NEAS[.]1b2cb99a0b10ee0b189a798e13ad4110[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1b2cb99a0b10ee0b189a798e13ad4110.exe
Size

82KB
MD5

1b2cb99a0b10ee0b189a798e13ad4110
SHA1

7467885c3a15df7a204ff7ce41685b9b415fb160
SHA256

5c70ca3f3e475f440386db7f82b0787e491483380cc94525f0fbc45133abda15
SHA512

72e28f613adf23cf5ea38dbcc443d425ba2d7e6fdd461d9098cdfffb77d2924924724b72c3900ae9ccade1518ca8c5bec5dabadbca1066f20cdec8226e0de77a
SSDEEP

768:Ta6PpQu6peTiYCU4MRTHyu7pRWqfdF/XUXf9S4B7DC70y0DBStt55fTP9rcLP5HM:TBiu6p3YjRzy+dqB7u7BT5LK5HR2X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1b2cb99a0b10ee0b189a798e13ad4110.exe

Files

NEAS.1b2cb99a0b10ee0b189a798e13ad4110.exe
.dll windows:5 windows x86

c08e0dfc193d9fceb421e5be4ecfde5c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetLastError
lstrlenA
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
GetProcAddress
LoadLibraryA
FreeLibrary
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
WideCharToMultiByte
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RtlUnwind
GetFileAttributesA
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
VirtualFree
VirtualAlloc
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
CloseHandle
FlushFileBuffers

netcheckalarm

?CreateProxyProcess@@YAXAAV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@00H@Z

Exports

Exports

DoWork

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c08e0dfc193d9fceb421e5be4ecfde5c

Headers

File Characteristics

Imports

kernel32

netcheckalarm

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 11KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 57KB - Virtual size: 56KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB