NEAS[.]a60038f870faaa6278e631d73c456d40[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a60038f870faaa6278e631d73c456d40.exe
Size

76KB
MD5

a60038f870faaa6278e631d73c456d40
SHA1

9246aed7ec9c970fcbe01e9cf2028b2afb2a0fc4
SHA256

f6678c222937d282b91ac9de471aec8d598169f1d5346bf74f51c56f1ba8f8a3
SHA512

f137c2992b494e916bb4b2625534e824aac0c541f7d76629f8ee70d4f6019bb9a98d3937dfdd3aae0476d740effa14b020995cfb8aeee1912b535ca1e627e5b2
SSDEEP

1536:ZkR3WQvp+miI4egb5iMqE8SRTKnowiEvAoYlof:6R3W0ETCEZR/3oYlof

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a60038f870faaa6278e631d73c456d40.exe

Files

NEAS.a60038f870faaa6278e631d73c456d40.exe
.exe windows:4 windows x86

352bccd9a8b01e656fd93affe470e601

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

connect
gethostbyname
shutdown
select
setsockopt
socket
gethostname
send
closesocket
getsockname
WSACleanup
WSAStartup
WSAGetLastError
htons
inet_addr

netapi32

Netbios

rpcrt4

UuidCreate

kernel32

FlushFileBuffers
SetStdHandle
VirtualProtect
GetLocaleInfoA
SetFilePointer
IsBadCodePtr
WriteFile
LCMapStringW
IsBadReadPtr
SetUnhandledExceptionFilter
InterlockedIncrement
IsBadStringPtrW
InterlockedDecrement
CloseHandle
DeviceIoControl
CreateFileA
DefineDosDeviceA
GetLastError
ReadFile
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
Sleep
GetTickCount
GetDriveTypeA
GetComputerNameA
GetSystemInfo
lstrcpyA
lstrlenA
GetEnvironmentVariableA
HeapSize
VirtualQuery
SetEndOfFile
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
GetStdHandle
QueryDosDeviceA
InterlockedExchange
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringA
GetCPInfo
GetOEMCP
GetACP
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
LocalFree
RtlUnwind
HeapFree
HeapAlloc
ExitProcess
GetModuleHandleA
TerminateProcess
GetCurrentProcess
GetStartupInfoA
GetCommandLineA
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
QueryPerformanceCounter

user32

wsprintfA

advapi32

RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegCloseKey
RegQueryValueExA

ole32

CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoCreateGuid
CoSetProxyBlanket

oleaut32

SysFreeString
VariantInit
SysAllocStringByteLen
SysAllocString
VariantClear
SysStringLen

Sections

.text
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

352bccd9a8b01e656fd93affe470e601

Headers

File Characteristics

Imports

ws2_32

netapi32

rpcrt4

kernel32

user32

advapi32

ole32

oleaut32

Sections

.text Size: 52KB - Virtual size: 51KB

.rdata Size: 12KB - Virtual size: 8KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 4KB - Virtual size: 832B

.text
Size: 52KB - Virtual size: 51KB

.rdata
Size: 12KB - Virtual size: 8KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 4KB - Virtual size: 832B