NEAS[.]542857557cc25493c3c7d4bf599f05c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.542857557cc25493c3c7d4bf599f05c0.exe
Size

84KB
MD5

542857557cc25493c3c7d4bf599f05c0
SHA1

61920951e75c91708d74f07a067655f31de00348
SHA256

7f2b638bf56fd0351149812972c656858d0b76e9756472a7b1fe72ed376f5d9b
SHA512

8410dfa4e16001e5a2fa12dd9d979e768161de432ea54bfa4cb1a9292954525872b1de3012895dbed64ac9f0105e43918b007e45397217ce28d739fcc70bec98
SSDEEP

1536:7zU15yyRSMLAkOk6S2/n/IwywX9VzIGAPPP/aMF0s:X85yoSMLA1LjjXjzIGAPPP/z0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.542857557cc25493c3c7d4bf599f05c0.exe

Files

NEAS.542857557cc25493c3c7d4bf599f05c0.exe
.dll windows:4 windows x86

b5eba22ca45a7385636a03ac0f037af9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

send
ioctlsocket
WSACleanup
WSAStartup
getsockopt
select
recv
setsockopt
socket
connect
closesocket

rasapi32

RasEnumConnectionsA
RasSetEntryPropertiesA
RasEnumDevicesA
RasGetEntryDialParamsA
RasGetErrorStringA
RasDialA
RasHangUpA
RasGetConnectStatusA
RasDeleteEntryA
RasValidateEntryNameA

iphlpapi

GetAdaptersInfo

mfc42

ord5601
ord4277
ord5643
ord2614
ord1199
ord2446
ord6334
ord6215
ord2086
ord4160
ord641
ord2642
ord6222
ord5683
ord1948
ord2396
ord3346
ord5300
ord5303
ord4079
ord4699
ord5307
ord5289
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord565
ord817
ord2726
ord4226
ord1168
ord1106
ord5609
ord5605
ord2765
ord939
ord1105
ord2514
ord2818
ord1085
ord692
ord5265
ord4376
ord4998
ord6052
ord4078
ord1775
ord4407
ord6282
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord2370
ord4234
ord4710
ord4853
ord1771
ord6366
ord2413
ord2024
ord6283
ord2581
ord6055
ord1776
ord4401
ord5290
ord3402
ord3639
ord567
ord2362
ord2302
ord4224
ord1082
ord2379
ord926
ord5953
ord5572
ord2915
ord1768
ord3092
ord923
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3953
ord3738
ord815
ord561
ord4204
ord6467
ord5622
ord536
ord5710
ord4129
ord6569
ord2763
ord802
ord542
ord535
ord5597
ord2775
ord537
ord941
ord924
ord940
ord823
ord860
ord1081
ord715
ord415
ord3664
ord5823
ord858
ord825
ord540
ord800
ord3663
ord269
ord826
ord600
ord1578
ord1255
ord1253
ord1570
ord1197
ord1243
ord342
ord1182
ord1577
ord1575
ord1176
ord1116
ord5241
ord4219

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
_EH_prolog
_CxxThrowException
strstr
_mbsrchr
_purecall
free
malloc
_mbscmp
_mbsicmp
sprintf
atoi
__CxxFrameHandler
_memicmp
_itoa

kernel32

CreateFileA
CreateEventA
ReadFile
EscapeCommFunction
SetCommMask
WaitCommEvent
WaitForMultipleObjects
GetOverlappedResult
PurgeComm
SetEvent
ClearCommError
SetLastError
WriteFile
SetCommState
GetLastError
OutputDebugStringA
GetCommModemStatus
WaitForSingleObject
CreateThread
CloseHandle
Sleep
SetCommTimeouts
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleFileNameA
lstrlenA
GetPrivateProfileSectionNamesA
SuspendThread
ResetEvent
LeaveCriticalSection
EnterCriticalSection
ResumeThread
FreeLibrary
GetProcAddress
LoadLibraryA
GlobalFree
GlobalAlloc
InitializeCriticalSection
GetVersionExA
DeleteCriticalSection
LocalFree
LocalAlloc
SetupComm

user32

LoadStringA
RegisterWindowMessageA
KillTimer
SetTimer
UpdateWindow
SendMessageA
EnableWindow
PostMessageA
wsprintfA

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegOpenKeyA
RegQueryValueExA

Exports

Exports

CleanUp
Connect
Disconnect
GetConnName
GetConnStatus
GetConnType
GetDeviceList
GetNetInfo
Init
SetSwitchParam
ShowSetupDlg
SwitchNotify

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5eba22ca45a7385636a03ac0f037af9

Headers

File Characteristics

Imports

ws2_32

rasapi32

iphlpapi

mfc42

msvcrt

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 47KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 47KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 8KB - Virtual size: 5KB