NEAS[.]e18d2d819b987985276c21bab4632330[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.e18d2d819b987985276c21bab4632330.exe
Size

424KB
MD5

e18d2d819b987985276c21bab4632330
SHA1

2352e93079b638370f838a51d4e18653da14250e
SHA256

a2da27f3cb9cb763955df550f304b5823b1f927726fa011521b85e62d523a1db
SHA512

387218d7ee91f4de0a2ec25bdac97b6f14784db03e9585c179a3107b79b1ff3746b47c482342fc389c2be00d13e3aaaed6706e895c53a43623c9e5b9d6c9cdd2
SSDEEP

6144:KpSYj6e9loqp1Rd6r71NgCOfzOVBSe+FB9TBDxhEXb68:Yr+e9loC1v6XOEkhB9T1rEL68

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e18d2d819b987985276c21bab4632330.exe

Files

NEAS.e18d2d819b987985276c21bab4632330.exe
.exe windows:5 windows x86

7a9c86ad5b185cd4e07b1bd177f7a938

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcesses

kernel32

QueryDosDeviceW
GetVersionExW
CreateToolhelp32Snapshot
GetLastError
CloseHandle
WriteFile
GetTickCount
CreateFileW
SetFileAttributesW
CreateEventW
WaitForSingleObject
TerminateThread
SetEvent
lstrlenW
WritePrivateProfileStringW
GetCurrentDirectoryW
FindNextFileW
lstrcmpiW
FindFirstFileW
CopyFileW
GetModuleFileNameW
SetCurrentDirectoryW
DeleteFileW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
Sleep
TerminateProcess
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetPrivateProfileSectionW
GetCommandLineW
RtlUnwind
HeapFree
RaiseException
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
VirtualAlloc
HeapReAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
Process32FirstW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
SetFilePointer
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetTimeZoneInformation
CreateFileA
FlushFileBuffers
CompareStringA
CompareStringW
SetEnvironmentVariableA
LoadLibraryW
GetProcessHeap
GetFileSize
ReadFile
lstrlenA
GetLocalTime
GetFileSizeEx
GetShortPathNameW
GetFileTime
FindClose
CreateDirectoryW
RemoveDirectoryW
lstrcmpW
GetSystemDirectoryW
SetErrorMode
GetExitCodeProcess
Process32NextW
FreeEnvironmentStringsW

user32

TranslateMessage
IsDialogMessageW
GetMessageW
ShowWindow
CreateDialogParamW
PostQuitMessage
SetWindowTextW
GetDlgItem
WaitForInputIdle
MessageBoxW
DispatchMessageW
DestroyWindow
SendMessageW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteW

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 6KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7a9c86ad5b185cd4e07b1bd177f7a938

Headers

DLL Characteristics

File Characteristics

Imports

version

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 282KB - Virtual size: 282KB

.rdata Size: 49KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 89KB

.rsrc Size: 86KB - Virtual size: 88KB

.text
Size: 282KB - Virtual size: 282KB

.rdata
Size: 49KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 89KB

.rsrc
Size: 86KB - Virtual size: 88KB