NEAS[.]4383a9e47ed01efe88573d335f86ed70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4383a9e47ed01efe88573d335f86ed70.exe
Size

226KB
MD5

4383a9e47ed01efe88573d335f86ed70
SHA1

41bf339e1a7ad3a2bbbbf1adcba0b158147f3776
SHA256

dd7e8973a702f3e7b4c8ebae3310d915ee891faab1a8b2295deaee5e24d7d287
SHA512

e2c5668cd93ea13c4fe7f48b0bf20ed177b235960c9739292b91a77236f4fe7f600074747b6929ba2ad6d8d9aa3472d0a9797037b61f8ba4aaf3429594454a7e
SSDEEP

6144:Bh74qMWLv90lQNfyEy82UseAOgWMlPhhVFLa:BhsqTLF0MSWMlPhhVF2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4383a9e47ed01efe88573d335f86ed70.exe

Files

NEAS.4383a9e47ed01efe88573d335f86ed70.exe
.exe windows:6 windows x86

a8dd276331d9015280ea2d92d515720c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindNextComponentA
PathMakePrettyA
StrIsIntlEqualW
StrCpyW
StrRChrIW
StrCmpIW

kernel32

SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetFileType
GetConsoleOutputCP
GetStdHandle
SetFilePointerEx
GetModuleHandleExW
ExitProcess
HeapReAlloc
HeapFree
HeapAlloc
GetConsoleMode
CreateFileW
LoadLibraryExW
FreeLibrary
GetLastError
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
HeapSize
EnumTimeFormatsW
GetProcAddress
GetModuleHandleA
GetModuleFileNameW
FlushFileBuffers
WriteFile
DeleteCriticalSection
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsProcessorFeaturePresent

loadperf

UnloadPerfCounterTextStringsA
UnloadPerfCounterTextStringsW
LoadPerfCounterTextStringsA

winspool.drv

AddMonitorA
PrinterProperties
AddPortExA
DeleteFormA

msacm32

acmDriverAddA
acmStreamConvert
acmFormatDetailsA
acmFilterChooseW

resutils

ResUtilGetAllProperties
ClusWorkerCheckTerminate
ResUtilGetProperties
ResUtilFindDwordProperty

ole32

HMENU_UserSize
HENHMETAFILE_UserMarshal
StgCreateStorageEx
OleSetMenuDescriptor
HWND_UserFree

shell32

FindExecutableA
SHGetInstanceExplorer

odbc32

ord252
ord47
ord34
OpenODBCPerfData

msvfw32

ICImageDecompress
DrawDibBegin

avifil32

AVIFileAddRef

avicap32

capCreateCaptureWindowW

user32

TranslateMessage
DispatchMessageW
DefWindowProcW
PostQuitMessage
RegisterClassW
CreateWindowExW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
MessageBoxW
LoadCursorW
LoadImageW
GetMessageW

gdi32

SetStretchBltMode
StretchBlt
DeleteObject
DeleteDC
CreateCompatibleDC
GetObjectW

comdlg32

GetOpenFileNameW

Sections

.text
Size: 138KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 400B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a8dd276331d9015280ea2d92d515720c

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

loadperf

winspool.drv

msacm32

resutils

ole32

shell32

odbc32

msvfw32

avifil32

avicap32

user32

gdi32

comdlg32

Sections

.text Size: 138KB - Virtual size: 137KB

.rdata Size: 65KB - Virtual size: 64KB

.data Size: 12KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 400B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 138KB - Virtual size: 137KB

.rdata
Size: 65KB - Virtual size: 64KB

.data
Size: 12KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 400B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB