6afcd71d95b876a55a6a5e96bf6e6a60_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

6afcd71d95b876a55a6a5e96bf6e6a60_NEAS
Size

2.3MB
MD5

6afcd71d95b876a55a6a5e96bf6e6a60
SHA1

1db93d11b48647da1b230d4cff9995625cd5940b
SHA256

88838a2244963bffe918ec4209156a2a308c42f241db1949bf6d219997e3148b
SHA512

58132595b2d4801c7aa40990f65fb5b0e9fa37f4887ec347fcc84dc1bce9aadfce87d6e0d88f0c0d68c2e6af73e3d7b0783496b17b891a3124bc085d77ad3945
SSDEEP

49152:q8xlwaNOHI6okgd7SAD2b103k18Tp+8B/Y3Dmg27RnWGj:q8xlrNOwKb1038D527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
6afcd71d95b876a55a6a5e96bf6e6a60_NEAS

Files

6afcd71d95b876a55a6a5e96bf6e6a60_NEAS
.exe windows:5 windows x86 arch:x86

84423f4d61c24fb9e63b80494ec26f2c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BUILD_655005\BUILD\update\av_solution\release\installer.pdb

Imports

setupapi

SetupCloseInfFile
SetupInstallServicesFromInfSectionW
SetupOpenInfFileW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ntdll

VerSetConditionMask
RtlUnwind

kernel32

lstrlenW
SetEndOfFile
EncodePointer
GetCPInfo
IsDebuggerPresent
HeapReAlloc
CreateThread
ExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
AreFileApisANSI
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetStartupInfoW
FlushFileBuffers
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
VerifyVersionInfoW
GetFileAttributesExW
GetFullPathNameW
GetProcessHeap
HeapFree
HeapAlloc
ExpandEnvironmentStringsW
GetModuleFileNameW
OutputDebugStringW
FormatMessageA
GetSystemInfo
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetOverlappedResult
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentThread
GetExitCodeThread
CreateEventA
LoadLibraryExA
InterlockedExchange
ExitProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedIncrement
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
InterlockedDecrement
GetVersion
IsWow64Process
IsProcessorFeaturePresent
GetVersionExW
GetCurrentProcess
GetModuleHandleA
GetTickCount
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
MoveFileW
GetExitCodeProcess
SizeofResource
CopyFileW
OpenProcess
WaitForSingleObject
CreateProcessW
LoadResource
FindResourceW
GetDriveTypeW
CloseHandle
OpenEventW
FindNextFileW
CreateEventW
FindClose
Sleep
FindFirstFileW
GetLongPathNameW
GetModuleHandleW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
LoadLibraryExW
GetNativeSystemInfo
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
LocalAlloc
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary
GetModuleHandleExW

psapi

GetModuleFileNameExW

user32

wsprintfW
GetSystemMetrics

advapi32

RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EnumerateTraceGuids
StartTraceW
EnableTrace
ControlTraceW
QueryServiceConfigW
GetServiceDisplayNameW
ChangeServiceConfigW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessDeniedAceEx
FreeSid
AllocateAndInitializeSid
InitializeAcl
QueryServiceObjectSecurity
AddAccessAllowedAceEx
SetServiceObjectSecurity
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CopySid
GetTokenInformation
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegDeleteKeyA
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptImportKey
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptGetHashParam
CryptDeriveKey
CryptSetKeyParam
CryptDecrypt
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
TraceEvent

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHFileOperationW
ord165

shlwapi

SHDeleteKeyW
PathGetDriveNumberW
PathIsNetworkPathW
PathIsRelativeW

ole32

CoUninitialize
CoInitialize
CoTaskMemFree
CLSIDFromString
StringFromCLSID
CoCreateGuid
StringFromGUID2
CoCreateInstance

ws2_32

WSACleanup
closesocket
getsockopt
setsockopt
gethostname
ioctlsocket
send
gethostbyaddr
recv
WSASetLastError
__WSAFDIsSet
select
shutdown
WSAStringToAddressA
WSAStartup
getservbyname
inet_ntoa
gethostbyname
inet_addr
WSAEnumNetworkEvents
WSAGetLastError
connect
getservbyport
WSACreateEvent
WSACloseEvent
WSAEventSelect
ntohl
ntohs
htonl
htons
socket

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocString
VariantClear

wintrust

WinVerifyTrust

crypt32

CertNameToStrA
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CertSetCertificateContextProperty
CertGetNameStringA
CertFindChainInStore
CertOpenSystemStoreA
CertFreeCertificateContext
CertGetNameStringW
CryptQueryObject
CertGetIssuerCertificateFromStore
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CertCreateCertificateContext
CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
CryptMsgClose

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 656KB - Virtual size: 660KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84423f4d61c24fb9e63b80494ec26f2c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

rpcrt4

ntdll

kernel32

psapi

user32

advapi32

shell32

shlwapi

ole32

ws2_32

oleaut32

wintrust

crypt32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 274KB - Virtual size: 274KB

.data Size: 20KB - Virtual size: 47KB

.rsrc Size: 78KB - Virtual size: 77KB

.reloc Size: 656KB - Virtual size: 660KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 274KB - Virtual size: 274KB

.data
Size: 20KB - Virtual size: 47KB

.rsrc
Size: 78KB - Virtual size: 77KB

.reloc
Size: 656KB - Virtual size: 660KB