NEAS[.]60de486685907ede08bf7207440b2d80[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.60de486685907ede08bf7207440b2d80.exe
Size

1.5MB
MD5

60de486685907ede08bf7207440b2d80
SHA1

914e5d98ed5ed122e39a7c32361e1d89d5d35e47
SHA256

50455bcab94dc169067ca9c893ff3fed52bd520d2511472c0eb44e487b8a6860
SHA512

05b69ed97833b9733531b04acdebdc930b0294799e281400b102299be94e9c599969ceb9e73d8c0791688807be428e87830cec592bf1ddae5459b0e14f941df9
SSDEEP

24576:SvslB6O2kKOt1Hp9uJA0YVzpim1hKQ+j1rlY/+jsp2F8oe40HxBe9G4nSLK:SOiYVzpimjqR22wp2Hb0HK9G9e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.60de486685907ede08bf7207440b2d80.exe

Files

NEAS.60de486685907ede08bf7207440b2d80.exe
.exe windows:4 windows x86

a4280b506f3b67e32dc0c5a869d1259b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadResource
FindResourceA
VirtualProtect
GetCurrentProcess
CreateThread
WriteFile
GetTempPathA
GetModuleFileNameA
CreateSemaphoreA
DeviceIoControl
MultiByteToWideChar
GetVersion
DeleteFileA
GetCurrentThreadId
CreateProcessA
MoveFileExA
SetThreadPriority
LockResource
Sleep
GetWindowsDirectoryA
GetVersionExA
GetShortPathNameA
SetFileAttributesA
HeapSize
SizeofResource
CreateFileA
CreateFileW
WaitForSingleObject
ReleaseSemaphore
GetCurrentProcessId
TerminateProcess
lstrlenA
lstrcmpA
Module32First
VirtualProtectEx
ReadProcessMemory
Module32Next
GetLastError
LocalAlloc
LocalFree
IsBadReadPtr
GetSystemInfo
VirtualAllocEx
WriteProcessMemory
VirtualFreeEx
lstrcatA
OpenProcess
CloseHandle
LoadLibraryA
GetModuleHandleA
GetProcAddress
FreeLibrary
VirtualAlloc
VirtualFree
CreateToolhelp32Snapshot
Process32First
lstrcmpiA
Process32Next
FormatMessageA
GetCommandLineA
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
SetUnhandledExceptionFilter
IsBadWritePtr
IsBadCodePtr
LCMapStringA
LCMapStringW
HeapReAlloc
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
LeaveCriticalSection
GetLocalTime
EnterCriticalSection
lstrcpyA

user32

GetSystemMetrics
wsprintfA
CharUpperBuffA
GetInputState
PostThreadMessageA
GetMessageA
MessageBoxA

advapi32

DeleteService
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
CloseServiceHandle
QueryServiceStatus
OpenServiceA
OpenSCManagerA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
ControlService
RegEnumKeyExA
CreateServiceA
StartServiceA

psapi

GetModuleInformation

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetHidGuid
HidD_GetFeature
HidP_GetCaps
HidD_FreePreparsedData
HidD_GetAttributes
HidD_GetPreparsedData
HidD_SetFeature

Sections

.text
Size: 636KB - Virtual size: 633KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 920KB - Virtual size: 917KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a4280b506f3b67e32dc0c5a869d1259b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

psapi

setupapi

hid

Sections

.text Size: 636KB - Virtual size: 633KB

.rsrc Size: 920KB - Virtual size: 917KB

.text
Size: 636KB - Virtual size: 633KB

.rsrc
Size: 920KB - Virtual size: 917KB