NEAS[.]be4225a8ac7b765975e850d7930ea100[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.be4225a8ac7b765975e850d7930ea100.exe
Size

323KB
MD5

be4225a8ac7b765975e850d7930ea100
SHA1

c0c295582f3c0da673eae5e08a112c0360b85cd6
SHA256

5692cfe9c07b3faabbc78bc999ab9ea0c4b09cda28c8ab18d659073138b97099
SHA512

ece1d24121c9d3e8537ef1c64fb6cb2e3fc13b4c58b6d408a8ed5ae8d0f749f3efe2aeeb510165b9880469bece3ab099febe1481b8c2894cdad5f6271b5f4abc
SSDEEP

3072:s6iBAEG8zVfWCJL7xa78Tp0PDW8M1QGYV9XSgUUFPoYHBfp:WQRuA4l0Pq8kOV9XSYFQcp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.be4225a8ac7b765975e850d7930ea100.exe

Files

NEAS.be4225a8ac7b765975e850d7930ea100.exe
.dll windows:5 windows x86

128e6088c97bbdd7724db8fb0a3ee077

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenEventA
CreateMutexA
ReleaseMutex
CloseHandle
OpenFileMappingA
CreateFileA
SetFilePointer
GetCurrentProcess
GetTickCount
WriteFile
WideCharToMultiByte
GetFileAttributesA
MultiByteToWideChar
GetProcAddress
GetModuleHandleA
VirtualQuery
GetPrivateProfileIntA
CreateDirectoryA
GetLocalTime
GetModuleFileNameA
GetCurrentThreadId
OutputDebugStringA
GetCurrentProcessId
Sleep
SetLastError
LoadLibraryA
GetSystemInfo
GetVersionExA
GetCurrentThread
GetThreadContext
GetModuleHandleW
VirtualFree
SetThreadPriority
FlushInstructionCache
VirtualAlloc
VirtualProtectEx
OpenThread
GetThreadPriority
SuspendThread
ResumeThread
SetStdHandle
HeapReAlloc
GlobalFree
GetLastError
InitializeCriticalSection
GlobalAlloc
SetEvent
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
LCMapStringW
RtlUnwind
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
EncodePointer
DecodePointer
ExitThread
CreateThread
WriteConsoleW
GetFileType
GetStdHandle
GetModuleFileNameW
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
IsProcessorFeaturePresent
HeapSize
ExitProcess
LoadLibraryW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetStartupInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapCreate
HeapDestroy
FreeEnvironmentStringsW
CreateFileW

advapi32

AllocateAndInitializeSid
SetSecurityDescriptorDacl
GetLengthSid
FreeSid
AddAccessAllowedAce
InitializeAcl
InitializeSecurityDescriptor

ws2_32

inet_ntoa
ntohs
htons
getsockname
inet_addr

Exports

Exports

GetPlugProxy

Sections

.text
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

128e6088c97bbdd7724db8fb0a3ee077

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 125KB - Virtual size: 125KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 154KB - Virtual size: 163KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 12KB - Virtual size: 12KB

.text
Size: 125KB - Virtual size: 125KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 154KB - Virtual size: 163KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 12KB - Virtual size: 12KB