NEAS[.]a3338aaf710dd7932e7647d14e98f6d0[.]exe

General

Target

NEAS.a3338aaf710dd7932e7647d14e98f6d0.exe
Size

125KB
MD5

a3338aaf710dd7932e7647d14e98f6d0
SHA1

4015985b8a4dda8fa9b8c891c3893ecb39698c3e
SHA256

dc25b823802f4c53476182afd6814a3f73efe079a7cb2a0237c78888b8e44821
SHA512

2cbdec41e4d41decf4a4fe425635116c2a953a1b88f29f2cf52a9cfdffeea44588b189fc9551d868d74a717ed86e5ba67e8be88968c26ab447546e022ef85f65
SSDEEP

1536:WMbtEjiC8it3e1foU4s1RZ/0ey2n1o8vfNrFqPSekbOMr:FA8BfoUZbcejn1vvfNrQPdk66

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a3338aaf710dd7932e7647d14e98f6d0.exe

Files

NEAS.a3338aaf710dd7932e7647d14e98f6d0.exe
.exe windows:4 windows x86

fcaa04f88b04b9fbf2640d30cbef482c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
FindResourceA
CloseHandle
OutputDebugStringA
RemoveDirectoryA
DeleteFileA
LoadResource
CreateDirectoryA
GetTempPathA
GetModuleFileNameA
GetLastError
CreateEventA
LockResource
FreeResource
WaitForSingleObject
OutputDebugStringW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetEndOfFile
ReadFile
IsBadCodePtr
IsBadReadPtr
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
MultiByteToWideChar
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
RtlUnwind
RaiseException
HeapFree
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
WriteFile
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
SetFilePointer
FlushFileBuffers
SetUnhandledExceptionFilter
VirtualAlloc
IsBadWritePtr
SetStdHandle
CreateFileA
GetCPInfo

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shlwapi

PathAppendA
PathFileExistsA
PathAppendW

Sections

.text
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fcaa04f88b04b9fbf2640d30cbef482c

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 44KB - Virtual size: 40KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 60KB - Virtual size: 57KB

.text
Size: 44KB - Virtual size: 40KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 60KB - Virtual size: 57KB