NEAS[.]e0248bc000e1d6cad6ce6251401c5c30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e0248bc000e1d6cad6ce6251401c5c30.exe
Size

41KB
MD5

e0248bc000e1d6cad6ce6251401c5c30
SHA1

ad781fd2789f42884e342ab640d547c56112a23d
SHA256

2d56ce209c53cb7826865fe31a7c586758015a2d028b9a803209fdd9d59b52dc
SHA512

ef9d992bfd5ddb732014970e26f8bfc9b517b82040495dfa9c0559acfc7b2c852c4b8d211874dae85529431d1c995e5a78b008d8342a326dfaffd71e37ce4dd0
SSDEEP

768:rQhu35b1gHvNdWHFsTXkvdUD8/0MzoUMCYnEGLUVbYkm2:rHJ6HvNdWHFsTXOK5goHpoVbE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e0248bc000e1d6cad6ce6251401c5c30.exe

Files

NEAS.e0248bc000e1d6cad6ce6251401c5c30.exe
.exe windows:4 windows x86

d870a8bc6bd61740f9e767ef3ed982b6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetMessageA
GetWindowTextA
MessageBoxA
SetDlgItemTextA
OemToCharA
PeekMessageA
RegisterWindowMessageA
GetSysColor
RegisterClassA
LoadCursorA
LoadIconA
ShowWindow
IntersectRect
IsRectEmpty
GetDC
ReleaseDC
SetRectEmpty
BeginPaint
EndPaint
SetRect
CopyRect
IsDialogMessageA
TranslateMessage
DispatchMessageA
GetParent
GetDesktopWindow
GetWindowRect
GetClientRect
ScreenToClient
MoveWindow
InvalidateRect
CreateWindowExA
UpdateWindow
SetWindowTextA
wsprintfA
FindWindowA
IsWindowEnabled
DefWindowProcA
KillTimer
PostQuitMessage
PostMessageA
DestroyWindow
MessageBeep
SetTimer
SendMessageA
SetFocus
EnableWindow

gdi32

SelectObject
SetBkColor
SetTextColor
GetStockObject
Rectangle
CreateSolidBrush
CreateFontA
PatBlt
DeleteObject

patchw32

ord1

msvcrt

strrchr
strcoll
isalpha
isalnum
_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p__acmdln
exit
_XcptFilter
_exit
__doserrno
_fullpath
_getcwd
_findnext
_setjmp3
longjmp
isspace
memcpy
??3@YAXPAX@Z
strcpy
??2@YAPAXI@Z
strstr
strlen
strncpy
remove
strtok
strcat
strcmp
_access
atoi
_chmod
_stat
_purecall
sprintf
isdigit
ftell
_findclose
memset
memmove
toupper
tolower
strncat
fread
_findfirst
fopen
_fsopen
fclose
fwrite
fflush
fseek

kernel32

lstrlenA
OpenFile
WritePrivateProfileStringA
lstrcpyA
GetPrivateProfileStringA
GetFileAttributesA
GetModuleHandleA
GetStartupInfoA
GetTickCount
_lclose
WinExec

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d870a8bc6bd61740f9e767ef3ed982b6

Headers

File Characteristics

Imports

user32

gdi32

patchw32

msvcrt

kernel32

Sections

.text Size: 30KB - Virtual size: 30KB

.rdata Size: 1024B - Virtual size: 564B

.data Size: 1KB - Virtual size: 6KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 4KB - Virtual size: 4KB

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 1024B - Virtual size: 564B

.data
Size: 1KB - Virtual size: 6KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 4KB - Virtual size: 4KB