NEAS[.]277f68998c7a3f775f57fe3643762ae0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.277f68998c7a3f775f57fe3643762ae0.exe
Size

890KB
MD5

277f68998c7a3f775f57fe3643762ae0
SHA1

2985461e79093b6d8f465719f4b492dbcdaad301
SHA256

753666ab8303da8c7652e59ad24487fb886412a1aca3bff4c9d10ad87f8fa0f5
SHA512

743893b9b0d43951f85bdbe3a8d41b327cdfa9eebc10e04bf324d63ebcd429c02b72b2b491a424464361095d6bbb4b17865dd8044b14459f3ccb76a5a43f93c3
SSDEEP

12288:aEAmKViPfENFb0LnTb2HRn8ZL73R7zkFozNQIJ6zwNMlqAE2Oy0AvH:aESViab1Rn8Z33R7Wmsw+kA3J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.277f68998c7a3f775f57fe3643762ae0.exe

Files

NEAS.277f68998c7a3f775f57fe3643762ae0.exe
.exe windows:5 windows x86

9b62059ed73659187bb372a2f5221eb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalAlloc
SizeofResource
LoadResource
FindResourceW
SetEnvironmentVariableW
GetEnvironmentVariableW
GetUserDefaultUILanguage
GetThreadLocale
LocalFree
GetModuleHandleW
CreateEventW
SetEvent
QueueUserWorkItem
DeleteFileW
Sleep
InterlockedDecrement
InterlockedIncrement
LockResource
SetEnvironmentVariableA
GetSystemTime
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
CloseHandle
UnregisterWait
DuplicateHandle
GetCurrentProcess
GetLastError
ConnectNamedPipe
ResetEvent
GetOverlappedResult
ReadFile
DisconnectNamedPipe
GetCurrentProcessId
GetCurrentThreadId
DeleteCriticalSection
ReleaseMutex
UnregisterWaitEx
InitializeCriticalSection
RegisterWaitForSingleObject
WriteFile
CreateNamedPipeW
CreateMutexW
OpenProcess
ReadProcessMemory
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
CreateFileW
GetTickCount
WaitForSingleObject
SetLastError
CreateProcessW
GetModuleFileNameW
SetFilePointer
OutputDebugStringA
FormatMessageA
GetModuleHandleA
UnmapViewOfFile
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetCurrentDirectoryW
MapViewOfFile
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
GetNativeSystemInfo
GetVersionExW
IsDebuggerPresent
RaiseException
QueryPerformanceCounter
GetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
SetEndOfFile
FlushFileBuffers
InterlockedExchangeAdd
GetSystemDirectoryW
GetWindowsDirectoryW
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
ExpandEnvironmentStringsW
InterlockedExchange
UnhandledExceptionFilter
GetCPInfo
HeapFree
GetStartupInfoW
GetConsoleCP
GetConsoleMode
ExitProcess
HeapAlloc
GetProcessHeap
SetStdHandle
GetFileType
HeapReAlloc
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeW
GetModuleFileNameA
GetStringTypeA
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA
HeapSize
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
CompareStringA
CompareStringW
GetCommandLineW

user32

PostQuitMessage
DefWindowProcW
UpdateWindow
CreateWindowExW
TranslateMessage
GetMessageW
CharUpperW
MessageBoxW
DispatchMessageW
PostMessageW
RegisterClassExW

advapi32

RegQueryValueExW
RegOpenKeyExW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCreateKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey

wininet

HttpSendRequestW
InternetSetOptionW
HttpQueryInfoW
InternetQueryDataAvailable
InternetReadFile
HttpAddRequestHeadersW
InternetConnectW
InternetOpenW
InternetCrackUrlW
InternetCloseHandle
HttpOpenRequestW

winmm

timeGetTime

ole32

CoTaskMemFree

Sections

.text
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b62059ed73659187bb372a2f5221eb6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

wininet

winmm

ole32

Sections

.text Size: 584KB - Virtual size: 583KB

.rdata Size: 253KB - Virtual size: 253KB

.data Size: 10KB - Virtual size: 30KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 584KB - Virtual size: 583KB

.rdata
Size: 253KB - Virtual size: 253KB

.data
Size: 10KB - Virtual size: 30KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 40KB - Virtual size: 39KB