NEAS[.]a62a0a02b812e6b7f2da24b1169a95f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a62a0a02b812e6b7f2da24b1169a95f0.exe
Size

128KB
MD5

a62a0a02b812e6b7f2da24b1169a95f0
SHA1

8f3a5a5501865f572960f3ee4720041aef50a92d
SHA256

df74859a18ca5209eced2cc6450f8aa0b583cc76762476b6dcc3cfa14ebf7c9e
SHA512

a8efa388c746df2eb88e321d35d8de730a462a3085a290c787b4de89a700d21e06271fd0ce268f603bb582583ecf3f88ee64d708f46c670bc5a5c8e6a65a086e
SSDEEP

1536:ccGA/hhT1LfWGaWUU+WD8DxH417UzSej8KpuKDrfo14LD8NJBjlN+C90:cc/hhTBfWPWUCeS8jjD8NJ1l8k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a62a0a02b812e6b7f2da24b1169a95f0.exe

Files

NEAS.a62a0a02b812e6b7f2da24b1169a95f0.exe
.dll windows:4 windows x86

ba5e05ae9d3b25c1b8975eaa78761d52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetLastError
CreateThread
GetCurrentProcess
Module32Next
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
VirtualFreeEx
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LocalFree
VirtualProtect
IsBadReadPtr
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
GetThreadContext
SuspendThread
Sleep
ResumeThread
GetTickCount
SetThreadContext
WaitForSingleObject
VirtualFree
MultiByteToWideChar
RaiseException
InitializeCriticalSection
DeleteCriticalSection
VirtualQuery
GetSystemDirectoryA
ReadFile
CreateFileA
SetFileAttributesA
EnterCriticalSection
LeaveCriticalSection
TerminateThread
GetFileAttributesW
SetEndOfFile
SetStdHandle
IsBadCodePtr
UnhandledExceptionFilter
GetEnvironmentStringsW
CloseHandle
WideCharToMultiByte
FindResourceExA
FindResourceA
LoadResource
LockResource
SizeofResource
GetFileAttributesA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
LoadLibraryA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
SetFilePointer
FlushFileBuffers
WriteFile
TerminateProcess
IsBadWritePtr
HeapCreate
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
TlsGetValue
InterlockedDecrement
InterlockedIncrement
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
ExitProcess
RtlUnwind
GetSystemTimeAsFileTime
VirtualAlloc
GetSystemInfo
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
GetOEMCP
TlsAlloc
TlsFree
TlsSetValue

advapi32

GetNamedSecurityInfoA
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetNamedSecurityInfoA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shlwapi

PathIsDirectoryA

ws2_32

WSAStartup
htons
socket
setsockopt
sendto
WSACleanup
closesocket
recvfrom
inet_addr

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

InstallHook
UninstallHook

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_ShareMe
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 496B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ba5e05ae9d3b25c1b8975eaa78761d52

Headers

File Characteristics

Imports

kernel32

advapi32

shlwapi

ws2_32

version

Exports

Exports

Sections

.text Size: 80KB - Virtual size: 78KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 8KB - Virtual size: 12KB

_ShareMe Size: 4KB - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 496B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 80KB - Virtual size: 78KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 12KB

_ShareMe
Size: 4KB - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 496B

.reloc
Size: 12KB - Virtual size: 9KB