NEAS[.]61d961cd28cfaf0aab222706d4b121a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.61d961cd28cfaf0aab222706d4b121a0.exe
Size

128KB
MD5

61d961cd28cfaf0aab222706d4b121a0
SHA1

649760219f586eca597ead3f9243fc16232fb6d6
SHA256

0f5a596c6259e9fd2ceba791345d77f059ad14083ce91977a9c56011c70b53ab
SHA512

939c838197ddc26084aee0d24a7c52e329a3fd1e22ff9a64481c9c0442a86d70d32fcfc53f1f3d53b878492a34643a5d507456254de76f7fbc1048afa91deb36
SSDEEP

3072:Vd77daeUmGpHW7sJ8bpuppIoQ89iDNTKmuKHi4WGiAlM:C3HMq0wpp3qDdKp0i4AAC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.61d961cd28cfaf0aab222706d4b121a0.exe

Files

NEAS.61d961cd28cfaf0aab222706d4b121a0.exe
.exe windows:4 windows x86

d9bff1bee47a0b3bd35fdeedcadcbeb9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

msvcrt

__getmainargs
_acmdln
__setusermatherr
__dllonexit
_controlfp
_except_handler3
__p__commode
exit
_XcptFilter
log
_initterm
__set_app_type
malloc
_adjust_fdiv
strpbrk
memmove
__p__fmode

kernel32

GetVersionExW
WriteConsoleA
LCMapStringA
GetVersion
GetCommandLineA
GetWindowsDirectoryA
IsDebuggerPresent
GetStartupInfoA
SetEnvironmentVariableA
GetModuleHandleA
GlobalFree
GetFileTime
SetFileAttributesA
lstrlenW
GlobalAlloc
GetPrivateProfileStringA
VirtualProtect
GetACP

user32

GetIconInfo
RedrawWindow
GetMessageA
DrawIconEx
GetClientRect
BeginPaint
IntersectRect
DrawFrameControl
GetMenuItemCount
GetClassInfoA

gdi32

SetBrushOrgEx
RectInRegion
EnumFontFamiliesExA
SetDIBits

comctl32

ImageList_SetDragCursorImage
ImageList_Create
ImageList_LoadImageW
ImageList_Remove
InitCommonControlsEx
ImageList_Draw
ImageList_Write
DestroyPropertySheetPage
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_Add

oleaut32

SafeArrayPutElement
SysStringLen
VariantCopy
SysFreeString
SafeArrayGetUBound
GetErrorInfo
SafeArrayRedim
SysAllocStringByteLen
SysReAllocStringLen

shell32

SHBrowseForFolderW
SHFileOperationW
SHCreateDirectoryExA
SHGetDesktopFolder
SHBindToParent
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA
ExtractIconExA
ExtractAssociatedIconW
SHGetFolderLocation
ShellExecuteExW
CommandLineToArgvW
DragQueryFile
SHAppBarMessage

ole32

OleGetClipboard
CoTaskMemAlloc
CoInitializeSecurity
CoCreateGuid
CoGetClassObject
OleSetMenuDescriptor
IIDFromString
CoRevokeClassObject
StgOpenStorage

advapi32

RegOpenKeyExA
RegEnumKeyA
LookupPrivilegeValueA
AllocateAndInitializeSid
RegOpenKeyW

version

VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 18KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d9bff1bee47a0b3bd35fdeedcadcbeb9

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

comctl32

oleaut32

shell32

ole32

advapi32

version

Sections

.text Size: 3KB - Virtual size: 2KB

.rdata Size: 14KB - Virtual size: 13KB

.data Size: 18KB - Virtual size: 42KB

.rsrc Size: 92KB - Virtual size: 160KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 14KB - Virtual size: 13KB

.data
Size: 18KB - Virtual size: 42KB

.rsrc
Size: 92KB - Virtual size: 160KB