NEAS[.]66ca2db67bfbe8a0ae430506497f4890[.]exe

General

Target

NEAS.66ca2db67bfbe8a0ae430506497f4890.exe
Size

256KB
MD5

66ca2db67bfbe8a0ae430506497f4890
SHA1

fe538ee0df3eb98f1a6f2e9294e7d40932d8a1e0
SHA256

132a142c206435b77455ba622e91b22578c43d917125a4d0ee8bf9d57af5447c
SHA512

75208eb655653edc181398c34c68b1a1efecebc9d3e05166767210962575c974b1b5b2caf06367c8ac77ed44412e88fcc54abb24d4553e14d5b0d6cce62d429e
SSDEEP

3072:cN6XXgjMnTiv+MD+aCODy+bI+fZ8RXugWsjwf6OcbuGgSpgKhK:w6XXgvvRTpf6R3RpuGh2KM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.66ca2db67bfbe8a0ae430506497f4890.exe

Files

NEAS.66ca2db67bfbe8a0ae430506497f4890.exe
.dll regsvr32 windows:4 windows x86

dc7861a9c89025b959bd9442f66e7150

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memset
setlocale
memmove
wcsncmp
wcsncpy
_CIpow
memcpy
wcslen

kernel32

HeapCreate
HeapDestroy
GetModuleHandleW
UnregisterWait
CloseHandle
EnterCriticalSection
LeaveCriticalSection
HeapFree
TlsFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
TlsGetValue
HeapAlloc
GetCurrentProcess
GetCurrentThread
DuplicateHandle
RegisterWaitForSingleObject
TlsSetValue
WideCharToMultiByte
HeapReAlloc
MultiByteToWideChar

user32

CopyRect
CopyIcon
CharNextW
CopyImage
CharLowerW
CreateAcceleratorTableW
CreateCursor
CreateIcon
CountClipboardFormats
CharUpperW
ChildWindowFromPoint
CharPrevW
CreateCaret
CloseWindow
CheckMenuItem
CascadeWindows
CheckDlgButton
ChildWindowFromPointEx
CreateIconFromResource
CheckRadioButton

Exports

Exports

Bus256
Certificates64
Crouch64
DllInstall
DllRegisterServer
Easily16
Habits64
Into64
Kilometers64
Nephew128
Pitch_
Radio16
Rules8
Sectors8
Soon128
Sport8

Sections

.code
Size: 195KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 412B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc7861a9c89025b959bd9442f66e7150

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

Exports

Exports

Sections

.code Size: 195KB - Virtual size: 195KB

.text Size: 10KB - Virtual size: 9KB

.rdata Size: 512B - Virtual size: 412B

.data Size: 12KB - Virtual size: 12KB

.rsrc Size: 26KB - Virtual size: 25KB

.reloc Size: 11KB - Virtual size: 10KB

.code
Size: 195KB - Virtual size: 195KB

.text
Size: 10KB - Virtual size: 9KB

.rdata
Size: 512B - Virtual size: 412B

.data
Size: 12KB - Virtual size: 12KB

.rsrc
Size: 26KB - Virtual size: 25KB

.reloc
Size: 11KB - Virtual size: 10KB