NEAS[.]5bef697a65151b70311ab7e1d3d86ca0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5bef697a65151b70311ab7e1d3d86ca0.exe
Size

156KB
MD5

5bef697a65151b70311ab7e1d3d86ca0
SHA1

adf6726f59b90cd770d622bc8a9373d512479da0
SHA256

736865e931545a5dc99b7d5a677209c84e2001cee2aadec87662e322cdce35ab
SHA512

f04f59843c2f45a4d8712ec91fc07a42f44eb7f9a69060cabc04b0b4afbbc225e03be81b49a3487eb0241a338922ff7386f3199f4d58748e9290a5242125b4b0
SSDEEP

3072:3s+1G0WRlivFnFB/VdK6Kvzwr0pUKlkvR9CJG9N+A8vKD7:35VBFBvywr0WWJMN+I

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5bef697a65151b70311ab7e1d3d86ca0.exe

Files

NEAS.5bef697a65151b70311ab7e1d3d86ca0.exe
.dll windows:1 windows x86

7327f1bf8cb9b52b1b4d08d69ce12ce7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

GetKBCodePage
ReleaseDC
LoadStringA
GetDC

kernel32

SetEvent
WaitForSingleObject
GetVersionExA
CreateThread
CreateEventA
ResetEvent
GetExitCodeThread
Sleep
ExitThread
GlobalUnlock
CloseHandle
GlobalAlloc
GlobalFree
GetLocalTime
GetLastError
MapViewOfFile
GlobalLock
WriteFile
GetSystemInfo
CreateFileA
GetTempPathA
DeleteFileA
UnmapViewOfFile
InterlockedExchange
CreateProcessA
GetStartupInfoA
GetModuleFileNameA
CreateFileMappingA
_lopen
_lread
_lwrite
_lclose
_llseek
FindClose
FindFirstFileA
FreeLibrary
GetProcAddress
LoadLibraryA
_lcreat
VirtualFree
VirtualAlloc
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
MoveFileA
GetEnvironmentStrings
GetCommandLineA
GetVersion
RtlUnwind
GetStdHandle
ExitProcess
GetACP
GetOEMCP
GetCPInfo
GetFileType

gdi32

CreateFontA
GetCharWidthA
SelectObject
SetMapMode
DeleteObject

Exports

Exports

FilterCleanup
FilterFrom
FilterGetDescriptor
FilterRun
GetWFWTempBlock
StartWFWConverter
StopWFWConverter
WEP
WFWFOEMalloc
WFWGetInfo
WFWfrom
WFWfromIFS
iGetWFWTempBlock
iStartWFWConverter
iStopWFWConverter
iWFWGetInfo
iWFWfrom
iWFWfromIFS
w4wf

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.packet
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7327f1bf8cb9b52b1b4d08d69ce12ce7

Headers

File Characteristics

Imports

user32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 131KB - Virtual size: 130KB

.bss Size: - Virtual size: 19KB

.rdata Size: 512B - Virtual size: 52B

.data Size: 13KB - Virtual size: 12KB

.idata Size: 2KB - Virtual size: 1KB

.edata Size: 512B - Virtual size: 486B

.rsrc Size: 512B - Virtual size: 408B

.packet Size: 8KB - Virtual size: 8KB

.text
Size: 131KB - Virtual size: 130KB

.bss
Size: - Virtual size: 19KB

.rdata
Size: 512B - Virtual size: 52B

.data
Size: 13KB - Virtual size: 12KB

.idata
Size: 2KB - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 486B

.rsrc
Size: 512B - Virtual size: 408B

.packet
Size: 8KB - Virtual size: 8KB