NEAS[.]dd02326202dc97d47685dc4825c80720[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.dd02326202dc97d47685dc4825c80720.exe
Size

38KB
MD5

dd02326202dc97d47685dc4825c80720
SHA1

f04cddc02e1cc56b3a0870a041fc8a4f6ab27b1d
SHA256

568f2ba226edea4948efc28d28032a5994d3331cf80e9b845e9f3fb96287a30e
SHA512

93034809b6e3e7df1037d9e1f673d08f001b91c4e9999d769ab0b24fe7d77faa5734adb23c28fc1b6e871be86c94298383095db65baddb69a155227ca8d05170
SSDEEP

768:UhR3i8y/NzqPF5ahnnOvo+RfQAzO2QBXxfbnfXHtOlad:U68+GtoOvRpQAbQf1Ola

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.dd02326202dc97d47685dc4825c80720.exe

Files

NEAS.dd02326202dc97d47685dc4825c80720.exe
.dll windows:5 windows x64

ddb460954bbe5d6e310a521ef8e90ef7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

qt5network

?flush@QAbstractSocket@@QEAA_NXZ
??1QUdpSocket@@UEAA@XZ
?waitForDisconnected@QAbstractSocket@@UEAA_NH@Z
?waitForConnected@QAbstractSocket@@UEAA_NH@Z
?socketOption@QAbstractSocket@@UEAA?AVQVariant@@W4SocketOption@1@@Z
?setSocketOption@QAbstractSocket@@UEAAXW4SocketOption@1@AEBVQVariant@@@Z
?setSocketDescriptor@QAbstractSocket@@UEAA_N_JW4SocketState@1@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?socketDescriptor@QAbstractSocket@@UEBA_JXZ
?setReadBufferSize@QAbstractSocket@@UEAAX_J@Z
?disconnectFromHost@QAbstractSocket@@UEAAXXZ
?connectToHost@QAbstractSocket@@UEAAXAEBVQString@@GV?$QFlags@W4OpenModeFlag@QIODevice@@@@W4NetworkLayerProtocol@1@@Z
?connectToHost@QAbstractSocket@@UEAAXAEBVQHostAddress@@GV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?resume@QAbstractSocket@@UEAAXXZ
?writeData@QAbstractSocket@@MEAA_JPEBD_J@Z
?readLineData@QAbstractSocket@@MEAA_JPEAD_J@Z
?readData@QAbstractSocket@@MEAA_JPEAD_J@Z
?waitForBytesWritten@QAbstractSocket@@UEAA_NH@Z
?waitForReadyRead@QAbstractSocket@@UEAA_NH@Z
?canReadLine@QAbstractSocket@@UEBA_NXZ
?bytesToWrite@QAbstractSocket@@UEBA_JXZ
?bytesAvailable@QAbstractSocket@@UEBA_JXZ
?atEnd@QAbstractSocket@@UEBA_NXZ
?close@QAbstractSocket@@UEAAXXZ
?isSequential@QAbstractSocket@@UEBA_NXZ
?qt_metacall@QUdpSocket@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?qt_metacast@QUdpSocket@@UEAAPEAXPEBD@Z
?metaObject@QUdpSocket@@UEBAPEBUQMetaObject@@XZ
??0QUdpSocket@@QEAA@PEAVQObject@@@Z
??0QHostAddress@@QEAA@AEBVQString@@@Z
??1QHostAddress@@QEAA@XZ

