NEAS[.]784eee2c6f36531489ab75356c7c49a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.784eee2c6f36531489ab75356c7c49a0.exe
Size

309KB
MD5

784eee2c6f36531489ab75356c7c49a0
SHA1

e0523999a4b4f10e1e549f9068413f4628bc67bd
SHA256

3d84405edb31e5877422921ca766ecc3b28c7bc7dc5232e8886a7b19e92bb054
SHA512

3aeae4cf4845e9bde49f3fd86307b9281cb79bf5a366a7c1e307b330f07a795c92fdbd5aeb78a7629753e9d9d556242c16de44eae6e69ae7fc84717c5fcfe8ea
SSDEEP

6144:sv2tRVYUVpDOgUjXMFu8xoWkudxIakswq3sYqWQAKWQyCjHuK+DBYIw4xrutXsBS:5QMw8SLudxGswq3sYqLXvyVujraB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.784eee2c6f36531489ab75356c7c49a0.exe

Files

NEAS.784eee2c6f36531489ab75356c7c49a0.exe
.exe windows:6 windows x86

90ce9c227ceb3db0e7052f267207771a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_except_handler4_common
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
vswprintf_s
memset
_recalloc
malloc
wcsstr
memcpy_s
_invalid_parameter_noinfo_noreturn
__CxxFrameHandler3
wcsncat_s
wcsrchr
memcpy
_wcsnicmp
_CxxThrowException
free
wcsncpy_s
wcscpy_s
wcscat_s

kernel32

LocalAlloc
LoadLibraryA
FlsFree
FlsGetValue
FlsAlloc
GetCommandLineW
CloseHandle
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
Sleep
CreateThread
GetCurrentThreadId
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
lstrlenW
FreeLibrary
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
MultiByteToWideChar
QueryPerformanceCounter
GetProcessHeap
HeapSetInformation
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
VirtualProtect
WerRegisterMemoryBlock
HeapAlloc
HeapFree
InterlockedExchange
InterlockedCompareExchange
GetStartupInfoW
EncodePointer
DecodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleExW
TlsAlloc
GetCurrentProcess

advapi32

RegQueryValueExW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegGetValueW
ReportEventW
OpenProcessToken
GetSidSubAuthority
GetTokenInformation
RegEnumValueW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoInitialize
StringFromGUID2
CoInitializeSecurity
CoReleaseServerProcess
CoAddRefServerProcess
CoRevokeClassObject
CoRegisterClassObject
CoInitializeEx
CoUninitialize
CoTaskMemRealloc

oleaut32

VarUI4FromStr
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
SysStringLen
SysFreeString
SysAllocString

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 242KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90ce9c227ceb3db0e7052f267207771a

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

kernel32

advapi32

ole32

oleaut32

Sections

.text Size: 54KB - Virtual size: 54KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 10KB - Virtual size: 9KB

.reloc Size: 242KB - Virtual size: 244KB

.text
Size: 54KB - Virtual size: 54KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 10KB - Virtual size: 9KB

.reloc
Size: 242KB - Virtual size: 244KB