NEAS[.]228f57ea568dc06cb3f98825fc4fb0b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.228f57ea568dc06cb3f98825fc4fb0b0.exe
Size

72KB
MD5

228f57ea568dc06cb3f98825fc4fb0b0
SHA1

2b8565569d86bb7e1d881adfb2c484d2c91ef277
SHA256

fb7e03b40c6ec9a52b9ae40c25b4df47006463d3904855f1196064a0b560b433
SHA512

217e76450be287df47bc89f82dc5e9b93db920e394fb2ffb844b1e600d945d0b7522643a0caefa3606c06cb816715b5a53f59e31da66d632d7598444a6f8f314
SSDEEP

1536:CcJVqoMXBRope3ojn1CHsnkX1DjBTe52:FVleoupdTe52

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.228f57ea568dc06cb3f98825fc4fb0b0.exe

Files

NEAS.228f57ea568dc06cb3f98825fc4fb0b0.exe
.exe windows:4 windows x86

00cf45935f276c4c3fdb3b950b462d18

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegEnumKeyExA
RegDeleteKeyA

kernel32

GetLastError
DeleteFileA
CloseHandle
WriteFile
SetFilePointer
ReleaseMutex
CreateFileA
WaitForSingleObject
DeviceIoControl
FindClose
FindFirstFileA
Sleep
ReadFile
QueryDosDeviceA
ReleaseSemaphore
CreateThread
CreateSemaphoreA
CreateMutexA
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetSystemTimeAsFileTime
HeapAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetCommandLineA
GetVersionExA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
WideCharToMultiByte
GetTimeZoneInformation
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
LoadLibraryA
InitializeCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetCPInfo
GetConsoleCP
GetConsoleMode
GetACP
GetOEMCP
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
FlushFileBuffers

user32

LoadStringA
MessageBoxA
wsprintfA

nipplib

ord500
ord67
ord30
ord31
ord100
ord102
ord103
ord101
ord3

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00cf45935f276c4c3fdb3b950b462d18

Headers

File Characteristics

Imports

advapi32

kernel32

user32

nipplib

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 12KB - Virtual size: 10KB

.data Size: 4KB - Virtual size: 17KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 12KB - Virtual size: 10KB

.data
Size: 4KB - Virtual size: 17KB