NEAS[.]aa9e8760e96e26c53c37a20e09388df0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.aa9e8760e96e26c53c37a20e09388df0.exe
Size

920KB
MD5

aa9e8760e96e26c53c37a20e09388df0
SHA1

9d33f9c02c54b1ba1ff427347abf094fb9df8a6b
SHA256

c4dd0266d1ef426bf64c6221a9bc5df3c69bebfb3e0120cd3144ebef2e41129b
SHA512

6fc42682aa3754baefcfd3aecb3901f6e032d21c58dde2c280741891290be9ba6d2afcdd2b9a9cff3d4d486beec54be58ddb38435560773b20f30a193a1aa93d
SSDEEP

12288:2lhEs8rsbRtRRfr81UVoaA2Qbd8BoEAY7Ggd12BE8rAQklv53OXjJfMy:2lhEs8rgRtPfrBuaYd7oN8r/MB3aFfMy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.aa9e8760e96e26c53c37a20e09388df0.exe

Files

NEAS.aa9e8760e96e26c53c37a20e09388df0.exe
.dll windows:4 windows x86

8536e1274fb6f686bba41f37063f89b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

php5ts

libiconv_open
libiconv
libiconv_close
vspprintf
_estrdup
virtual_getcwd
tsrm_mutex_free
tsrm_mutex_alloc
tsrm_mutex_lock
tsrm_mutex_unlock
compress
uncompress
_erealloc
_ecalloc
php_verror
virtual_stat
zend_hash_get_current_key_ex
virtual_realpath
add_next_index_long
_estrndup
_zend_list_find
zend_hash_index_find
convert_to_double
add_assoc_long_ex
_zend_list_delete
php_open_temporary_file
virtual_unlink
ts_resource_ex
php_write
php_check_open_basedir
core_globals_id
php_checkuid
virtual_fopen
multi_convert_to_long_ex
php_stream_stdio_ops
_php_stream_copy_to_mem
_php_stream_cast
zend_ini_long
php_sig_jpg
php_sig_png
php_sig_gif
zend_parse_parameters
convert_to_boolean
zend_register_resource
zend_fetch_resource
convert_to_array
zend_hash_num_elements
_safe_emalloc
zend_hash_internal_pointer_reset_ex
zend_hash_get_current_data_ex
convert_to_long
zend_hash_move_forward_ex
zend_get_parameters_ex
_emalloc
_zval_copy_ctor_func
_convert_to_string
_php_stream_open_wrapper_ex
_php_stream_read
_php_stream_eof
_php_stream_tell
_php_stream_seek
php_error_docref0
_php_stream_free
zend_list_insert
zend_wrong_param_count
_array_init
add_assoc_string_ex
add_assoc_bool_ex
inflateInit_
inflate
inflateEnd
crc32
inflateReset
deflate
deflateEnd
deflateInit2_
deflateReset
php_info_print_table_start
php_info_print_table_row
ap_php_snprintf
php_info_print_table_end
_efree
zend_register_list_destructors_ex
zend_register_ini_entries
zend_register_long_constant
zend_register_string_constant

user32

GetDesktopWindow
GetDC
GetClientRect
GetWindowRect
ReleaseDC
IsWindow

gdi32

SelectObject
DeleteObject
GetPixel
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
DeleteDC

kernel32

DisableThreadLibraryCalls
GetProcAddress
LoadLibraryA
FreeLibrary

msvcrt

_initterm
atof
fgetc
ungetc
atoi
toupper
bsearch
printf
time
vfprintf
calloc
strtod
_snprintf
abort
realloc
memmove
atol
strncpy
sprintf
_isctype
__mb_cur_max
_pctype
rewind
fgets
sscanf
_adjust_fdiv
putchar
getenv
_access
strtok
malloc
longjmp
_setjmp3
ftell
getc
putc
fwrite
strncmp
_iob
fprintf
exit
fopen
qsort
floor
ceil
_CIpow
_ftol
fseek
fread
_errno
strerror
fclose
free
fflush
_strdup
_stricmp
_fileno
_close
_read
_stat
_lseek
_open
strrchr

Exports

Exports

get_module
phpi_get_le_gd

Sections

.text
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8536e1274fb6f686bba41f37063f89b2

Headers

File Characteristics

Imports

php5ts

user32

gdi32

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 584KB - Virtual size: 581KB

.rdata Size: 184KB - Virtual size: 183KB

.data Size: 108KB - Virtual size: 194KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 33KB

.text
Size: 584KB - Virtual size: 581KB

.rdata
Size: 184KB - Virtual size: 183KB

.data
Size: 108KB - Virtual size: 194KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 33KB