NEAS[.]be9241fde344c88153af7730309d6620[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.be9241fde344c88153af7730309d6620.exe
Size

174KB
MD5

be9241fde344c88153af7730309d6620
SHA1

addf4ce38b0a0da9484d8537908be9dbedd1fe5c
SHA256

3cacd93de7e8557b0937c989f8ded5dbd22713dfad879de2fefa1b4cdbaf70a0
SHA512

8e80feff5da4fabb34a742aa12c9615b6c020e42bed24fd7d0510fbee98917c46fbfc1e0f1797d98cdee95c96da97cdddf57d05a1d13295274fcca5412079763
SSDEEP

3072:/gIty5F8bO6LULBgfUz33PXqoDMm/McgMjdl+wyXMNfZbbE32:/gMwF8btLULBgfUz3fXqoDMJ3K+dXMR5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.be9241fde344c88153af7730309d6620.exe

Files

NEAS.be9241fde344c88153af7730309d6620.exe
.exe windows:5 windows x86

a3d5cbff79b48c56122d3a062668e9aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ReadFile
CreateFileW
HeapReAlloc
LoadLibraryW
InterlockedExchange
FlushFileBuffers
SetStdHandle
WriteConsoleW
SetFilePointer
IsValidLocale
EnumSystemLocalesA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
GetLastError
HeapFree
GetCommandLineA
HeapSetInformation
HeapAlloc
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
TerminateProcess
GetCurrentProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetProcAddress
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapCreate
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
ExitProcess
GetStdHandle
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
Sleep
HeapSize
LCMapStringW
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA

ws2_32

recv
send
socket
inet_addr
htons
connect
WSAStartup
WSACleanup
closesocket
gethostbyname
inet_ntoa

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a3d5cbff79b48c56122d3a062668e9aa

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Sections

.text Size: 130KB - Virtual size: 129KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 6KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 130KB - Virtual size: 129KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 6KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 11KB - Virtual size: 11KB