NEAS[.]9e65847adf06efce88754878dd134040[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9e65847adf06efce88754878dd134040.exe
Size

507KB
MD5

9e65847adf06efce88754878dd134040
SHA1

e50b18091400f976e67ea39abd32520d43577fc6
SHA256

4f4d0c8fe4252e4b5b5ba75f8dd0be4587f4c60b617d8664570208e3bf176de6
SHA512

1028d288596b2af504ad52f6ae5eb9805cd282b0aa5aa06f783371928592412dcbb476ebfba4aeec2976824e28ae70c09759f90687fbf5e97d9aea3558c8f6a1
SSDEEP

6144:ZbUQ5k47wufZGHzHmq54tcX8txlGih1B0wAwviCLluK+rHyz2ik0nIvYjMHLdLPi:ZbRk4lk1GtcX8Z8G+rHmhIvYjA9TwE5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9e65847adf06efce88754878dd134040.exe

Files

NEAS.9e65847adf06efce88754878dd134040.exe
.exe windows:6 windows x64

834a8f84fc8fa0c760bc21592de06106

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntdll

RtlVirtualUnwind
RtlPcToFileHeader
RtlNtStatusToDosError
NtWriteFile
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx

kernel32

EncodePointer
SetFilePointerEx
GetConsoleOutputCP
HeapAlloc
GetProcessHeap
HeapFree
HeapReAlloc
ReleaseSRWLockExclusive
CloseHandle
ReleaseMutex
ReleaseSRWLockShared
AddVectoredExceptionHandler
SetThreadStackGuarantee
GetLastError
GetCurrentThread
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
GetFullPathNameW
CreateFileW
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetCurrentProcess
GetProcAddress
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
GetCurrentProcessId
CreateMutexA
GetModuleHandleA
WaitForSingleObject
GetModuleHandleW
FormatMessageW
GetStdHandle
GetConsoleMode
MultiByteToWideChar
WriteConsoleW
FlushFileBuffers
HeapSize
LCMapStringW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RaiseException
CompareStringW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
WriteFile
GetModuleFileNameW
ExitProcess
TerminateProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetFileType
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

834a8f84fc8fa0c760bc21592de06106

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

kernel32

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 121KB - Virtual size: 121KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 15KB - Virtual size: 15KB

_RDATA Size: 512B - Virtual size: 244B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 121KB - Virtual size: 121KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 15KB - Virtual size: 15KB

_RDATA
Size: 512B - Virtual size: 244B

.reloc
Size: 3KB - Virtual size: 3KB