NEAS[.]5650ec115a1778776f361b81abfb0810[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5650ec115a1778776f361b81abfb0810.exe
Size

152KB
MD5

5650ec115a1778776f361b81abfb0810
SHA1

ae3ae76ff48074bfbe84f095ad16c26054ae78f7
SHA256

15d058bcdd261d3ef6ef157b15f61e31a7d395d96382609fccac98dd7e624a2e
SHA512

65ab164113dc9e0c6a86fa682cb289f6bc16dbe3fb1745b7dc998b9072815c7a120047077cb2fc5cae04a5fc380905813f96a1db47e7e667a21b742f7bc566d8
SSDEEP

1536:7bXHuhteWr7md6yC0k4rlXN2I+j5p1FwnxhZQLUMLB9t1Dx0to+KZI:/2txbhFobMt4toj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5650ec115a1778776f361b81abfb0810.exe

Files

NEAS.5650ec115a1778776f361b81abfb0810.exe
.dll windows:4 windows x86

0deeb40701bf1252f8a632e0ccec4a6a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetProcAddress
LoadLibraryA
WriteProcessMemory
SetUnhandledExceptionFilter
CreateFileA
GetCurrentThreadId
GetCurrentProcessId
CloseHandle
GetLastError
Sleep
GetModuleFileNameA
CreateToolhelp32Snapshot
Process32First
Process32Next
InterlockedDecrement
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
lstrlenA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
InterlockedExchange
RtlUnwind
InitializeCriticalSection
HeapFree
HeapAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetVersionExA
GetProcessHeap
GetCPInfo
InterlockedIncrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapSize
ExitProcess
WriteFile
GetStdHandle
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

ole32

CoUninitialize
CoInitialize
OleRun
CoCreateInstance

oleaut32

GetErrorInfo
SysFreeString
SysAllocString
VariantClear

shlwapi

StrStrIA

Sections

.text
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0deeb40701bf1252f8a632e0ccec4a6a

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

shlwapi

Sections

.text Size: 104KB - Virtual size: 100KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 10KB

.text
Size: 104KB - Virtual size: 100KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 10KB