NEAS[.]d31a4eecfd0c22b0a869f8ae63580550[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d31a4eecfd0c22b0a869f8ae63580550.exe
Size

183KB
MD5

d31a4eecfd0c22b0a869f8ae63580550
SHA1

745ae1657769c154d9f81359cca7b5afadd26522
SHA256

69aa2052c55639846cb4be954bf36891d5a9127f3f63307c1855c7dd25f8e936
SHA512

c0ef808235c101954126d371767089dbe45949a167d96f9e964dc11d34c3d7429e4bafe1570f778ec292e75b8f947fa9c142b5cefa44ee7bbc84f37fcbc8a0aa
SSDEEP

3072:3fh4xL894kS2RbScrcHSpzRYCmoErihpq5XUIcXBJ1QRc4djq:3fh4xQ9BfFkihpq5K1Qjj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d31a4eecfd0c22b0a869f8ae63580550.exe

Files

NEAS.d31a4eecfd0c22b0a869f8ae63580550.exe
.dll windows:6 windows x86

d3375c760c18f3d39d416027b5050641

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_strnicmp
memset
memcpy

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
InterlockedIncrement
GetLastError
InterlockedDecrement
WaitForMultipleObjectsEx
ExitThread
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedExchange
Sleep
ResetEvent
SetEvent
SetThreadPriority
CreateThread
WaitForSingleObject
GetVersionExA
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
ReleaseMutex
UnmapViewOfFile
OpenMutexA
MapViewOfFile
CreateFileMappingA
HeapFree
GetCurrentProcessId
CreateProcessA
GetSystemDirectoryA
OpenEventA
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

SetWindowLongA
SendMessageA
SetFocus
EndDialog
GetDlgItem
GetWindowLongA
GetDlgItemTextA
DialogBoxParamA
GetForegroundWindow

ws2_32

ioctlsocket
setsockopt
connect
getsockname
accept
recv
listen
WSAGetLastError
send
gethostbyname
gethostname
recvfrom
getpeername
__WSAFDIsSet
select
sendto
getsockopt
inet_ntoa
WSACleanup
WSAStartup
ntohs
bind
socket
inet_addr
closesocket
htons

winmm

timeGetTime

advapi32

AddAccessAllowedAce
RegQueryValueExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegCloseKey
FreeSid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA

ntdll

ord1

dplayx

gdwDPlaySPRefCount

Exports

Exports

DPWS_BuildIPMessageHeader
DPWS_GetEnumPort
SPInit

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3375c760c18f3d39d416027b5050641

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

winmm

advapi32

ntdll

dplayx

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 142KB - Virtual size: 141KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 142KB - Virtual size: 141KB