NEAS[.]7ac842e22c64eba87aae14e62daf7cf0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7ac842e22c64eba87aae14e62daf7cf0.exe
Size

3.7MB
MD5

7ac842e22c64eba87aae14e62daf7cf0
SHA1

57c2b7fba0cd147a953fd749cef192eb623951d8
SHA256

532ad273de0a50759c63e907bfb2ecb56ab5379bfcc58e15b5669afb6dada898
SHA512

7d943e271ce964d1cae0ed184dd566d98703a373f0f9d9f925c5f9219b025868da8380c40aa2084600561cbcda632f4fe4ec9c8ac323268c9c97175f8fe9c088
SSDEEP

98304:yqZbXqes6MP6OM/THedYsyciRNQwPzwgeZ:LbP1MFWTHkYsMRlz7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7ac842e22c64eba87aae14e62daf7cf0.exe

Files

NEAS.7ac842e22c64eba87aae14e62daf7cf0.exe
.exe windows:5 windows x86

2fd778b4315da8fdab19e93c824509e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

DocumentPropertiesW

comdlg32

ChooseColorW

comctl32

FlatSB_SetScrollInfo

shell32

SHGetSpecialFolderLocation

user32

CopyImage
CharUpperBuffW

version

GetFileVersionInfoSizeW

urlmon

URLDownloadToFileW

oleaut32

SafeArrayPutElement

netapi32

NetWkstaGetInfo

advapi32

RegSetValueExW
RegQueryValueExA
OpenSCManagerW
EnumServicesStatusExW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser

kernel32

GetVersion
GetVersionExW
LoadLibraryA
LocalAlloc
GetCurrentProcess
GetCurrentThread
LocalFree
GetModuleFileNameW
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
Sleep
ExitProcess
GetLastError
FreeLibrary
LoadLibraryA
GetModuleHandleA

shfolder

SHGetFolderPathW

ole32

IsEqualGUID

gdi32

Pie

ntdll

ZwQueryInformationProcess

wtsapi32

WTSSendMessageW

Exports

Exports

__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: - Virtual size: 5.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 108KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 292B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ML0
Size: - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ML1
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fd778b4315da8fdab19e93c824509e7

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

comdlg32

comctl32

shell32

user32

version

urlmon

oleaut32

netapi32

advapi32

msvcrt

winhttp

kernel32

shfolder

ole32

gdi32

ntdll

wtsapi32

Exports

Exports

Sections

.text Size: - Virtual size: 5.6MB

.itext Size: - Virtual size: 19KB

.data Size: - Virtual size: 69KB

.bss Size: - Virtual size: 108KB

.idata Size: - Virtual size: 16KB

.didata Size: - Virtual size: 6KB

.edata Size: - Virtual size: 112B

.tls Size: - Virtual size: 292B

.rdata Size: - Virtual size: 93B

.ML0 Size: - Virtual size: 2.3MB

.ML1 Size: 3.6MB - Virtual size: 3.6MB

.rsrc Size: 126KB - Virtual size: 125KB

.text
Size: - Virtual size: 5.6MB

.itext
Size: - Virtual size: 19KB

.data
Size: - Virtual size: 69KB

.bss
Size: - Virtual size: 108KB

.idata
Size: - Virtual size: 16KB

.didata
Size: - Virtual size: 6KB

.edata
Size: - Virtual size: 112B

.tls
Size: - Virtual size: 292B

.rdata
Size: - Virtual size: 93B

.ML0
Size: - Virtual size: 2.3MB

.ML1
Size: 3.6MB - Virtual size: 3.6MB

.rsrc
Size: 126KB - Virtual size: 125KB