819ef0d5067e7102ce0252517339be10_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

819ef0d5067e7102ce0252517339be10_NEAS
Size

2.7MB
MD5

819ef0d5067e7102ce0252517339be10
SHA1

feeb29c1d3aee703aa470c1c889f6590b85c43b8
SHA256

177ed0bd644b7789d617780d1067a3ef5a96fdd56e1d8d477e409e16eadf7dc3
SHA512

4f0bf18a846ea59bf6ec25fee813cdaaf7d32c5c2c9e11d6065b6238e8e13657b7267f8fa58f6f3dd2cbfaf5e676c8c89aa67769714596c6e8a3b0b086e52a94
SSDEEP

49152:U8PjU+u0Vl+fTyRi6iyU5/oO0ncS3mVOTLneO07jMz4SDmg27RnWGj:zA/LoJ3znKM3D527BWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
819ef0d5067e7102ce0252517339be10_NEAS

Files

819ef0d5067e7102ce0252517339be10_NEAS
.exe windows:5 windows x64 arch:x64

fd2a15696a4d0c9fe9dbe0c56ea446cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\BUILD_655006\BUILD\update\av_solution\amd64rel\installer.pdb

Imports

setupapi

SetupOpenInfFileW
SetupCloseInfFile
SetupInstallServicesFromInfSectionW

rpcrt4

RpcStringFreeA
UuidCreate
UuidToStringA

ntdll

RtlUnwindEx
VerSetConditionMask
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader

kernel32

SetEndOfFile
EncodePointer
GetCPInfo
IsDebuggerPresent
HeapReAlloc
CreateThread
ExitThread
SetStdHandle
GetFileType
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
AreFileApisANSI
lstrlenW
GetModuleHandleExW
HeapSize
GetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetStartupInfoW
FlushFileBuffers
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEnvironmentVariableA
VerifyVersionInfoW
GetFileAttributesExW
GetFullPathNameW
GetCurrentProcess
GetProcessHeap
HeapFree
ExpandEnvironmentStringsW
HeapAlloc
GetModuleFileNameW
OutputDebugStringW
FormatMessageA
GetSystemInfo
GetVersionExA
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
GetOverlappedResult
WriteFile
CreateNamedPipeA
ConnectNamedPipe
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetSystemDirectoryA
LoadLibraryA
UnmapViewOfFile
CreateFileMappingA
MapViewOfFile
WaitForMultipleObjects
ResetEvent
SetEvent
GetCurrentThreadId
GetCurrentThread
GetExitCodeThread
CreateEventA
LoadLibraryExA
ExitProcess
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetFileSizeEx
MultiByteToWideChar
CreateFileW
ReadFile
GetVersion
IsProcessorFeaturePresent
GetVersionExW
GetModuleHandleA
GetTickCount
SetErrorMode
GetCommandLineW
GetCurrentProcessId
CreateToolhelp32Snapshot
Process32NextW
LockResource
Process32FirstW
MoveFileW
GetExitCodeProcess
SizeofResource
CopyFileW
OpenProcess
WaitForSingleObject
CreateProcessW
LoadResource
FindResourceW
GetDriveTypeW
CloseHandle
OpenEventW
FindNextFileW
CreateEventW
FindClose
Sleep
FindFirstFileW
GetLongPathNameW
GetModuleHandleW
DeleteFileW
WideCharToMultiByte
GetPrivateProfileStringW
LoadLibraryExW
GetNativeSystemInfo
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
LocalFree
DeleteCriticalSection
DecodePointer
LocalAlloc
GetProcAddress
GetLastError
RaiseException
InitializeCriticalSectionAndSpinCount
LoadLibraryW
FreeLibrary

psapi

GetModuleFileNameExW

user32

GetSystemMetrics
wsprintfW

advapi32

RegCloseKey
GetNamedSecurityInfoW
SetNamedSecurityInfoW
EnumerateTraceGuids
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyW
GetTraceEnableFlags
GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
RegisterTraceGuidsW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
StartTraceW
EnableTrace
ControlTraceW
QueryServiceConfigW
GetServiceDisplayNameW
ChangeServiceConfigW
ConvertSecurityDescriptorToStringSecurityDescriptorW
AddAccessDeniedAceEx
FreeSid
AllocateAndInitializeSid
InitializeAcl
QueryServiceObjectSecurity
AddAccessAllowedAceEx
SetServiceObjectSecurity
OpenThreadToken
OpenProcessToken
GetSecurityDescriptorDacl
AdjustTokenPrivileges
GetLengthSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupPrivilegeValueW
CopySid
GetTokenInformation
CryptExportKey
CryptGenKey
CryptGetKeyParam
CryptDestroyKey
CryptGenRandom
CryptReleaseContext
RegCreateKeyExA
RegDeleteKeyA
ImpersonateLoggedOnUser
RevertToSelf
CryptAcquireContextA
CryptImportKey
CryptDestroyHash
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDeriveKey
CryptSetKeyParam
CryptDecrypt
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegEnumValueW
ControlService
QueryServiceStatus
StartServiceW
ChangeServiceConfig2W
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
TraceEvent

shell32

SHFileOperationW
SHGetFolderPathW
ord165
SHCreateDirectoryExW

shlwapi

PathIsNetworkPathW
PathIsRelativeW
SHDeleteKeyW
PathGetDriveNumberW

ole32

StringFromCLSID
CoCreateGuid
CLSIDFromString
CoTaskMemFree
StringFromGUID2
CoCreateInstance
CoInitialize
CoUninitialize

ws2_32

gethostbyaddr
getservbyport
WSASetLastError
WSACleanup
closesocket
getsockopt
setsockopt
socket
ioctlsocket
send
recv
getservbyname
connect
WSACreateEvent
select
shutdown
WSACloseEvent
WSAEventSelect
ntohl
ntohs
htonl
htons
gethostname
WSAStringToAddressA
gethostbyname
inet_ntoa
WSAStartup
inet_addr
WSAEnumNetworkEvents
WSAGetLastError
__WSAFDIsSet

oleaut32

SysStringByteLen
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
VariantInit
SysAllocString
VariantClear

wintrust

WinVerifyTrust

crypt32

CryptVerifyMessageSignature
CertVerifySubjectCertificateContext
CertGetIssuerCertificateFromStore
CertNameToStrA
CertFreeCertificateChain
CertGetCertificateContextProperty
CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertSetCertificateContextProperty
CertGetNameStringA
CertFindChainInStore
CertOpenSystemStoreA
CertCreateCertificateContext
CryptQueryObject
CertGetNameStringW
CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 572KB - Virtual size: 576KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

fd2a15696a4d0c9fe9dbe0c56ea446cd

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

setupapi

rpcrt4

ntdll

kernel32

psapi

user32

advapi32

shell32

shlwapi

ole32

ws2_32

oleaut32

wintrust

crypt32

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 451KB - Virtual size: 450KB

.data Size: 32KB - Virtual size: 62KB

.pdata Size: 56KB - Virtual size: 55KB

.rsrc Size: 171KB - Virtual size: 170KB

.reloc Size: 572KB - Virtual size: 576KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 451KB - Virtual size: 450KB

.data
Size: 32KB - Virtual size: 62KB

.pdata
Size: 56KB - Virtual size: 55KB

.rsrc
Size: 171KB - Virtual size: 170KB

.reloc
Size: 572KB - Virtual size: 576KB