NEAS[.]ce0c852d9a49d5d63e1b809ff5adcfb0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ce0c852d9a49d5d63e1b809ff5adcfb0.exe
Size

817KB
MD5

ce0c852d9a49d5d63e1b809ff5adcfb0
SHA1

47abe12cbd5e08a46e678b17987baa4ed5ba5275
SHA256

2a968b9a6644dfa8da7a9cd2ee9c156c9d845f386b975cdb7989262761a79c28
SHA512

4f87c0e0fb7bc787523b666a9ed6bc8a5e77c9cc113e682b2e0cd08a7b8c7d9ba3b971c04b9f50c73e88edc450d16b09be5309dbf312282cb8e3ad27553a3812
SSDEEP

24576:LvwCOcWtSpQ77b7xHas8/ZgxNCMwrh7PLASN4gO+Yi+zdNlevD:g7HwB1RpPLASSgDa

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ce0c852d9a49d5d63e1b809ff5adcfb0.exe

Files

NEAS.ce0c852d9a49d5d63e1b809ff5adcfb0.exe
.exe windows:6 windows x86

9bdd9a59eb8d1bbad4c1e0b3dca2d857

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LCMapStringW
VirtualAlloc
GetSystemInfo
GetVersion
LocalFree
LocalAlloc
FlushViewOfFile
MapViewOfFileEx
SetFilePointer
UnmapViewOfFile
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
EnterCriticalSection
DeleteCriticalSection
GetFileType
CreateFileW
CreateFileMappingW
DeviceIoControl
DeleteFileW
InterlockedDecrement
InterlockedIncrement
VirtualFree
SetLastError
CopyFileW
GetFileAttributesW
SetFileAttributesW
WideCharToMultiByte
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
RtlUnwind
OutputDebugStringA
InterlockedCompareExchange
Sleep
InterlockedExchange
GetLastError
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetFileAttributesA
LoadLibraryA
GetProcAddress
LeaveCriticalSection
FreeLibrary

msvcrt

_snprintf
_itoa
wctomb
ferror
__pioinfo
_read
_fileno
_lseeki64
_write
_isatty
__badioinfo
isleadbyte
mbtowc
_onexit
_lock
__dllonexit
_unlock
_controlfp
?terminate@@YAXXZ
malloc
memmove
memcpy
memset
__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
exit
_XcptFilter
_exit
_cexit
__getmainargs
_iob
__mb_cur_max
strchr
wcschr
_errno
??2@YAPAXI@Z
??3@YAXPAX@Z
printf
calloc
fopen
fputs
fclose
puts
free
wcsrchr
_purecall
time
_wfullpath
strstr
bsearch
_wcsicmp
qsort
_wcsnicmp
_wcsdup
_stricmp
_get_osfhandle
_chsize
_close
_open_osfhandle
_memicmp
_mbscmp
wcsncmp
iswdigit
__unDName
wcstol
strncmp
_wsopen

rpcrt4

UuidCreate

Sections

.text
Size: 459KB - Virtual size: 458KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 351KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bdd9a59eb8d1bbad4c1e0b3dca2d857

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcrt

rpcrt4

Sections

.text Size: 459KB - Virtual size: 458KB

.data Size: 5KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 351KB - Virtual size: 352KB

.text
Size: 459KB - Virtual size: 458KB

.data
Size: 5KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 351KB - Virtual size: 352KB