NEAS[.]62283c20ff1562d0ddee5ba3dcf238a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.62283c20ff1562d0ddee5ba3dcf238a0.exe
Size

251KB
MD5

62283c20ff1562d0ddee5ba3dcf238a0
SHA1

69de989d1936743ec825386c7755a87a020b00d3
SHA256

55f06e51a16796a5cc8e719b1ef11b927e8d0df13d5996edfcf17dd627214e9f
SHA512

ed1b654c8b89188aa4e3f3121cf65557d2fafc778694257ee5cb4f03c006fff1ab31d099ef13bd3cbf8e504c4d732ffbbc48d7011ddcef45d7b38b2cb57825ed
SSDEEP

6144:US/7YeRiwvem4wAMBofnspBvm9D219gCIc5QTKY3EufYaiFxoGiTM:J7Vm3wGmc8SCIQQmY3EufYA3T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.62283c20ff1562d0ddee5ba3dcf238a0.exe

Files

NEAS.62283c20ff1562d0ddee5ba3dcf238a0.exe
.dll windows:6 windows x86

92cc29cdbb93be5c376952d9910180a6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

ReportEventW
RegisterEventSourceW
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
RegQueryValueExW

kernel32

InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
MultiByteToWideChar
HeapFree
SetLastError
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
IsDebuggerPresent
OutputDebugStringW
SetUnhandledExceptionFilter
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter

ole32

CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

VariantClear
SysAllocStringLen
SysStringLen
VarBstrCat
VariantInit
SysFreeString

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_type_info_destroy_list
_except_handler4_common
memset
_CxxThrowException
_purecall
__CxxFrameHandler3
memcpy

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-convert-l1-1-0

wcstombs_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_cexit
_initialize_onexit_table
_initialize_narrow_environment
_crt_atexit
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_register_onexit_function
_configure_narrow_argv

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92cc29cdbb93be5c376952d9910180a6

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.rdata Size: 7KB - Virtual size: 7KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 224KB - Virtual size: 228KB

.text
Size: 14KB - Virtual size: 13KB

.rdata
Size: 7KB - Virtual size: 7KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 224KB - Virtual size: 228KB