NEAS[.]2e86dc3fa666e3efc95af614ab2031c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2e86dc3fa666e3efc95af614ab2031c0.exe
Size

515KB
MD5

2e86dc3fa666e3efc95af614ab2031c0
SHA1

972ae5ecd2edf02b759dc1ce38d932f207cbcd1c
SHA256

3160d6714ed1f7a107db261bd13b0c0906bb72f7c4e1837b1499570faa6b3f89
SHA512

2fe058c9222219a5b329c7b2d61c58b8425a9345bc37d1a6177dc557cad3a7582e1f0b5f731fc434d691709d27fddd26a4e6c2e97d710a40ed3d2dbe6bc3180e
SSDEEP

12288:RbAbrohXZjU5klr5NXrMVxafdEbzl+adfR5UYDVj:RbAXohXZmsr5NXGxafdEbzl+adfTUW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2e86dc3fa666e3efc95af614ab2031c0.exe

Files

NEAS.2e86dc3fa666e3efc95af614ab2031c0.exe
.dll windows:4 windows x64

fc18078399f8ad834851a2ab0eed13de

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

gdi32

ExtTextOutW
CreateCompatibleDC
SetBkColor
DeleteDC
CreateCompatibleBitmap
SelectObject
DeleteObject
CreateSolidBrush

kernel32

GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeFormatA
GetDateFormatA
InitializeCriticalSection
FreeLibrary
GetStringTypeW
GetLocaleInfoW
GetLocaleInfoA
MultiByteToWideChar
LoadLibraryA
SetConsoleCtrlHandler
IsValidCodePage
GetOEMCP
GetACP
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringA
CompareStringW
GetCurrentProcessId
HeapReAlloc
GetVersionExW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
GetLastError
RtlVirtualUnwind
GetModuleHandleA
GetProcAddress
FlsGetValue
TlsAlloc
TlsFree
FlsFree
SetLastError
TlsSetValue
GetCurrentThread
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
Sleep
HeapSize
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetCPInfo
SetEnvironmentVariableA

user32

FillRect
InvalidateRect
GetClientRect
ReleaseDC
RegisterWindowMessageW
GetDC
GetPropW
CallWindowProcW
RemovePropW
SetPropW
DefWindowProcW
EnumWindows
FindWindowExW
PostMessageW
GetWindowLongW
SendMessageW
SetWindowLongPtrW
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
IsWindow
CallNextHookEx

vscover100

VSCoverRegisterAssembly

Exports

Exports

EndHelper
StartHelper

Sections

.text
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

DLLShare
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vscov
Size: 512B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vscovmp
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vscovex
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc18078399f8ad834851a2ab0eed13de

Headers

File Characteristics

Imports

gdi32

kernel32

user32

vscover100

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 380KB

.rdata Size: 38KB - Virtual size: 38KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 14KB - Virtual size: 13KB

DLLShare Size: 512B - Virtual size: 24B

.vscov Size: 512B - Virtual size: 568B

.vscovmp Size: 72KB - Virtual size: 72KB

.vscovex Size: 512B - Virtual size: 20B

.rsrc Size: 512B - Virtual size: 176B

.reloc Size: 1024B - Virtual size: 916B

.text
Size: 380KB - Virtual size: 380KB

.rdata
Size: 38KB - Virtual size: 38KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 14KB - Virtual size: 13KB

DLLShare
Size: 512B - Virtual size: 24B

.vscov
Size: 512B - Virtual size: 568B

.vscovmp
Size: 72KB - Virtual size: 72KB

.vscovex
Size: 512B - Virtual size: 20B

.rsrc
Size: 512B - Virtual size: 176B

.reloc
Size: 1024B - Virtual size: 916B