NEAS[.]b3ff92dbb61534082eae79f86e241840[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b3ff92dbb61534082eae79f86e241840.exe
Size

164KB
MD5

b3ff92dbb61534082eae79f86e241840
SHA1

fe8ea1f28faf73c2e204344799889bc0a9e841c8
SHA256

1d124fbea018ce86866df24140b1e59884d3c91bf733f45d422effaa13bde48e
SHA512

a8f95ba1ba48ac8ef209cae0ab8b55af920ab2a1c13ed774141c80ccc43a61da529912331902670a3610a8954ba1412c4a90c12e656fb9efe3c9bd2f9ddd7a70
SSDEEP

3072:v35jAvnmzYU7xa8P5QnHQ2YzdZ2bhLTjMrqc7jYKOHIQd1Ueoaz0q7FSJzM:v3yvnmsO5sYz/SFMWuFEdWhlWSJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b3ff92dbb61534082eae79f86e241840.exe

Files

NEAS.b3ff92dbb61534082eae79f86e241840.exe
.exe windows:4 windows x86

b11394d56a7291a818dc4d78b5317fe6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memcpy
memmove
calloc
strncmp
atan

user32

FrameRect
GetMenuStringA
GetSysColorBrush
CheckMenuItem
IsChild
GetCursorPos
SetWindowTextA
GetSubMenu
GetSysColor
DrawFrameControl
GetPropA
FillRect
GetDesktopWindow
GetScrollPos
GetMenuItemID
RegisterClassA
GetMenuState
GetScrollRange
GetScrollInfo
CallWindowProcA
IsWindowVisible
GetFocus
GetWindowTextA
GetMessagePos
GetParent
DrawIcon
GetCursor
GetWindow
DrawTextA
GetMenuItemInfoA
GetIconInfo
GetKeyState
CreateMenu

version

GetFileVersionInfoSizeA

shell32

SHGetDesktopFolder

ole32

CoUninitialize

comdlg32

GetFileTitleA
FindTextA

kernel32

GetFileAttributesA
lstrlenA
FindFirstFileA
lstrcpynA
FindClose
GetEnvironmentStrings
GetSystemDefaultLangID
GetCurrentProcess
GetModuleHandleA
GetFullPathNameA
GetStringTypeA
HeapFree
GetVersion
GetOEMCP
GetStartupInfoA
LocalAlloc
EnterCriticalSection
LoadLibraryA
VirtualFree
GetThreadLocale
WaitForSingleObject
GetTickCount
SetLastError
LoadLibraryExA
DeleteCriticalSection
GetFileType
GetLastError
GetLocalTime
VirtualAlloc
GetACP
CompareStringA
LocalFree
GetVersionExA
GetCurrentThreadId
GetStdHandle
CreateThread
ExitProcess
GlobalFindAtomA
lstrcmpA
LockResource
GetCPInfo
CreateFileA
HeapAlloc
HeapDestroy
GetProcessHeap
GetCurrentProcessId
GlobalAddAtomA
GetModuleFileNameA
lstrcmpiA
GetCurrentThread
LocalReAlloc
SizeofResource
EnumCalendarInfoA
GetStringTypeW
SetHandleCount
GetUserDefaultLCID
CloseHandle
GlobalDeleteAtom
MulDiv
FindResourceA
VirtualQuery
CreateEventA
GetProcAddress
SetFilePointer
VirtualAllocEx

oleaut32

SysReAllocStringLen
VariantChangeType

gdi32

CopyEnhMetaFileA

Sections

CODE
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 111KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b11394d56a7291a818dc4d78b5317fe6

Headers

File Characteristics

Imports

msvcrt

user32

version

shell32

ole32

comdlg32

kernel32

oleaut32

gdi32

Sections

CODE Size: 47KB - Virtual size: 46KB

.rdata Size: 2KB - Virtual size: 1KB

.bss Size: 111KB - Virtual size: 198KB

INIT Size: 2KB - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 514B

CODE
Size: 47KB - Virtual size: 46KB

.rdata
Size: 2KB - Virtual size: 1KB

.bss
Size: 111KB - Virtual size: 198KB

INIT
Size: 2KB - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 514B