qt5core

??1QByteArray@@QEAA@XZ
?append@QByteArray@@QEAAAEAV1@AEBV1@@Z
??0QByteArray@@QEAA@AEBV0@@Z
??1QString@@QEAA@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
??0QString@@QEAA@AEBV0@@Z
?fromUtf8@QString@@SA?AV1@PEBDH@Z
??0QObject@@QEAA@PEAV0@@Z
?event@QObject@@UEAA_NPEAVQEvent@@@Z
?eventFilter@QObject@@UEAA_NPEAV1@PEAVQEvent@@@Z
?timerEvent@QObject@@MEAAXPEAVQTimerEvent@@@Z
?childEvent@QObject@@MEAAXPEAVQChildEvent@@@Z
?customEvent@QObject@@MEAAXPEAVQEvent@@@Z
?connectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
?disconnectNotify@QObject@@MEAAXAEBVQMetaMethod@@@Z
??1QObject@@UEAA@XZ
?number@QString@@SA?AV1@IH@Z
?toInt@QString@@QEBAHPEA_NH@Z
??0QString@@QEAA@AEBVQByteArray@@@Z
?mid@QByteArray@@QEBA?AV1@HH@Z
?toHex@QByteArray@@QEBA?AV1@XZ
??4QString@@QEAAAEAV0@AEBV0@@Z
?number@QString@@SA?AV1@HH@Z
??BQByteRef@@QEBADXZ
??AQByteArray@@QEAA?AVQByteRef@@H@Z
??0QByteArray@@QEAA@$$QEAV0@@Z
??8QString@@QEBA_NPEBD@Z
?mid@QString@@QEBA?AV1@HH@Z
?read@QIODevice@@QEAA?AVQByteArray@@_J@Z
??MQDateTime@@QEBA_NAEBV0@@Z
??1QDateTime@@QEAA@XZ
?addMSecs@QDateTime@@QEBA?AV1@_J@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
??0QByteArray@@QEAA@XZ
?write@QIODevice@@QEAA_JAEBVQByteArray@@@Z
?append@QByteArray@@QEAAAEAV1@D@Z
??9QByteRef@@QEBA_ND@Z
?dispose@QListData@@SAXPEAUData@1@@Z
??0QString@@QEAA@XZ
??0QByteArray@@QEAA@PEBDH@Z
?toInt@QByteArray@@QEBAHPEA_NH@Z
?append@QByteArray@@QEAAAEAV1@PEBD@Z
?open@QIODevice@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
?pos@QIODevice@@UEBA_JXZ
?size@QIODevice@@UEBA_JXZ
?seek@QIODevice@@UEAA_N_J@Z
?reset@QIODevice@@UEAA_NXZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
??4QByteRef@@QEAAAEAV0@D@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPEAU12@PEBVQObject@@@Z
?staticMetaObject@QIODevice@@2UQMetaObject@@B
?dynamicMetaObject@QObjectData@@QEBAPEAUQMetaObject@@XZ
?registerNormalizedType@QMetaType@@SAHAEBVQByteArray@@P6AXPEAX@ZP6APEAXPEBX@Z2P6APEAX13@ZHV?$QFlags@W4TypeFlag@QMetaType@@@@PEBUQMetaObject@@@Z
?reserve@QByteArray@@QEAAXH@Z
?className@QMetaObject@@QEBAPEBDXZ
?qt_metacast@QObject@@UEAAPEAXPEBD@Z
?activate@QMetaObject@@SAXPEAVQObject@@PEBU1@HPEAPEAX@Z
?qt_metacall@QObject@@UEAAHW4Call@QMetaObject@@HPEAPEAX@Z
?staticMetaObject@QObject@@2UQMetaObject@@B

msvcr100

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
_initterm
_malloc_crt
_onexit
_lock
__dllonexit
_unlock
__C_specific_handler
_CxxThrowException
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
__CxxFrameHandler3

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
DecodePointer
EncodePointer

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmetad
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 404B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ddb460954bbe5d6e310a521ef8e90ef7

Headers

DLL Characteristics

File Characteristics

Imports

qt5network

qt5core

msvcr100

kernel32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 16KB

.rdata Size: 17KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 552B

.pdata Size: 1024B - Virtual size: 996B

.qtmetad Size: 512B - Virtual size: 196B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 512B - Virtual size: 404B

.text
Size: 17KB - Virtual size: 16KB

.rdata
Size: 17KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 552B

.pdata
Size: 1024B - Virtual size: 996B

.qtmetad
Size: 512B - Virtual size: 196B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 512B - Virtual size: 404B