NEAS[.]3cee0c16f18ebea9ebf43b7bb85ca130[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3cee0c16f18ebea9ebf43b7bb85ca130.exe
Size

189KB
MD5

3cee0c16f18ebea9ebf43b7bb85ca130
SHA1

4ef6c71588a58ba83d632316bf2fc59826662498
SHA256

98b710119637f3a24bab1993e683fd5bd7129f4d794db73ce2f3271809729bd5
SHA512

9710b75aacaea37f5055e811721376c18ff6d8340b26cc8d79c3a062ec14af4050d294242cfd1318d7345163b61d5a495c703b2be1141ddfb9ceacbff00fbdc6
SSDEEP

3072:j/Aq24TVSzXHj+iImrB+KltKQo+PHWHvrEpzibBJieVGEKB3zIJ6Dp/:jZ24TVSLDQsEKeQr2HvryzkUeVGJc0B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3cee0c16f18ebea9ebf43b7bb85ca130.exe

Files

NEAS.3cee0c16f18ebea9ebf43b7bb85ca130.exe
.exe windows:4 windows x86

bd103223dafccdebb93a9e3dcd54005f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memmove
_CItanh
_CIsqrt
_CIlog
malloc
memcpy
free
fseek
ftell
fread
fclose
strcmp
strcpy
sprintf
strncpy
strlen
strstr
localtime
mktime
gmtime

kernel32

GetModuleHandleA
HeapCreate
GetCommandLineA
HeapDestroy
ExitProcess
GetCurrentProcess
CreateThread
WideCharToMultiByte
HeapFree
HeapAlloc
Sleep
CreateFileA
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
CloseHandle
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
GetLocalTime
HeapReAlloc
ReadFile

user32

LoadIconA

gdi32

BitBlt

wsock32

WSAGetLastError
getpeername
closesocket
WSACleanup
WSAStartup
recv
send
htons
sendto

winmm

timeBeginPeriod
timeEndPeriod

Sections

.code
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 78B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