NEAS[.]c256d07d829a494b58e9c2d470cba6b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c256d07d829a494b58e9c2d470cba6b0.exe
Size

332KB
MD5

c256d07d829a494b58e9c2d470cba6b0
SHA1

335a38f2cacc550ab1319205ef6ff5e5ea27fcd2
SHA256

98bff3cf73b92eecd0fa550bb90a8ee8c7a13c6eda611516e6f1d1e9ad19421c
SHA512

a64c19481aff76cff413c6710b6bba8e094b817a3e2492087d1fe672f5d2e5fd25d875cf02654c6676b7c625a7712c97841f63aedb5f7e5baabed90da9e48d75
SSDEEP

6144:rCXU4RoPr8Bmi0yVEeEATblhbpHeEk0z9ihphV/a:t8owB3bEeEAHlhdHeEkXh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c256d07d829a494b58e9c2d470cba6b0.exe

Files

NEAS.c256d07d829a494b58e9c2d470cba6b0.exe
.dll windows:5 windows x86

1053478c3502420e342022181930c8cc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapCreate
MulDiv
CloseHandle
DeleteFileW
CreateFileW
WriteFile
ReadFile
GetTempFileNameW
MoveFileExW
CreateDirectoryW
FreeLibrary
GetProcAddress
LoadLibraryW
WideCharToMultiByte
HeapFree
InterlockedIncrement
InterlockedDecrement
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
SetErrorMode
MultiByteToWideChar
GetFileSize
HeapDestroy
MapViewOfFile
CreateFileMappingW
GetFileAttributesW
GetModuleHandleA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetLocaleInfoW
GetFileAttributesExW
GetSystemDefaultLCID
GetFileTime
CompareFileTime
CopyFileW
lstrlenW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
SetLastError
LocalAlloc
HeapAlloc
UnmapViewOfFile
LocalFree
LoadLibraryExW

msvcrt

_adjust_fdiv
_initterm
free
strncpy
wcsncpy
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
_stricmp
wcsrchr
memmove
_vsnwprintf
wcscmp
wcslen
qsort
_wcsicmp
malloc
strncmp
_wtol
iswctype
_strnicmp
isspace

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

user32

LoadCursorW
GetDlgItemTextW
WinHelpW
SendDlgItemMessageW
MessageBeep
MessageBoxW
LoadStringW
CheckRadioButton
ShowWindow
GetDlgItem
SetDlgItemTextW
SetWindowLongW
EndDialog
GetWindowLongW
DialogBoxParamW
LoadIconW
SetDlgItemTextA
EnableWindow
SetCursor
InvalidateRect
SendMessageW

winspool.drv

GetFormW
GetPrinterDriverW
EnumFormsW
SetPrinterW
ClosePrinter
DeletePrinterDataW
OpenPrinterW
AddFormW
DeleteFormW
GetPrinterDriverDirectoryW
GetPrinterDataW
GetPrinterW
SetPrinterDataW

gdi32

DeleteDC
EnumFontFamiliesW
SetGraphicsMode
CreateICW

Exports

Exports

DevQueryPrintEx
DllMain
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentEvent
DrvDocumentPropertySheets
DrvDriverEvent
DrvPrinterEvent
DrvQueryColorProfile
DrvQueryJobAttributes
DrvSplDeviceCaps
DrvUpgradePrinter

Sections

.text
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 764B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1053478c3502420e342022181930c8cc

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

rpcrt4

user32

winspool.drv

gdi32

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 166KB

.data Size: 1024B - Virtual size: 764B

.rsrc Size: 18KB - Virtual size: 18KB

.reloc Size: 145KB - Virtual size: 144KB

.text
Size: 167KB - Virtual size: 166KB

.data
Size: 1024B - Virtual size: 764B

.rsrc
Size: 18KB - Virtual size: 18KB

.reloc
Size: 145KB - Virtual size: 144KB