NEAS[.]e10e908396b7d605c9c4f542cb899b90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e10e908396b7d605c9c4f542cb899b90.exe
Size

374KB
MD5

e10e908396b7d605c9c4f542cb899b90
SHA1

b0c752ef388c718f2885f05f0dd6e46d124d8c11
SHA256

234a68fb8df03a316975e38675df3ab3343ef28694c88e8864f8a794cb965f67
SHA512

000e1e9f1111ae504bdde57821d6bcd44c1259c762680e14bdb0ae3a3c345811e633ceb1eb83494a746cdfdf7e84debcc4c508894ae49ff8823bfb7a52776b68
SSDEEP

6144:KEtfir1a4o8X37y8ogOuKhmjACdaXUCQVGrX4BG7at4sf36ft3PiKOx/p4dcXpY8:Fqr1t3k7uKhn8aUScAatFP6lKddpac5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e10e908396b7d605c9c4f542cb899b90.exe

Files

NEAS.e10e908396b7d605c9c4f542cb899b90.exe
.exe windows:4 windows x86

78e4fa300a329a59990d08169c8651b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
EnterCriticalSection
IsBadReadPtr
CompareStringW
RtlUnwind
GetStringTypeW
CompareStringA
GetCurrentProcess
GetOEMCP
VirtualAlloc
IsValidLocale
InterlockedDecrement
HeapReAlloc
GetLastError
AddAtomW
GetFileType
GetACP
IsValidCodePage
GetModuleFileNameA
GetCommandLineA
GetStringTypeA
WriteFile
GetDateFormatA
GetStdHandle
VirtualProtect
LoadLibraryA
GetTickCount
GetSystemTimeAsFileTime
GetStartupInfoA
FreeEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
SetLastError
MultiByteToWideChar
ReadConsoleOutputW
LeaveCriticalSection
SetFilePointer
FreeEnvironmentStringsA
HeapAlloc
GetLocaleInfoW
HeapFree
FindNextFileA
UnhandledExceptionFilter
GetCurrentProcessId
CloseHandle
GetSystemInfo
VirtualFree
SetConsoleCtrlHandler
GetVersionExA
FlushFileBuffers
GetEnvironmentStrings
GetTimeFormatA
GetCPInfo
TlsFree
OutputDebugStringA
GetNumberFormatW
DebugBreak
TlsSetValue
TlsGetValue
TlsAlloc
RemoveDirectoryW
EnumSystemLocalesW
LCMapStringW
WideCharToMultiByte
WaitCommEvent
EnumSystemLocalesA
GetUserDefaultLCID
GetProcAddress
GetEnvironmentStringsW
GetLocaleInfoA
DeleteCriticalSection
InterlockedIncrement
InterlockedExchange
HeapDestroy
SetStdHandle
GetModuleFileNameW
VirtualQuery
SetHandleCount
SetEnvironmentVariableA
WriteConsoleOutputCharacterA
IsBadWritePtr
GetCurrentThreadId
HeapValidate
LockFileEx
TerminateProcess
GetCurrentThread
InitializeCriticalSection
GetPrivateProfileSectionNamesA
GetModuleHandleA
LCMapStringA
GetStartupInfoW
GetTimeZoneInformation
CreateMutexA
ExitProcess

wininet

InternetHangUp
InternetConfirmZoneCrossing
InternetSetCookieW
InternetQueryFortezzaStatus
GetUrlCacheConfigInfoA
HttpOpenRequestA
FtpOpenFileA
FindNextUrlCacheContainerW
InternetSetDialStateA
FtpPutFileA
InternetGetCookieA
ShowCertificate
InternetAttemptConnect
FindFirstUrlCacheGroup
GopherCreateLocatorW
IsUrlCacheEntryExpiredA
FtpCommandA

comdlg32

FindTextA
PrintDlgW
GetFileTitleW
ChooseFontA
LoadAlterBitmap

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

78e4fa300a329a59990d08169c8651b4

Headers

File Characteristics

Imports

kernel32

wininet

comdlg32

Sections

.text Size: 213KB - Virtual size: 213KB

.data Size: 147KB - Virtual size: 146KB

.rsrc Size: 12KB - Virtual size: 12KB

.text
Size: 213KB - Virtual size: 213KB

.data
Size: 147KB - Virtual size: 146KB

.rsrc
Size: 12KB - Virtual size: 12KB