Neoblock Level 7[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Neoblock Level 7.rar
Size

28.8MB
MD5

5a5f04799ac77dbb3cb9c5bd29ed4f6e
SHA1

6377eb0da5634d91f59c1deef08bb9a1e602ce82
SHA256

f025b882d6b342cf9c546bfa6bf3d7b88a94e9e6d3b904c1ea0ade9116cde857
SHA512

dfe58240f6aad9484f7058014fa771fa76ab540cda45a0f916eb84af4d651638ceb61d9de28855034faaf8f24662a540755639060cd009047d5c9e3330fea7fa
SSDEEP

786432:Jn7cfXGPn0EjCseePzlpZlh1wAELc6J6HbAsHQXB5sH:J7qXqnRCv8zl5hxEfJ6HbZHmsH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Neoblock Level 7/neoblock level 7.exe

Files

Neoblock Level 7.rar
.rar
Neoblock Level 7/Neoblock.dll
.dll windows:10 windows x86 arch:x86

a1ad12429ac3fc23b307983d8611cef4

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:24

Not After

02/05/2020, 21:24

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:d8:a0:ff:fe:64:6e:a8:fa:ba:0f:61:e7:15:cd:b7:cb:3d:56:6a:d1:28:dc:ed:b7:ae:86:38:35:25:a1:3e
Signer

Actual PE Digest

91:d8:a0:ff:fe:64:6e:a8:fa:ba:0f:61:e7:15:cd:b7:cb:3d:56:6a:d1:28:dc:ed:b7:ae:86:38:35:25:a1:3e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

sqmapi.pdb

Imports

msvcrt

_unlock
_lock
__dllonexit
_onexit
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
memcpy_s
wcsrchr
_vsnwprintf
__CxxFrameHandler3
_callnewh
malloc
free
memset

advapi32

RegDeleteKeyW
RegEnumKeyW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW

kernel32

GetCurrentThreadId
ReleaseMutex
OutputDebugStringW
OpenSemaphoreW
HeapAlloc
CreateMutexExW
GetCurrentProcessId
GetProcessHeap
DebugBreak
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
WaitForSingleObject
GetModuleHandleExW
ReleaseSemaphore
HeapFree
CreateSemaphoreExW
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
FormatMessageW
DisableThreadLibraryCalls
SetLastError
GetLastError
GetCurrentProcess
CloseHandle
LocalFree
ExpandEnvironmentStringsW
FindFirstFileW
GetSystemTimeAsFileTime
FindNextFileW
FindClose
GetSystemDirectoryW
Sleep
CreateDirectoryW
GetTickCount
WaitForSingleObjectEx
DeleteFileW

ntdll

EtwTraceMessage

Exports

Exports

SqmAddToAverage
SqmAddToStream
SqmAddToStreamDWord
SqmAddToStreamDWord64
SqmAddToStreamString
SqmAddToStreamV
SqmCheckEscalationAddToStreamDWord
SqmCheckEscalationAddToStreamDWord64
SqmCheckEscalationAddToStreamString
SqmCheckEscalationSetDWord
SqmCheckEscalationSetDWord64
SqmCheckEscalationSetString
SqmCleanup
SqmClearFlags
SqmCreateNewId
SqmEndSession
SqmEndSessionEx
SqmFlushSession
SqmGetEnabled
SqmGetEscalationRuleStatus
SqmGetFlags
SqmGetInstrumentationProperty
SqmGetLastUploadTime
SqmGetMachineId
SqmGetSession
SqmGetSessionStartTime
SqmGetUserId
SqmIncrement
SqmIsNamespaceEnabled
SqmIsWindowsOptedIn
SqmLoadEscalationManifest
SqmReadSharedMachineId
SqmReadSharedUserId
SqmSet
SqmSetAppId
SqmSetAppVersion
SqmSetBits
SqmSetBool
SqmSetCurrentTimeAsUploadTime
SqmSetDWord64
SqmSetEnabled
SqmSetEscalationInfo
SqmSetFlags
SqmSetIfMax
SqmSetIfMin
SqmSetMachineId
SqmSetString
SqmSetUserId
SqmStartSession
SqmStartUpload
SqmStartUploadEx
SqmSysprepCleanup
SqmSysprepGeneralize
SqmTimerAccumulate
SqmTimerAddToAverage
SqmTimerRecord
SqmTimerStart
SqmUnattendedSetup
SqmUnloadEscalationManifest
SqmWaitForUploadComplete
SqmWriteSharedMachineId
SqmWriteSharedUserId

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Neoblock Level 7/READ ME.txt
Neoblock Level 7/neoblock level 7.exe
.exe windows:4 windows x86 arch:x86

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

malloc
memset
strcmp
strcpy
getenv
sprintf
fopen
fwrite
fclose
__argc
__argv
_environ
_XcptFilter
__set_app_type
_controlfp
__getmainargs
exit

shell32

ShellExecuteA

kernel32

SetUnhandledExceptionFilter

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59.9MB - Virtual size: 59.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a1ad12429ac3fc23b307983d8611cef4

Code Sign

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32Certificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

91:d8:a0:ff:fe:64:6e:a8:fa:ba:0f:61:e7:15:cd:b7:cb:3d:56:6a:d1:28:dc:ed:b7:ae:86:38:35:25:a1:3eSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

advapi32

kernel32

ntdll

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 23KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1KB - Virtual size: 1KB

a9c887a4f18a3fede2cc29ceea138ed3

Headers

File Characteristics

Imports

msvcrt

shell32

kernel32

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 59.9MB - Virtual size: 59.9MB

.bss Size: - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 776B

33:00:00:02:32:41:fb:59:99:6d:cc:4d:ff:00:00:00:00:02:32
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

91:d8:a0:ff:fe:64:6e:a8:fa:ba:0f:61:e7:15:cd:b7:cb:3d:56:6a:d1:28:dc:ed:b7:ae:86:38:35:25:a1:3e
Signer

.text
Size: 24KB - Virtual size: 23KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 59.9MB - Virtual size: 59.9MB

.bss
Size: - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 776B