58fa6344692f62e5087dd79ad2123900_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

58fa6344692f62e5087dd79ad2123900_NEAS
Size

494KB
MD5

58fa6344692f62e5087dd79ad2123900
SHA1

c36ff0dbe8ea70a5ae380ddceb6500db316dc932
SHA256

50f410312f186beee854690be807ba8f8cd8d4b00dbee6eda0f2466c7dbc6d52
SHA512

dfe580cb3c7e3aee3bc21acb9b60bb0a726091daedcb66635a0cdfe906cff50eee84f44540dac75a3fba38848925af5ed9321578c63c4c37a70fe9535b8f77ee
SSDEEP

12288:m5B+EuZjpITKS5YgvuYX8x8CLy79P90us7BHOlbyiV34xFh2IaQ+KEjGmcEi8/3S:m5IEuZjpITKS5YgvuYX8xms0lbyiV34f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
58fa6344692f62e5087dd79ad2123900_NEAS

Files

58fa6344692f62e5087dd79ad2123900_NEAS
.dll windows:4 windows x86 arch:x86

949733971ca9a23c06a595326a058852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AddAtomA
CreateSemaphoreA
DeleteCriticalSection
EnterCriticalSection
ExitProcess
FindAtomA
GetAtomNameA
GetLastError
InitializeCriticalSection
InterlockedDecrement
InterlockedExchange
InterlockedIncrement
IsDBCSLeadByteEx
LeaveCriticalSection
MultiByteToWideChar
ReleaseSemaphore
SetLastError
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte

msvcrt

_fdopen
_read
_strdup
_write
__dllonexit
__lc_codepage
__mb_cur_max
_assert
_ctype
_errno
_filelengthi64
_fstati64
_iob
_lseeki64
abort
fclose
fflush
fgetpos
fopen
fputc
fread
free
fsetpos
fwrite
getc
getenv
localeconv
malloc
memchr
memcpy
memmove
memset
putc
setlocale
setvbuf
strcmp
strcoll
strcpy
strftime
strlen
strtod
strxfrm
ungetc
wcslen

user32

GetDesktopWindow
MessageBoxA

wsock32

WSAStartup
connect
htons
inet_addr
recv
send
socket

Exports

Exports

XP3ArchiveAttractFilter_v2

Sections

.text
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

949733971ca9a23c06a595326a058852

Headers

File Characteristics

Imports

kernel32

msvcrt

user32

wsock32

Exports

Exports

Sections

.text Size: 259KB - Virtual size: 258KB

.data Size: 512B - Virtual size: 412B

.rdata Size: 11KB - Virtual size: 10KB

.bss Size: - Virtual size: 21KB

.edata Size: 512B - Virtual size: 88B

.idata Size: 2KB - Virtual size: 2KB

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 259KB - Virtual size: 258KB

.data
Size: 512B - Virtual size: 412B

.rdata
Size: 11KB - Virtual size: 10KB

.bss
Size: - Virtual size: 21KB

.edata
Size: 512B - Virtual size: 88B

.idata
Size: 2KB - Virtual size: 2KB

.reloc
Size: 9KB - Virtual size: 8KB