NEAS[.]304f2bfd185a11a65557ea7a3e7415b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.304f2bfd185a11a65557ea7a3e7415b0.exe
Size

1020KB
MD5

304f2bfd185a11a65557ea7a3e7415b0
SHA1

16587a0f4e1ecf0013a484759b4094605e9abc77
SHA256

80e24ce0d0946198c5c56fae1ac8f4b223ec96ec108e7603659017c33d96b01b
SHA512

856290a04969c51a6eec1e6d44174cf5c5cf00de2a78f1dd7319f497a3fe23e7fffff7ec1e4b35f5591cabd03ace30866e4ff3ee4ef4fe524cf4de18c27df9a3
SSDEEP

12288:RoUYqwAg79HZnmr4d4nnNQYZTV1FZa49XEijfeq4vZX8Y1:6uwAgbnmrm4NRgKUueDl8Q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.304f2bfd185a11a65557ea7a3e7415b0.exe

Files

NEAS.304f2bfd185a11a65557ea7a3e7415b0.exe
.exe windows:4 windows x86

5ef438826adc5824d56306292b3547a1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

urlmon

CreateURLMoniker
RegisterBindStatusCallback

kernel32

LoadResource
FindResourceA
SizeofResource
MultiByteToWideChar
lstrlenA
MulDiv
GetThreadLocale
GetVersion
GetLocaleInfoA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
VirtualQuery
InterlockedExchange
LoadLibraryA
CreateFileA
FlushFileBuffers
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
LockResource
LCMapStringW
WideCharToMultiByte
LCMapStringA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsBadWritePtr
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetFilePointer
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcess
TerminateProcess
GetProcAddress
ReadFile
CloseHandle
GetLastError
GetVersionExA
GetModuleFileNameA
CopyFileA
BeginUpdateResourceA
DeleteFileA
UpdateResourceA
EndUpdateResourceA
GetOEMCP
SetEndOfFile
WriteFile
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
GetACP
GetStringTypeW
GetStringTypeA
GetSystemInfo
VirtualProtect
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
GetCPInfo

user32

SetWindowLongA
ReleaseDC
LoadAcceleratorsA
ShowWindow
UpdateWindow
GetMessageA
TranslateAcceleratorA
DispatchMessageA
TranslateMessage
GetWindowInfo
GetMenuBarInfo
SetWindowTextA
LoadIconA
RegisterClassA
CreateWindowExA
DestroyWindow
PostQuitMessage
FillRect
GetDC
GetWindowLongA
SetMenu
DefWindowProcA
SetWindowPos
GetDesktopWindow
InvalidateRect
DialogBoxParamA
GetMenu
CheckMenuItem
EnableMenuItem
IsDlgButtonChecked
GetDlgItemTextA
SetDlgItemTextA
CheckDlgButton
GetDlgItem
SetFocus
EndDialog
GetWindowRect
MoveWindow
CopyRect
GetClientRect
MessageBoxA

gdi32

GetStockObject
CreateSolidBrush
DeleteObject
GetObjectA
DPtoLP
GetMapMode
SetMapMode
LPtoDP
GetDeviceCaps

comdlg32

GetOpenFileNameA
GetSaveFileNameA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoGetMalloc

oleaut32

OleCreateFontIndirect
SysAllocString
VariantClear
VariantChangeType

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 956KB - Virtual size: 952KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5ef438826adc5824d56306292b3547a1

Headers

File Characteristics

Imports

urlmon

kernel32

user32

gdi32

comdlg32

ole32

oleaut32

Sections

.text Size: 44KB - Virtual size: 43KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 956KB - Virtual size: 952KB

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 956KB - Virtual size: 952KB