NEAS[.]497e46a9a97ffd045cfcdb76c4b37210[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.497e46a9a97ffd045cfcdb76c4b37210.exe
Size

563KB
MD5

497e46a9a97ffd045cfcdb76c4b37210
SHA1

bc65657f61bf5e6cf76216e1dc441a47e318ec1b
SHA256

f25c69bea4f4a547509d6cede056f4f054c8043b30dab29b1b5588ef13c1c0c8
SHA512

b5ea55da7a2a5c6c06f3590658553108f527248607aa30dad82ea8b2c5bb82af8d3b6c0e80395d32805c06635a96fe10828ead28eaccad7e57830ae923ff37fd
SSDEEP

12288:3EcPZmfMsD1a90sJLL6gg1INX2/Viokj0ctQmI+kAeAgv/W:UyCMsDEtlLZX2/VKY8QmIB8g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.497e46a9a97ffd045cfcdb76c4b37210.exe

Files

NEAS.497e46a9a97ffd045cfcdb76c4b37210.exe
.dll windows:6 windows x86

a6bea83a7d2dfeaa526f74b0be855369

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ResumeThread
FindClose
CloseHandle
GetCurrentThreadId
Sleep
LCMapStringW
GetCurrentThread
WideCharToMultiByte
GetProcAddress
GetModuleHandleW
LoadLibraryExW
SetErrorMode
FreeLibrary
GetModuleFileNameW
GetVersionExW
IsWow64Process
CompareStringEx
GetLastError
GetCurrentProcess
VirtualProtect
VirtualFree
VirtualAlloc
SuspendThread
GetThreadContext
FlushInstructionCache
SetThreadContext
VirtualQuery
SetLastError
LoadLibraryExA
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
CreateEventW
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
SetEvent
WaitForSingleObjectEx
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
RaiseException
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleHandleA
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
LoadLibraryW
HeapSize
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
HeapReAlloc
GetProcessHeap
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
SetStdHandle
CreateFileW
WriteConsoleW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW

Exports

Exports

APIExportForDetours
DisableVirtualizationOnThread
EnableFullVirtualization
EnableVirtualizationOnThread
IsCurrentThreadVirtualized

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 286KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6bea83a7d2dfeaa526f74b0be855369

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 197KB - Virtual size: 197KB

.rdata Size: 69KB - Virtual size: 69KB

.data Size: 9KB - Virtual size: 11KB

.reloc Size: 286KB - Virtual size: 288KB

.text
Size: 197KB - Virtual size: 197KB

.rdata
Size: 69KB - Virtual size: 69KB

.data
Size: 9KB - Virtual size: 11KB

.reloc
Size: 286KB - Virtual size: 288KB