8ea7323ae41508aab0b79ce6d504aea0_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

8ea7323ae41508aab0b79ce6d504aea0_NEAS
Size

216KB
MD5

8ea7323ae41508aab0b79ce6d504aea0
SHA1

72033c42397a72de7adbff5b785dffe1ac521e73
SHA256

2d7b0b8d30fc9c1fc3a1a93ccfbaccbd2460687189cc49935f50600e4af9022e
SHA512

775caae0e0968ea4e9ea4c95ff98fa07b961c3a70711e77fd4479aba6324c7acdf0730297f413898aac552cb29491b78049bfeaf3c143e59d62f8cb67c6e9bb0
SSDEEP

3072:LePb+WULBene/WjVetHNarXF6YrTSeb32phPQDLE+3eU0n4Z8vMrPJpR2mcKxNst:LN52AtarXNrT932phiEDmYKx79

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
8ea7323ae41508aab0b79ce6d504aea0_NEAS

Files

8ea7323ae41508aab0b79ce6d504aea0_NEAS
.dll windows:4 windows x86 arch:x86

0d8b41e126b9e1cebb13072068ea0baf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
VirtualProtectEx
VirtualQueryEx
WriteProcessMemory
ReadProcessMemory
VirtualProtect
VirtualQuery
ResumeThread
GetFileAttributesA
SearchPathA
LeaveCriticalSection
FlushFileBuffers
GetTimeFormatA
GetDateFormatA
GetLocalTime
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
GetLastError
CreateFileMappingA
OpenFileMappingA
GetSystemInfo
OpenProcess
IsBadCodePtr
CreateEventA
SetEvent
WaitForSingleObject
VirtualFree
VirtualAlloc
LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
GetStartupInfoA
GetCommandLineA
ExitProcess
UnhandledExceptionFilter
RtlUnwind
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
CreateFileA
WaitForMultipleObjects
TerminateThread
TerminateProcess
CloseHandle
SetThreadPriority
SetLastError
ReleaseMutex
ReadFile
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenEventW
OpenEventA
LoadLibraryExA
LoadLibraryW
IsBadWritePtr
GetTickCount
GetTempPathW
GetTempFileNameW
GetSystemDirectoryW
GetSystemDirectoryA
GetModuleHandleW
GetModuleFileNameW
GetFileAttributesW
GetExitCodeThread
GetCurrentThread
GetCurrentProcess
GetCurrentDirectoryW
GetCurrentDirectoryA
FormatMessageA
DuplicateHandle
DeleteFileW
CreateThread
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateFileW
CreateEventW
SetStdHandle
GetStringTypeW
SetFilePointer
lstrcatW
WriteFile
GetStringTypeA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcessId
IsBadReadPtr
GetProcessHeap
HeapAlloc
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
Sleep
InterlockedExchange
GetFileType
SetHandleCount
HeapSize
HeapFree
HeapReAlloc
LCMapStringA
LCMapStringW
GetOEMCP
GetCPInfo
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter

user32

GetThreadDesktop
GetKeyboardType
MessageBoxA
PeekMessageA
OpenInputDesktop
MsgWaitForMultipleObjects
DispatchMessageA
CloseDesktop
GetUserObjectInformationA

gdi32

GetDeviceCaps
AbortDoc

winspool.drv

DeviceCapabilitiesA
DeviceCapabilitiesW
ClosePrinter
GetPrinterDriverA
GetPrinterA
OpenPrinterA

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
IsValidSid
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA
RegSetValueExA
RegSetValueExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetKernelObjectSecurity

oleaut32

SysReAllocStringLen
SysFreeString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0d8b41e126b9e1cebb13072068ea0baf

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

oleaut32

Sections

.text Size: 72KB - Virtual size: 71KB

CODE Size: 96KB - Virtual size: 92KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 4KB - Virtual size: 52KB

DATA Size: 4KB - Virtual size: 3KB

BSS Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 12KB - Virtual size: 11KB

.text
Size: 72KB - Virtual size: 71KB

CODE
Size: 96KB - Virtual size: 92KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 4KB - Virtual size: 52KB

DATA
Size: 4KB - Virtual size: 3KB

BSS
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 12KB - Virtual size: 11KB