NEAS[.]1cb3531256fee4d1fb562f06e0083550[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.1cb3531256fee4d1fb562f06e0083550.exe
Size

965KB
MD5

1cb3531256fee4d1fb562f06e0083550
SHA1

40f8357dc1bdae3125bf6783435a651c95b927a0
SHA256

e663fe9ce7bbcccb744dd3bf475fdbb1e418912684d019a47376b129a8b55d8d
SHA512

e064429c3fa5569ac5a235dfc42b47d6584a3ed8db455a42498791df37d91b6cd12b1b3a3ff7812b66d1d7e65a2995f4c23b4d7a7cbe8ccb79ab85fd4f67bddf
SSDEEP

24576:Y0q2nneiVohAYX9vxyUPf4HgN9hSrCikYR:Y0QumymjErV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1cb3531256fee4d1fb562f06e0083550.exe

Files

NEAS.1cb3531256fee4d1fb562f06e0083550.exe
.dll windows:6 windows x86

494a5f7bc089abfa6a3d782cd638b636

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
memchr
strstr
strchr
memset
memmove
memcpy
strrchr
memcmp

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf
_write
__stdio_common_vfprintf
_close
_commit
_read

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_initialize_onexit_table
_execute_onexit_table
_seh_filter_dll
_initterm_e
_initterm
_configure_narrow_argv
_errno
_cexit

api-ms-win-crt-convert-l1-1-0

strtol
strtoul

api-ms-win-crt-string-l1-1-0

strcpy
strcmp
strlen
isxdigit
strncmp

api-ms-win-crt-math-l1-1-0

ceil
fabs
cos
sqrt
tan
floor
atan2
log10
ldexp
sin
exp
_except1
pow

api-ms-win-crt-heap-l1-1-0

free

api-ms-win-crt-utility-l1-1-0

_swab

glib-lite

ord362
ord358
ord355
ord356
ord359
ord300
ord347
ord367
ord18
ord20
ord14
ord15
ord349
ord366
ord368
ord354
ord372
ord421
ord411
ord420
ord410
ord425
ord424
ord413
ord412
ord403
ord404
ord440
ord489
ord462
ord487
ord463
ord60
ord373
ord466
ord454
ord90
ord91
ord92
ord101
ord102
ord103
ord468
ord469
ord438
ord437
ord439
ord436
ord480
ord457
ord465
ord472
ord451
ord481
ord458
ord474
ord453
ord483
ord460
ord473
ord482
ord470
ord449
ord467
ord455
ord114
ord471
ord450
ord350
ord486
ord22
ord275
ord207
ord208
ord209
ord342
ord360
ord428
ord294
ord322
ord318
ord320
ord321
ord290
ord408
ord426
ord406
ord400
ord399
ord224
ord206
ord48
ord47
ord50
ord49
ord51
ord109
ord398
ord405
ord416
ord39
ord313
ord309
ord218
ord237
ord251
ord238
ord26
ord298
ord299
ord46
ord167
ord168
ord176
ord162
ord164
ord166
ord174
ord116
ord128
ord121
ord122
ord284
ord277
ord285
ord281
ord279
ord288
ord278
ord401
ord464
ord40
ord233
ord475
ord442
ord476
ord25
ord307
ord43
ord41
ord44
ord42
ord197
ord324
ord319
ord357
ord293
ord351
ord216
ord382
ord331
ord334
ord328
ord108
ord5
ord7
ord12
ord32
ord33
ord31
ord261
ord418
ord417
ord443
ord97
ord94
ord45
ord297
ord296
ord177
ord160
ord161
ord175
ord19
ord345
ord377
ord376
ord378
ord414
ord478
ord180
ord352
ord419
ord62
ord215
ord221
ord339
ord113
ord185
ord183
ord415
ord407
ord316
ord95
ord28
ord55
ord53
ord54
ord163
ord23
ord364
ord423
ord402
ord311
ord138
ord217
ord220
ord225
ord232
ord228
ord250
ord247
ord4
ord295
ord136
ord135
ord131
ord132
ord134
ord133
ord137
ord491
ord226
ord245
ord240
ord252
ord9
ord3
ord243
ord302
ord305
ord306
ord125
ord30
ord29
ord27
ord93
ord104
ord327
ord383
ord384
ord84
ord80
ord77
ord75
ord64
ord74
ord73
ord70
ord66
ord67
ord69
ord71
ord68
ord83
ord72
ord363
ord8
ord37
ord260
ord127
ord129
ord13
ord370
ord17
ord16
ord195
ord369
ord490
ord157
ord229
ord111
ord258
ord433
ord338
ord244
ord422
ord494
ord492
ord493
ord495
ord88
ord89
ord87
ord259
ord434
ord280
ord353
ord365
ord341
ord340
ord344
ord343
ord204
ord203
ord200
ord202
ord201
ord205
ord380
ord488
ord248
ord253
ord249
ord255
ord256
ord257
ord254
ord246
ord381
ord374
ord171
ord337
ord198
ord239
ord242
ord270
ord269
ord268
ord271
ord267
ord52
ord56
ord81
ord65
ord82
ord395
ord397
ord213
ord211
ord212
ord210
ord214
ord173
ord456
ord479
ord446
ord459
ord452
ord444
ord448
ord447
ord441
ord445
ord484
ord461
ord409
ord346
ord348
ord158
ord274
ord273
ord123
ord36
ord317
ord315
ord314
ord182
ord194
ord105
ord34
ord236
ord120
ord124
ord235
ord141
ord435
ord196
ord58
ord57
ord61
ord59
ord35
ord86
ord142
ord10
ord6
ord485
ord85
ord1
ord2
ord427
ord11
ord227
ord169
ord323
ord21
ord234
ord106
ord181
ord170
ord179
ord117
ord139
ord140
ord325
ord326
ord392
ord390
ord391
ord393
ord289
ord291
ord223
ord396
ord371

ws2_32

WSAWaitForMultipleEvents
WSAEventSelect
WSAGetLastError
WSAEnumNetworkEvents
WSASetLastError

kernel32

GetLastError
SetLastError
SetEvent
ResetEvent
CloseHandle
CreateEventA
FormatMessageA
GetProcAddress
GetModuleFileNameW
WaitForSingleObject
LoadLibraryA
GetModuleHandleA
RaiseException
QueryPerformanceCounter
TerminateProcess
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
LocalFree
Sleep
QueryPerformanceFrequency
GetModuleFileNameA

user32

GetDesktopWindow

dsound

ord1

Sections

.text
Size: 516KB - Virtual size: 515KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 286KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

494a5f7bc089abfa6a3d782cd638b636

Headers

DLL Characteristics

File Characteristics

Imports

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

glib-lite

ws2_32

kernel32

user32

dsound

Sections

.text Size: 516KB - Virtual size: 515KB

.rdata Size: 156KB - Virtual size: 155KB

.data Size: 5KB - Virtual size: 10KB

.rsrc Size: 1024B - Virtual size: 952B

.reloc Size: 286KB - Virtual size: 288KB

.text
Size: 516KB - Virtual size: 515KB

.rdata
Size: 156KB - Virtual size: 155KB

.data
Size: 5KB - Virtual size: 10KB

.rsrc
Size: 1024B - Virtual size: 952B

.reloc
Size: 286KB - Virtual size: 288KB