindFirstVolumeW
GetVolumeInformationW
GetLocaleInfoA
GetTickCount
WriteConsoleW
GetConsoleMode
DecodePointer
HeapSize
GetConsoleCP
GetStdHandle
FreeLibrary
GetProcAddress
GetLastError
IsValidCodePage
GetACP
GetCPInfo
IsDBCSLeadByteEx
GetTempFileNameW
WideCharToMultiByte
DeleteFileW
MultiByteToWideChar
FindClose
GetShortPathNameA
GetTempPathW
FindNextFileW
FindFirstFileW
QueryPerformanceCounter
QueryPerformanceFrequency
DebugBreakProcess
CloseHandle
OpenProcess
GetLongPathNameW
SetConsoleCursorInfo
GetProcessHeap
FindFirstFileExW
SetEndOfFile
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FreeEnvironmentStringsW
GetOEMCP
HeapReAlloc
GetStringTypeW
HeapAlloc
HeapFree
GetCommandLineA
GetModuleFileNameW
DuplicateHandle
ReadConsoleW
SetStdHandle
GetFileAttributesExW
RemoveDirectoryW
CreateDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
VirtualProtect
VirtualAlloc
GetModuleHandleExW
ExitProcess
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
RtlUnwind
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException

advapi32

GetUserNameW
AdjustTokenPrivileges
GetAclInformation
OpenProcessToken
GetNamedSecurityInfoW
SetNamedSecurityInfoW
LookupPrivilegeValueA
GetAce

shell32

ExtractIconA
CommandLineToArgvW
ShellExecuteW

gdi32

SetTextColor
SetBkMode
CreateFontIndirectA
SetBkColor
GetTextExtentPoint32W
CreateDCA
GetTextMetricsA
CreateFontIndirectW
SetTextAlign
SetAbortProc
StartDocW
EndPage
TextOutW
GetDeviceCaps
EnumFontFamiliesW
EndDoc
StartPage
SelectObject
GetNearestColor
DeleteObject
DeleteDC

comdlg32

CommDlgExtendedError
PrintDlgW

ole32

CoUninitialize
CoCreateInstance
CoInitialize

netapi32

NetApiBufferFree
NetUserEnum

user32

MapVirtualKeyA
EnableWindow
ReleaseDC
SetForegroundWindow
GetParent
SetDlgItemInt
EnableMenuItem
GetDesktopWindow
SystemParametersInfoA
CreateDialogParamA
GetWindowDC
GetCaretBlinkTime
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
IsClipboardFormatAvailable
RegisterClipboardFormatA
GetSystemMetrics
MessageBeep
ToUnicode
CharLowerBuffA
GetSystemMenu
LoadImageA
GetWindowRect
DestroyWindow
SetWindowPos
EnumChildWindows
GetClassNameA
MsgWaitForMultipleObjects
wsprintfA
IsWindow
OffsetRect
GetDlgItemTextA
DispatchMessageW
IsDialogMessageW
CopyRect
PeekMessageW
GetWindowTextA
CharUpperBuffA
SetDlgItemTextW
SetWindowTextA
RegisterClassA
EnumWindows
DefWindowProcA
CreateWindowExA
BringWindowToTop
TranslateMessage
SendDlgItemMessageA
SendMessageA

winmm

mciSendStringW
PlaySoundA
mciSendStringA
mciGetDeviceIDA
PlaySoundW

wsock32

closesocket
gethostbyname
select
send
socket
__WSAFDIsSet
recv
htons
connect
WSAStartup
WSAGetLastError
inet_ntoa

Exports

Exports

scheme_external_get_thread_local_variables

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 276KB - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8ef77407540a6991461254b8433b353a

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

shell32

gdi32

comdlg32

ole32

netapi32

user32

winmm

wsock32

Exports

Exports

Sections

.text Size: 2.1MB - Virtual size: 2.1MB

.rdata Size: 97KB - Virtual size: 97KB

.data Size: 276KB - Virtual size: 322KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 232B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 157KB - Virtual size: 156KB

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 97KB - Virtual size: 97KB

.data
Size: 276KB - Virtual size: 322KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 232B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 157KB - Virtual size: 156KB