NEAS[.]5c1c48162d3c5f896c34ce8df860bc40[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5c1c48162d3c5f896c34ce8df860bc40.exe
Size

109KB
MD5

5c1c48162d3c5f896c34ce8df860bc40
SHA1

b323a97a886adc4fbd930305564abe737af72223
SHA256

2300add32e2cb6df1f6f6f5f1f79e6c6a575ff19c9b703af8fd885629901554c
SHA512

625c3306ad88577d5339f9bd8e1dc73fc1b2db3bee269c9a2e06cae541efd44e940cf9e5ecb4dea82085b5fad28a3349f8e17d6d7ce6da9a059ddc80734bd699
SSDEEP

3072:Mf2sgVxzgtYMgkwnmJQcY5vA0RDq3F3gJyiNXMv:Mf2D8zK0fYlATF3g8GX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5c1c48162d3c5f896c34ce8df860bc40.exe

Files

NEAS.5c1c48162d3c5f896c34ce8df860bc40.exe
.exe windows:4 windows x86

5b742b4a12037dfcea79b0a837cd7ab3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerInstallFileA

advapi32

RegEnumValueA
RegDeleteValueA

user32

LoadStringA
SendMessageA
MessageBoxA
OpenClipboard
PeekMessageW
RegisterClipboardFormatA
PostQuitMessage
SetActiveWindow
PeekMessageA
RemovePropA
RedrawWindow
ReleaseCapture
MapWindowPoints
RemoveMenu
LoadIconA
RegisterWindowMessageA
PostMessageA
PtInRect
MapVirtualKeyA
OemToCharA
OffsetRect
SendMessageW
LoadCursorA
ScrollWindow
LoadBitmapA
ReleaseDC
LoadKeyboardLayoutA
ScreenToClient
MessageBeep
RegisterClassA

gdi32

SetBkColor
GetObjectA
SetBkMode
SetTextColor
SaveDC
SelectPalette
CreateDIBitmap
GetDCOrgEx
CreatePenIndirect
RestoreDC

kernel32

LoadLibraryExA
GlobalDeleteAtom
GetDiskFreeSpaceA
SetEndOfFile
GetCurrentThreadId
FindResourceA
GetFullPathNameA
LoadLibraryA
GetProcessHeap
GetModuleHandleA
WideCharToMultiByte
ResetEvent
GetModuleHandleW
LockResource
lstrcmpA
lstrlenA
GetVersionExA
ExitProcess
SetErrorMode
lstrcatA
GetLocaleInfoA
ReadFile
GetStringTypeW
GlobalFindAtomA
GetACP
Sleep
EnumCalendarInfoA
IsBadHugeReadPtr
FindClose
GetUserDefaultLCID
GetCommandLineA
GetModuleFileNameA
SetEvent
lstrlenW
GetFileType
GetFileSize
MulDiv
GetLastError
GetDateFormatA
lstrcpyA
HeapAlloc
RaiseException
GetProcAddress
GetCPInfo
CloseHandle
ExitThread
GetSystemDefaultLangID
LocalAlloc
SetThreadLocale
CreateEventA
SetFilePointer
SizeofResource
DeleteFileA
GetCurrentProcessId
lstrcmpiA
IsBadReadPtr
GetCommandLineW
HeapDestroy
GlobalAddAtomA
VirtualAllocEx
WriteFile

msvcrt

cos
clock

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gdata
Size: 1024B - Virtual size: 883B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DATA
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.adata
Size: 512B - Virtual size: 306B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5b742b4a12037dfcea79b0a837cd7ab3

Headers

File Characteristics

Imports

version

advapi32

user32

gdi32

kernel32

msvcrt

Sections

.text Size: 43KB - Virtual size: 42KB

.rdata Size: 46KB - Virtual size: 45KB

.data Size: 8KB - Virtual size: 8KB

.gdata Size: 1024B - Virtual size: 883B

DATA Size: 8KB - Virtual size: 8KB

.adata Size: 512B - Virtual size: 306B

.rsrc Size: 1024B - Virtual size: 864B

.text
Size: 43KB - Virtual size: 42KB

.rdata
Size: 46KB - Virtual size: 45KB

.data
Size: 8KB - Virtual size: 8KB

.gdata
Size: 1024B - Virtual size: 883B

DATA
Size: 8KB - Virtual size: 8KB

.adata
Size: 512B - Virtual size: 306B

.rsrc
Size: 1024B - Virtual size: 864B