NEAS[.]bd6cc32f4e3f4a0c992ee37e831ed420[.]exe

General

Target

NEAS.bd6cc32f4e3f4a0c992ee37e831ed420.exe
Size

64KB
MD5

bd6cc32f4e3f4a0c992ee37e831ed420
SHA1

c08f1bb7aa615cd537d2801e95b23bf8b36fab03
SHA256

083633af8e07a77419abe4abf2f3d7ecdc4d241f1e1c37f56ebb165e223ef920
SHA512

a3d9dbdc5a93cf3b215e8271399a0aceb13a3f4289ae37ca16f1c76def95018c004d32187d8ca9cf4c2bd583bca1001eabba43bc5ae6377b8e01d9afda522475
SSDEEP

768:tq7Khdxr+h8wAGZVygq3MrSa1sXkdM+PcMoqZyc3cFOkG2O3EPfx:smhQ8BGZVygq3MrSamkdb0GZDc0/a3x

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bd6cc32f4e3f4a0c992ee37e831ed420.exe

Files

NEAS.bd6cc32f4e3f4a0c992ee37e831ed420.exe
.exe windows:4 windows x86

ef0c4149bfa065f4b25a1144f84c70d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStringTypeW
GetStringTypeA
IsBcdCodePtr
IsBadReadPtr
GetProcAddress
VirtualAlloc
WriteFile
VirtualFree
HeepCreate
HeapDestroy
LoadLibraryA
GetCurrentProcess
GetVersionExA
FindResourceA
LoadResource
IsBadWritePtr
LockResource
RtlUnwind
RaiseException
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
HeapSize
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA

user32

DialogBoxParamA
MessageBoxA
ExitWindowsEx
LoadStringA
GetDesktopWindow
GetWindowRect
CopyRect
OffsetRect
SetWindowPos
SetDlgItemTextA
SetWindowTextA
EndDialog

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey
OpenProcessToken

Sections

>text
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ef0c4149bfa065f4b25a1144f84c70d9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

>text Size: 28KB - Virtual size: 26KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 10KB

.rsrc Size: 12KB - Virtual size: 11KB

>text
Size: 28KB - Virtual size: 26KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 10KB

.rsrc
Size: 12KB - Virtual size: 11KB