NEAS[.]f215c6f1e265c4cda451e50a892592f0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.f215c6f1e265c4cda451e50a892592f0.exe
Size

323KB
MD5

f215c6f1e265c4cda451e50a892592f0
SHA1

a93483b0f23a6ff097eaf686cfb09b4080db57d4
SHA256

49622d1be1fabbf967f39138bbbb2616b202f7535ca63e018343940f0fddcbca
SHA512

0f2e0c4ff616eaf855d6bc9a07e1fa0d8d0424296a12921e4c1deca5b18e131a1cc3ab6aad554d9768bd1e5e1fb93ada515ba9d2bd1e8fea28819ab31ffb0a13
SSDEEP

6144:b0Z+QKmJchRcTHKd0nSrVDcVEOFMOv+UUjFQAaTYpIw6gj5FvVbT9LNuT8MxJnZx:byfOhR6fnSxDceOFMOv+VxQAaiI41PZU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f215c6f1e265c4cda451e50a892592f0.exe

Files

NEAS.f215c6f1e265c4cda451e50a892592f0.exe
.dll windows:6 windows x86

5cebc620e73491a2063e8702acfd6a70

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryValueExA

kernel32

FreeLibrary
GetProcAddress
GetModuleHandleA
lstrcmpiA
RaiseException
MultiByteToWideChar
IsDBCSLeadByte
WideCharToMultiByte
SizeofResource
GetLastError
LoadResource
FindResourceA
LoadLibraryExA
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetModuleHandleW
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
HeapFree
FormatMessageW
FormatMessageA
InterlockedCompareExchange
LoadLibraryA
InterlockedExchange
SwitchToThread
HeapReAlloc
CloseHandle
ReadFile
SetFilePointer
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetFullPathNameW
GetFullPathNameA
FindFirstFileW
FindFirstFileA
CreateFileW
CreateFileA
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
GetFileSize
FindClose
GetShortPathNameA
GetShortPathNameW
SetLastError
HeapSize
HeapDestroy
GetSystemDefaultLangID
GetThreadLocale
GetUserDefaultLangID
LoadLibraryExW
GetModuleFileNameW
GetVersionExA
GetLocaleInfoA
GetConsoleCP
CopyFileA
CopyFileW

msvcr120_clr0400

_unlock
_calloc_crt
__dllonexit
_onexit
__clean_type_info_names_internal
_except_handler4_common
floor
memcmp
__CxxFrameHandler3
_CIfmod
memcpy
memset
_lock
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_initterm_e
_initterm
_malloc_crt
_amsg_exit
memmove_s
wcspbrk
wcsncmp
wcschr
wcstol
_vsnprintf
strrchr
atoi
swscanf_s
_mktime64
_localtime64_s
_time64
iswupper
iswdigit
iswxdigit
_errno
iswspace
_vsnwprintf
_lfind
wcscpy_s
wcsncpy_s
bsearch
wcsrchr
wcsstr
wcstoul
_wcsicmp
_purecall
??2@YAPAXI@Z
??_U@YAPAXI@Z
??_V@YAXPAX@Z
_recalloc
_mbsstr
memcpy_s
_resetstkoflw
free
malloc
_mbsnbcpy_s
??3@YAXPAX@Z
__CppXcptFilter

imagehlp

CheckSumMappedFile

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VariantInit
SetErrorInfo
SysFreeString
GetErrorInfo
VarUI4FromStr
SysAllocStringLen
SysStringLen
SysAllocString
VariantClear
VariantChangeType
CreateErrorInfo

user32

CharNextA
LoadStringW
LoadStringA

shlwapi

PathIsURLW
PathIsUNCW
PathRemoveFileSpecW

Exports

Exports

CreateALink
GetALinkMessageDll

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5cebc620e73491a2063e8702acfd6a70

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcr120_clr0400

imagehlp

ole32

oleaut32

user32

shlwapi

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.data Size: 4KB - Virtual size: 18KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 228KB - Virtual size: 228KB

.text
Size: 85KB - Virtual size: 84KB

.data
Size: 4KB - Virtual size: 18KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 228KB - Virtual size: 228KB