NEAS[.]70b999871cc4213d29796b63399d5e60[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.70b999871cc4213d29796b63399d5e60.exe
Size

1.6MB
MD5

70b999871cc4213d29796b63399d5e60
SHA1

06fa45f1cb5b80f8445eb336299dbd1f3e90955e
SHA256

19f92eae11cf0ecf60eefc3202ecd5ad2337681b58b947a7f1fec62000958fca
SHA512

4d4dea0d3735e25713c1b86cad5631879443adf1733bf64d935e31379de590abcc8307802ab039465f76572ccda7102af981be8ad04a6bbd77c51d7873262741
SSDEEP

24576:dNUR+YHK4Wd45Uz/Ow/64qdLi6PljXdax+8LxctZB2ehG+eTTuccMnoSIxaJhPa+:YGUQhauctZVJMcaP0JryhFypnQe2u+5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.70b999871cc4213d29796b63399d5e60.exe

Files

NEAS.70b999871cc4213d29796b63399d5e60.exe
.exe windows:5 windows x86

9443b5e21b2fe513f5fcb0daedd3e94f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
recvfrom
ntohl
ioctlsocket
getsockopt
send
WSASetLastError
recv
accept
gethostbyaddr
gethostbyname
getservbyname
ntohs
bind
listen
htons
htonl
socket
setsockopt
connect
WSAStartup
WSACancelBlockingCall
WSACleanup
getsockname
WSAGetLastError
select
__WSAFDIsSet
shutdown
closesocket

gdi32

CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
DeleteDC
DeleteObject
GetBitmapBits
BitBlt
GetObjectA

advapi32

CryptSignHashA
ReportEventA
RegisterEventSourceA
CryptEnumProvidersA
CryptReleaseContext
CryptDestroyKey
CryptGetProvParam
CryptAcquireContextA
CryptDecrypt
CryptCreateHash
CryptSetHashParam
DeregisterEventSource
CryptDestroyHash
CryptExportKey
CryptGetUserKey

crypt32

CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertDuplicateCertificateContext
CertFreeCertificateContext

user32

MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW

kernel32

VirtualAlloc
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetFullPathNameA
GetCurrentDirectoryA
SetFilePointer
SetEndOfFile
GetProcessHeap
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
HeapSize
CreateFileW
GetModuleHandleA
VirtualFree
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
LCMapStringW
LCMapStringA
Sleep
CloseHandle
ExitProcess
GetLastError
CreateThread
DeleteFileA
MoveFileA
SystemTimeToFileTime
GetSystemTime
GetProcessTimes
OpenProcess
GetCurrentProcessId
GetVersion
FindClose
FindFirstFileA
ReadFile
GetStdHandle
WriteFile
SetLastError
MultiByteToWideChar
FlushConsoleInputBuffer
GetCurrentThreadId
GetProcAddress
GetFileType
GetTickCount
QueryPerformanceCounter
GlobalMemoryStatus
FreeLibrary
LoadLibraryA
GetVersionExA
FindNextFileA
WideCharToMultiByte
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteConsoleW
GetModuleFileNameW
GetFileAttributesA
GetModuleHandleW
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetConsoleCtrlHandler
HeapAlloc
HeapReAlloc
HeapFree
GetCommandLineA
GetTimeZoneInformation
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
SetFileAttributesA
CreateFileA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
DeleteCriticalSection
TerminateProcess
GetCurrentProcess
IsDebuggerPresent
SetStdHandle
GetConsoleCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RtlUnwind
LoadLibraryW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 329KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9443b5e21b2fe513f5fcb0daedd3e94f

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

gdi32

advapi32

crypt32

user32

kernel32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 329KB - Virtual size: 328KB

.data Size: 46KB - Virtual size: 68KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 329KB - Virtual size: 328KB

.data
Size: 46KB - Virtual size: 68KB