NEAS[.]753f9f9af0f223a0ca8b6dfa654b07a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.753f9f9af0f223a0ca8b6dfa654b07a0.exe
Size

2.4MB
MD5

753f9f9af0f223a0ca8b6dfa654b07a0
SHA1

409205da5f0b22620d543a017a3f510477943624
SHA256

c6a07b1765e08ce1d643e48c7fd33d1a16cfc1433ab57a6296a32c458bcae6d6
SHA512

ac18a4aaf895efdace2b742094a34a63be9155ab317b96ed8aa65cc8c7db0422855e88767eb794650142bce04d69447536cfd8d515abeb39f6302aba53335eee
SSDEEP

49152:faqDovkyyXOB3ERrFlcwBvGizRXqBUpkD0yX:fFe69AD0y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.753f9f9af0f223a0ca8b6dfa654b07a0.exe

Files

NEAS.753f9f9af0f223a0ca8b6dfa654b07a0.exe
.exe windows:6 windows x64

3e69120725d068c0e210d0add53c0501

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

AcquireSRWLockExclusive
GetCurrentProcess
GetCurrentThread
RtlCaptureContext
RtlLookupFunctionEntry
SetLastError
GetCurrentDirectoryW
GetEnvironmentVariableW
AddVectoredExceptionHandler
GetCommandLineW
ReleaseSRWLockShared
FindClose
ReleaseMutex
GetCurrentThreadId
SetConsoleTextAttribute
GetConsoleScreenBufferInfo
GetFileInformationByHandleEx
GetFileType
GetCurrentProcessId
SetConsoleMode
GetConsoleMode
GetStdHandle
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageW
HeapReAlloc
AcquireSRWLockShared
WaitForSingleObjectEx
LoadLibraryA
CreateMutexA
GetModuleHandleA
CreateFileW
GetFileInformationByHandle
InitializeSListHead
IsProcessorFeaturePresent
CreateDirectoryW
FindFirstFileW
RtlVirtualUnwind
IsDebuggerPresent
WaitForSingleObject
GetModuleHandleW
GetModuleFileNameW
ExitProcess
GetFullPathNameW
HeapAlloc
MultiByteToWideChar
WriteConsoleW
GetSystemTimeAsFileTime
UnhandledExceptionFilter
GetLastError
SetUnhandledExceptionFilter
FreeLibrary
GetProcAddress
LoadLibraryExA
HeapFree
GetProcessHeap
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SetThreadStackGuarantee
Module32Next
Module32First
OpenProcess
Process32Next
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
TryAcquireSRWLockExclusive
ReleaseSRWLockExclusive
CloseHandle

oleaut32

SysStringLen
SysFreeString
GetErrorInfo

advapi32

SystemFunction036

ntdll

NtReadFile
NtWriteFile
RtlNtStatusToDosError

bcrypt

BCryptGenRandom

vcruntime140

_CxxThrowException
__current_exception_context
__current_exception
__C_specific_handler
__CxxFrameHandler3
memset
memcmp
memmove
memcpy

api-ms-win-crt-string-l1-1-0

strlen

api-ms-win-crt-runtime-l1-1-0

_seh_filter_exe
_exit
exit
_initterm_e
__p___argc
__p___argv
_get_initial_narrow_environment
_c_exit
_initterm
_register_thread_local_exe_atexit_callback
_initialize_narrow_environment
_set_app_type
terminate
_initialize_onexit_table
_register_onexit_function
_cexit
_configure_narrow_argv
_crt_atexit

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 766KB - Virtual size: 765KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e69120725d068c0e210d0add53c0501

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

oleaut32

advapi32

ntdll

bcrypt

vcruntime140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-heap-l1-1-0

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 766KB - Virtual size: 765KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 64KB - Virtual size: 63KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 766KB - Virtual size: 765KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 64KB - Virtual size: 63KB

.reloc
Size: 20KB - Virtual size: 20KB