NEAS[.]aba7bb46a893567e45ac584e8e865630[.]exe

General

Target

NEAS.aba7bb46a893567e45ac584e8e865630.exe
Size

32KB
MD5

aba7bb46a893567e45ac584e8e865630
SHA1

cb931b6b185a5e1a99edde7fe0aa2284a6fc900d
SHA256

39e2f615c031b830a688318b239adb5feb5563a6daa1ef0ebcbf9d3aa0b5c77a
SHA512

74d0f6490fa4686ca0655954d156990e6638346962bf99c501e522fa19c788d037d74ed75b53350efe91a535b1509c4b59bcef2a69f49154f642e8e6fa3cb36e
SSDEEP

384:CG6+Dkkgt863W+TFrvEXQQ1xrmlc64yk8BXRoIo9ZVjR:CG6+DkblpThcgQfD+BX2Io9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.aba7bb46a893567e45ac584e8e865630.exe

Files

NEAS.aba7bb46a893567e45ac584e8e865630.exe
.dll windows:4 windows x86

6ba0f3dd737c069aece581ffc31ab01f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernelwin

sc_sleep
COMM_WriteData
COMM_Flush
sc_getTimeStamp
COMM_ReadData

kernel32

GetEnvironmentStrings
RtlUnwind
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar

Exports

Exports

GetBitDeviceTable
GetBitDeviceTableLength
GetOptimizeTable
GetWordDeviceTable
GetWordDeviceTableLength
force_command
get_DLL_version
read_command
write_command

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6ba0f3dd737c069aece581ffc31ab01f

Headers

File Characteristics

Imports

kernelwin

kernel32

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 15KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 4KB - Virtual size: 2KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 16KB - Virtual size: 15KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 4KB - Virtual size: 2KB

.reloc
Size: 4KB - Virtual size: 1KB