NEAS[.]25dccd9891272350862f0b6e18cc48d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.25dccd9891272350862f0b6e18cc48d0.exe
Size

488KB
MD5

25dccd9891272350862f0b6e18cc48d0
SHA1

241f372274806326217a3ff7f8e6c16daab369fc
SHA256

8dbc719dc0b84da84ca52443e1ed8ae80471c046d48fd7cdd5ac958d00ae54ce
SHA512

4c9a177df42ab02b3f4a043c4ed90d8ae5618ffb11268005c1a60e610b06f08b636a313bd3ea1fdcf03cf69ee5a9866ff2e4b61dd2381c27844b28ef33b1ec68
SSDEEP

6144:MGrhhZf4GLOhvwoBh20yp4Om1Nl0V+k3HEZfugehRMMTYSJnsKkQ2:MyccOhvwo/20ybm1wEkOfugehROS9s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.25dccd9891272350862f0b6e18cc48d0.exe

Files

NEAS.25dccd9891272350862f0b6e18cc48d0.exe
.exe windows:5 windows x86

c4e04d0731c03422a634e7783aa62b5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

accept
send
gethostname
gethostbyname
inet_ntoa
socket
htons
bind
listen
WSAStartup
recv
closesocket

kernel32

DeleteFileA
SetFileAttributesA
LocalFree
FormatMessageA
GetLastError
CopyFileA
lstrcatA
GetModuleFileNameA
GetSystemDirectoryA
FreeLibrary
GetCurrentProcessId
GetProcAddress
LoadLibraryA
GlobalAlloc
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
LoadLibraryW
SetConsoleCtrlHandler
OutputDebugStringW
WriteConsoleW
OutputDebugStringA
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
GlobalSize
GlobalFree
GetFileAttributesA
InterlockedExchange
GetStringTypeA
GetStringTypeW
GetTimeFormatA
GetDateFormatA
GetLocaleInfoA
IsValidLocale
EnumSystemLocalesA
SetEndOfFile
GetUserDefaultLCID
GetLocaleInfoW
CompareStringA
TerminateProcess
LCMapStringW
LCMapStringA
GetCurrentDirectoryA
SetCurrentDirectoryA
FindFirstFileA
FindNextFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
SetEnvironmentVariableA
GetCommandLineA
GetStartupInfoA
IsDebuggerPresent
RaiseException
DebugBreak
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CompareStringW
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapValidate
IsBadReadPtr
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
FatalAppExitA
GetModuleFileNameW
CloseHandle
WriteFile
GetConsoleCP
GetConsoleMode
RtlUnwind
ReadFile
SetHandleCount
GetStdHandle
GetFileType
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
GetModuleHandleW
Sleep
InterlockedIncrement
InterlockedDecrement
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
HeapDestroy
HeapCreate
HeapFree
VirtualFree
HeapAlloc
GetProcessHeap
VirtualQuery
HeapSize
HeapReAlloc
VirtualAlloc
GetACP
GetOEMCP
GetCPInfo
IsValidCodePage

user32

SystemParametersInfoA
GetDesktopWindow
EnableWindow
SendInput
SetCursorPos
GetMessageExtraInfo
mouse_event
GetDC
GetSystemMetrics
ReleaseDC
GetActiveWindow
MessageBoxA

gdi32

TextOutA
GetStockObject
GetObjectA
SelectPalette
RealizePalette
GetDIBits
CreateDCA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
StretchBlt
DeleteObject
BitBlt

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA

shell32

ShellExecuteA

Sections

.textbss
Size: - Virtual size: 189KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 399KB - Virtual size: 399KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c4e04d0731c03422a634e7783aa62b5d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

user32

gdi32

advapi32

shell32

Sections

.textbss Size: - Virtual size: 189KB

.text Size: 399KB - Virtual size: 399KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 5KB - Virtual size: 15KB

.idata Size: 5KB - Virtual size: 5KB

.rsrc Size: 1KB - Virtual size: 1KB

.textbss
Size: - Virtual size: 189KB

.text
Size: 399KB - Virtual size: 399KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 5KB - Virtual size: 15KB

.idata
Size: 5KB - Virtual size: 5KB

.rsrc
Size: 1KB - Virtual size: 1KB