NEAS[.]afcade81d15d41d8cc356808982e8ba0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.afcade81d15d41d8cc356808982e8ba0.exe
Size

132KB
MD5

afcade81d15d41d8cc356808982e8ba0
SHA1

a7ef5e9ef99b3378f3060f52b849825f4fcc5af9
SHA256

29efa2f0e37b2670d84c9f39f2c83f4845de0c43633b92b03607b270090eed2d
SHA512

ec8be7e7e3b08bdb43b45be7ca6040a3b0e5dc2ffa9cca21cb05c9f763a80522998e432ab47d1705735d68095c74cd31e09e08d365428eb3b4b5f235ac4a5130
SSDEEP

3072:VPDaW4OqfvK2+PvGOA++zPSPMgtxpH6Cy9KUTyqXghG+joaD4BUV8JVa:VnWK7ppyyqXglLcBc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.afcade81d15d41d8cc356808982e8ba0.exe

Files

NEAS.afcade81d15d41d8cc356808982e8ba0.exe
.exe windows:4 windows x86

9021431af78905255bfb613d6b2c9c82

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MapViewOfFile
OpenFileMappingA
ReleaseMutex
CreateMutexA
CreateFileMappingA
CreateFileA
GetTempPathA
UnmapViewOfFile
FlushViewOfFile
GetFileSize
ResumeThread
GetVersion
MultiByteToWideChar
LocalFree
lstrlenA
lstrcmpA
LocalAlloc
WideCharToMultiByte
GetModuleFileNameA
CloseHandle
SuspendThread
CreateThread
CreateEventA
LoadLibraryA
GetProcAddress
WaitForSingleObject
GetLastError
ExitThread
DeleteFileA
SetEvent
GetCommandLineA
GetCurrentProcess
SetEnvironmentVariableA
GetOEMCP
GetACP
SetEndOfFile
CompareStringW
CompareStringA
GetCPInfo
SetStdHandle
FlushFileBuffers
SetFilePointer
GetPrivateProfileStringA
GetPrivateProfileIntA
GetTickCount
ReadFile
WriteFile
DeviceIoControl
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
ExitProcess
TerminateProcess
RtlUnwind
GetCurrentProcessId
GetFileType
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
SetHandleCount
GetStdHandle
GetStringTypeW
UnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetEnvironmentStrings
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStringsW

advapi32

RegOpenKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
RegCloseKey
SetServiceStatus
RegisterEventSourceA
GetUserNameA
DeregisterEventSource
InitializeSecurityDescriptor
ReportEventA
RegOpenKeyA

wsock32

closesocket
getsockname
htons
bind
select
recvfrom
sendto
gethostname
__WSAFDIsSet

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.trdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9021431af78905255bfb613d6b2c9c82

Headers

File Characteristics

Imports

kernel32

advapi32

wsock32

Sections

.text Size: 92KB - Virtual size: 89KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 8KB - Virtual size: 20KB

.trdata Size: 20KB - Virtual size: 20KB

.text
Size: 92KB - Virtual size: 89KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 8KB - Virtual size: 20KB

.trdata
Size: 20KB - Virtual size: 20KB