NEAS[.]96c6ab6ffb087955910eae9ff790e950[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.96c6ab6ffb087955910eae9ff790e950.exe
Size

425KB
MD5

96c6ab6ffb087955910eae9ff790e950
SHA1

14d2d35018f6dfa0f57651ce44778ea3ff434f16
SHA256

8fc047aa8b28b2e6d5dbcb50ab65f8e4de0da50b2cccb6a649da360f37ad582a
SHA512

45e60a32b9d7d2965d1713c7f7c0753dbc5fef0aed78596e5ad0d8b68c4ba4d11a1343c6549e5e7ba56bf10c189f58cdb1dabfcd85e0fbed53a32b08fb65eea8
SSDEEP

12288:wVPIpjoRJFSDmIqh4WjB2qjjKyuo5kmgwa:aPIpjMqmIv+tuRmgZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.96c6ab6ffb087955910eae9ff790e950.exe

Files

NEAS.96c6ab6ffb087955910eae9ff790e950.exe
.dll windows:5 windows x64

f71834d2ec9fb22ad96311f5cfece3cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetTickCount
CreateEventW
GetLastError
CreateThread
SetEvent
Sleep
SetLastError
VirtualAlloc
VirtualFree
TerminateProcess
IsBadReadPtr
LoadLibraryA
GetProcAddress
FreeLibrary
GetNativeSystemInfo
HeapAlloc
GetProcessHeap
HeapFree
CloseHandle
VirtualProtect
WaitForSingleObject
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
WriteConsoleW
HeapSize
CreateFileW

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerW

Exports

Exports

ServiceHandler
ServiceMain
ServiceMainEx
WUServiceMain

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 283KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f71834d2ec9fb22ad96311f5cfece3cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 65KB - Virtual size: 65KB

.rdata Size: 67KB - Virtual size: 66KB

.data Size: 283KB - Virtual size: 289KB

.pdata Size: 4KB - Virtual size: 4KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 65KB - Virtual size: 65KB

.rdata
Size: 67KB - Virtual size: 66KB

.data
Size: 283KB - Virtual size: 289KB

.pdata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 2KB