NEAS[.]a203c3e95616c3e04889a14a66372950[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a203c3e95616c3e04889a14a66372950.exe
Size

422KB
MD5

a203c3e95616c3e04889a14a66372950
SHA1

a7eb7073a0408eeee5c27b24829980b2c4bdcc28
SHA256

b27205af64ffbc5efffdf572efec959a6946426f967fc8e7e56d8c5e5d31d0ff
SHA512

c6936709c60449dbffd05b3120b2a39d8ad8d0caff4845f20af4d8649d33d6e088714c6fbaade01d9b28a925e961df75a2680216177a3315a9d92c63c6ef5299
SSDEEP

6144:r0p3EUTSC+BdN8PBTqWw6z/Ta6qLqT8+i62RvgWq9SHQqokua/A:gGC6vmqCEhRYeHQqoy/A

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a203c3e95616c3e04889a14a66372950.exe

Files

NEAS.a203c3e95616c3e04889a14a66372950.exe
.dll windows:5 windows x64

a03eb4ffafd41e44f2e77c4a527af294

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

user32

GetClassNameA
GetWindowRect
GetParent
GetWindowInfo
GetWindowTextA
CreateWindowExA
GetDesktopWindow
SetWindowPos
ShowWindow
CreateWindowExW
SetWindowTextA
SetWindowTextW
MoveWindow

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

kernel32

SetStdHandle
CreateFileA
LoadLibraryW
GetConsoleMode
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetEndOfFile
GetProcessHeap
GetConsoleCP
VirtualFree
VirtualQuery
GetTickCount
GetCurrentThread
WaitNamedPipeW
WriteFile
Sleep
GetModuleFileNameW
CreateFileW
DisconnectNamedPipe
FlushFileBuffers
CreateDirectoryA
GetLastError
GetModuleFileNameA
GetModuleHandleA
CreateMutexA
OutputDebugStringA
CloseHandle
GetCurrentProcessId
CreateThread
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetCurrentProcess
SetLastError
GetModuleHandleW
VirtualProtect
VirtualAlloc
GetCurrentThreadId
ResumeThread
FlushInstructionCache
SetThreadContext
GetThreadContext
SuspendThread
VirtualProtectEx
VirtualQueryEx
HeapFree
HeapReAlloc
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
GetCPInfo
CompareStringW
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
ExitProcess
HeapSize
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
ReadFile
SetFilePointer
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoW

Sections

.text
Size: 312KB - Virtual size: 311KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a03eb4ffafd41e44f2e77c4a527af294

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

kernel32

Sections

.text Size: 312KB - Virtual size: 311KB

.rdata Size: 66KB - Virtual size: 66KB

.data Size: 10KB - Virtual size: 21KB

.pdata Size: 18KB - Virtual size: 18KB

.detourd Size: 512B - Virtual size: 24B

.detourc Size: 9KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 696B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 312KB - Virtual size: 311KB

.rdata
Size: 66KB - Virtual size: 66KB

.data
Size: 10KB - Virtual size: 21KB

.pdata
Size: 18KB - Virtual size: 18KB

.detourd
Size: 512B - Virtual size: 24B

.detourc
Size: 9KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 696B

.reloc
Size: 4KB - Virtual size: 3KB