NEAS[.]95fc7a2325e9878d72d68f20370de3b0[.]exe

General

Target

NEAS.95fc7a2325e9878d72d68f20370de3b0.exe
Size

341KB
MD5

95fc7a2325e9878d72d68f20370de3b0
SHA1

1174b6e1c2e81dcd097c17a4ad1009f6fe33ce08
SHA256

e2c5f8da89d0edbcff1f8d524b0d11eeb3cd2bb0049b93d9c7972c17a6bcea81
SHA512

25397f2070ca97fd568c26c8dcba390910ceb114183ba163d233e492ae9ade22588cc540d4372172c6afb5f53417f49f2fb00dbcf1e578437de312859db09da7
SSDEEP

6144:tH0C6ydaOjTLFaZ41EBLtrGh+RS7NwSv14ximM42m2LLqxx:Z0hywZKEBchqS7NwSJHqxx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.95fc7a2325e9878d72d68f20370de3b0.exe

Files

NEAS.95fc7a2325e9878d72d68f20370de3b0.exe
.dll windows:4 windows x86

1d172e50bd16f3fa14aba80a80945049

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

twrecs

RecogHPunc
RecogVPunc
FreeSymbolLibrary
LoadSymbolLibrary

twrece

FreeEnglishLibrary
LoadEnglishLibrary
RecogConnectEng
RecogSingleEng

kernel32

IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetModuleHandleW
GetProcessHeap
GetProcAddress
LoadLibraryA
FreeLibrary
lstrlenA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
GetSystemTimeAsFileTime

msvcr80

_stricmp
isupper
ispunct
isdigit
islower
isalpha
memmove
__CxxFrameHandler3
_CIsqrt
_CxxThrowException
_CIexp
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
??3@YAXPAX@Z
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
memcpy
qsort
free
malloc
memset
realloc

Exports

Exports

FreeCutLibrary
IsRecognizable
LoadCutLibrary
RecogOneLine

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1d172e50bd16f3fa14aba80a80945049

Headers

DLL Characteristics

File Characteristics

Imports

twrecs

twrece

kernel32

msvcr80

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 226KB - Virtual size: 228KB

.text
Size: 102KB - Virtual size: 102KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 226KB - Virtual size: 228KB