c0044750debe4ecd595ec24a35dd0c20_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

c0044750debe4ecd595ec24a35dd0c20_NEAS
Size

552KB
MD5

c0044750debe4ecd595ec24a35dd0c20
SHA1

32dc5095f424e4b9386e78be21227b3ef70c508a
SHA256

0a767516c9deaae1af96e72716d831a4b85c70db3b6d3cb6553093c69cf79937
SHA512

07b14bea3916e5eb92c15fc6ff48870b2cb2b8c3de11e1480dd4e9defdf676e4f85b13f3b9e16ba586cff97308dcd45d67f99fb69be22e82d5de0e0ed5c02031
SSDEEP

12288:ryvmrqQTydC11gfTBJS+9iX8tKm267GMte2JUd2NEar3vkTz6:+e7TP1BUld26aMo2Sd2B3MTe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
c0044750debe4ecd595ec24a35dd0c20_NEAS

Files

c0044750debe4ecd595ec24a35dd0c20_NEAS
.exe windows:5 windows x86 arch:x86

c55f68a7822eab347ef4c97cef63628d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
accept
listen
gethostname
ioctlsocket
recvfrom
htonl
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
ntohl

libssh2

libssh2_session_init_ex
libssh2_knownhost_init
libssh2_knownhost_readfile
libssh2_session_set_blocking
libssh2_session_handshake
libssh2_userauth_list
libssh2_userauth_authenticated
libssh2_session_last_errno
libssh2_userauth_publickey_fromfile_ex
libssh2_session_last_error
libssh2_userauth_password_ex
libssh2_agent_init
libssh2_agent_connect
libssh2_agent_list_identities
libssh2_agent_userauth
libssh2_userauth_keyboard_interactive_ex
libssh2_sftp_init
libssh2_sftp_symlink_ex
libssh2_sftp_last_error
libssh2_sftp_stat_ex
libssh2_sftp_mkdir_ex
libssh2_sftp_rename_ex
libssh2_sftp_rmdir_ex
libssh2_sftp_unlink_ex
libssh2_sftp_open_ex
libssh2_sftp_seek64
libssh2_sftp_readdir_ex
libssh2_sftp_close_handle
libssh2_sftp_shutdown
libssh2_scp_send64
libssh2_scp_recv
libssh2_channel_send_eof
libssh2_channel_wait_eof
libssh2_channel_wait_closed
libssh2_channel_free
libssh2_session_disconnect_ex
libssh2_knownhost_free
libssh2_agent_disconnect
libssh2_agent_free
libssh2_session_free
libssh2_sftp_read
libssh2_sftp_write
libssh2_channel_read_ex
libssh2_channel_write_ex
libssh2_session_block_directions
libssh2_hostkey_hash
libssh2_session_hostkey
libssh2_knownhost_checkp
libssh2_knownhost_add
libssh2_knownhost_writefile
libssh2_version
libssh2_exit
libssh2_init
libssh2_agent_get_identity

libeay32

ord654
ord280
ord281
ord223
ord227
ord467
ord464
ord466
ord66
ord52
ord2431
ord78
ord95
ord657
ord1015
ord2291
ord3182
ord3212
ord2254
ord2201
ord254
ord224
ord2604
ord298
ord341
ord342
ord340
ord1
ord641
ord391
ord222
ord869
ord181
ord2442
ord188
ord1951
ord566
ord578
ord579
ord1216
ord2023
ord2075
ord1653
ord1654
ord1958
ord3173
ord2838
ord2844
ord2647
ord2971
ord2989
ord2593
ord3025
ord3048
ord2600
ord2454
ord653
ord7
ord3164
ord2598
ord2561
ord3020
ord656
ord151
ord120
ord421
ord544
ord2596
ord958
ord625
ord556
ord542
ord1180
ord543
ord18
ord248
ord979
ord680

ssleay32

ord5
ord48
ord126
ord49
ord75
ord24
ord30
ord222
ord17
ord235
ord183
ord74
ord76
ord8
ord86
ord96
ord58
ord78
ord31
ord180
ord60
ord45
ord164
ord87
ord108
ord77
ord242
ord61
ord43
ord157
ord127
ord130
ord110
ord116
ord12
ord243
ord6
ord15
ord141
ord21
ord90

wldap32

ord200
ord22
ord211
ord46
ord41
ord27
ord301
ord33
ord79
ord35
ord32
ord30
ord26
ord50
ord60
ord143

msvcr90

sscanf
isspace
strpbrk
strstr
strncpy
isdigit
_strtoi64
puts
printf
calloc
_utime64
fseek
_fstat64
setlocale
realloc
fgets
fread
strtod
isalnum
isprint
_stat64
memchr
strtok
strncmp
strtoul
sprintf
isxdigit
getenv
_getch
_strdup
_access
_mkdir
_fileno
_setmode
_write
_read
_strnicmp
_gmtime64
__sys_nerr
ftell
tolower
qsort
atoi
_beginthreadex
strspn
isupper
islower
isgraph
_amsg_exit
__getmainargs
_cexit
_isatty
_exit
_XcptFilter
exit
__initenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
fclose
__set_app_type
_crt_debugger_hook
?terminate@@YAXXZ
_unlock
__dllonexit
_close
_open
_stricmp
_lock
_onexit
_controlfp_s
_invoke_watson
_except_handler4_common
strerror
_get_osfhandle
_lseeki64
_errno
strtol
memset
isalpha
memcpy
malloc
free
strchr
memmove
fopen
fwrite
fputc
fflush
_time64
_localtime64
strrchr
__iob_func
fputs
strcspn
_decode_pointer

kernel32

SetEndOfFile
GetLastError
SearchPathA
ExpandEnvironmentStringsA
GetEnvironmentVariableA
GetModuleFileNameA
Sleep
GetTickCount
SetLastError
FormatMessageA
GetProcAddress
LoadLibraryA
VerifyVersionInfoA
VerSetConditionMask
FreeLibrary
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
SleepEx
CloseHandle
WaitForSingleObject
ReadFile
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
GetStdHandle
InterlockedExchange
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
GetCurrentProcess
TerminateProcess

Sections

.text
Size: 299KB - Virtual size: 298KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c55f68a7822eab347ef4c97cef63628d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

libssh2

libeay32

ssleay32

wldap32

msvcr90

kernel32

Sections

.text Size: 299KB - Virtual size: 298KB

.rdata Size: 250KB - Virtual size: 250KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 1000B

.text
Size: 299KB - Virtual size: 298KB

.rdata
Size: 250KB - Virtual size: 250KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1000B