NEAS[.]c7f577264740d43c8aea2d0b3e661560[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c7f577264740d43c8aea2d0b3e661560.exe
Size

116KB
MD5

c7f577264740d43c8aea2d0b3e661560
SHA1

81b0ef88e1bbb86072db7679d3fd30fa9c521ff4
SHA256

5f07b98345a5445f296bcb6a7cd81d9c2e159b17b9a5b498e3ab922692cbf807
SHA512

35ab483a3705dda2a1cf3067215ca46e894cb490d6e82523d2b45f5dab80ed13f3228afdc3d1fd7f1ed4b5ace9077d400b531a12c32a4edf2f1bc4036c9021ad
SSDEEP

1536:SghRSODeUaR55TM6yAwh+MWIF5WSAdCpXMIj2dKLGFiOp/bN/NmlvtmgMbFuBiyb:SaSODedwvpXZziNSAg0FuBiyIltG+6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c7f577264740d43c8aea2d0b3e661560.exe

Files

NEAS.c7f577264740d43c8aea2d0b3e661560.exe
.dll regsvr32 windows:4 windows x86

e4e03e0c44a238547465c275ea9652d5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReleaseMutex
GetVersionExA
RaiseException
GetSystemInfo
VirtualProtect
HeapSize
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
InitializeCriticalSection
WaitForSingleObject
VirtualQuery
InterlockedExchange
RtlUnwind
LoadLibraryA
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetEndOfFile
SetStdHandle
LCMapStringW
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
CreateMutexA
CreateFileA
GetFileAttributesA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
FlushFileBuffers
GetOEMCP
GetACP
GlobalUnlock
GetModuleHandleA
GetModuleFileNameA
GetCommandLineA
CloseHandle
DeleteCriticalSection
GetStartupInfoA
SetHandleCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
SetFilePointer
ReadFile
GetFileType
HeapFree
HeapAlloc
GetCurrentProcess
TerminateProcess
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
ExitProcess
AllocConsole
GetStdHandle
WriteFile
GlobalLock
LCMapStringA

user32

DrawStateA
FillRect
DestroyIcon
LoadImageA
MessageBoxA
GetDC
GetSysColor
DrawTextA
CopyRect
SetMenuItemInfoA
InsertMenuA

gdi32

SelectObject
CreateSolidBrush
GetTextExtentPoint32A
DeleteObject
SetBkMode
SetTextColor

advapi32

RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA

shell32

ShellExecuteA

ole32

StringFromIID
CoTaskMemFree
ReleaseStgMedium

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4e03e0c44a238547465c275ea9652d5

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 28KB - Virtual size: 25KB

.data Size: 8KB - Virtual size: 11KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 28KB - Virtual size: 25KB

.data
Size: 8KB - Virtual size: 11KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 7KB