NEAS[.]886e32ae54922aee36382e5a1f862d30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.886e32ae54922aee36382e5a1f862d30.exe
Size

60KB
MD5

886e32ae54922aee36382e5a1f862d30
SHA1

e67d30d8bd54bde5a3f4d51f61f3429d1ca2e6f8
SHA256

5df96d8884fd05feab886bdb6cc308ba6c0bb77e195e1204b3b3be1b2168e5a6
SHA512

f5dc58386b3abeb45e0966709eb61f3c7bf376213a4bc56244892f95cc7be89b10a89ade1ca84c780262075f518185b3ed91940e19d55ce746018bdf5965d7b4
SSDEEP

768:r90GBoGDGd2GWdlwAjsRqp24HzJDTAeYWiGjluMt7GkZvWn:rSstid2G6wAARqVTJYeYWiQluMtSTn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.886e32ae54922aee36382e5a1f862d30.exe

Files

NEAS.886e32ae54922aee36382e5a1f862d30.exe
.dll regsvr32 windows:4 windows x86

3cd9c409830af80429bea28eceea1b22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetVersionExA
DisableThreadLibraryCalls
lstrlenA
MultiByteToWideChar
GetLastError
EnterCriticalSection
InitializeCriticalSection
OutputDebugStringA

user32

GetWindowRect
GetDesktopWindow
GetWindowLongA
SetWindowLongA
CreateDialogParamA
MoveWindow
InvalidateRect
ShowWindow
DestroyWindow
DefWindowProcA
wsprintfA
LoadStringA
LoadStringW
EnableWindow
MessageBoxA
GetDlgItem
SendMessageA

msvcrt

??2@YAPAXI@Z
??3@YAXPAX@Z
_purecall
__CxxFrameHandler

advapi32

RegDeleteKeyA
RegSetValueA
RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegEnumKeyExA
RegQueryValueExA
RegCreateKeyExA

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize

comctl32

PropertySheetA
ord17

winmm

timeGetTime

Exports

Exports

Configure
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3cd9c409830af80429bea28eceea1b22

Headers

File Characteristics

Imports

kernel32

user32

msvcrt

advapi32

ole32

comctl32

winmm

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 4KB - Virtual size: 3KB