NEAS[.]83f0eec2054ddbaa60afd3b0011b2960[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.83f0eec2054ddbaa60afd3b0011b2960.exe
Size

165KB
MD5

83f0eec2054ddbaa60afd3b0011b2960
SHA1

34f34e3058859ba0ac2f096289e01815cbc60491
SHA256

c981a0e3b7c0ea4f5a850d7edbaa2828897bda67c99c6560a4b5c037f5eceff0
SHA512

d0da7d634828fe35822f4d67f36bd6555c1264bbdce4b3dfef68fe21c375db621bdd8e095cee7bdaf9b4bc93047408f77c13b72dcad4f8a136bd316dd4ce5121
SSDEEP

3072:EZRCqmyL3RbS8HGTV5JYCmoFHihpwlEIWXBJRQcqSES:ERhJCHpihpwORJ5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.83f0eec2054ddbaa60afd3b0011b2960.exe

Files

NEAS.83f0eec2054ddbaa60afd3b0011b2960.exe
.exe windows:10 windows x86

4378ab751681da98ab3b304461a9b42a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueA
RegDeleteKeyA
RegSetValueA
RegCloseKey
RegEnumKeyA
RegCreateKeyA
RegOpenKeyExA

kernel32

SetErrorMode
LocalAlloc
GetVersion
_lopen
_llseek
GetSystemInfo
IsDBCSLeadByte
GetWindowsDirectoryA
SetFileAttributesA
LocalSize
GlobalCompact
lstrcmpiA
ExitProcess
WinExec
LocalReAlloc
_lclose
GetDiskFreeSpaceExA
GetPrivateProfileIntA
GetPrivateProfileStringA
_lwrite
LocalUnlock
GetCurrentThreadId
LocalLock
GetModuleFileNameA
LocalFree
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
GetDriveTypeA
lstrlenA
OpenFile
_lread
GetTickCount
GetSystemTimeAsFileTime

gdi32

SetBkMode
GetTextExtentPointA

user32

GetSystemMetrics
PostMessageA
CharPrevA
LoadStringA
SetWindowPos
DestroyWindow
DispatchMessageA
GetMessageA
CharNextA
IsWindow
OemToCharBuffA
EndPaint
BeginPaint
UpdateWindow
FindWindowA
KillTimer
PeekMessageA
GetClientRect
CharUpperA
SendMessageA
ShowWindow
SetTimer
MessageBoxA
DrawTextA
TranslateMessage
CreateWindowExA
DefWindowProcA
RegisterClassA
CharToOemA

msvcrt

_access
rename
_chdir
atoi
_chdrive
strstr
strchr
remove
_splitpath_s
_XcptFilter
__p__commode
_amsg_exit
__getmainargs
__set_app_type
exit
_exit
_cexit
__p__fmode
_ismbblead
__setusermatherr
_initterm
_acmdln
?terminate@@YAXXZ
_controlfp
_except_handler4_common
fclose
fopen
toupper
_rmdir
malloc
_tempnam
free
_lseek
_stat
_chmod
_ltoa
_open
_write
_close
_unlink
_vsnprintf
_read
_mktemp
_itoa_s
_mkdir
memset

cabinet

ord23
ord22
ord20

lz32

LZCopy
LZClose
LZOpenFileA

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4378ab751681da98ab3b304461a9b42a

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

cabinet

lz32

Sections

.text Size: 16KB - Virtual size: 16KB

.data Size: 512B - Virtual size: 3KB

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 141KB - Virtual size: 141KB

.text
Size: 16KB - Virtual size: 16KB

.data
Size: 512B - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 141KB - Virtual size: 141KB