NEAS[.]5693645e618b6dc34ceeddf9dff360e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5693645e618b6dc34ceeddf9dff360e0.exe
Size

63KB
MD5

5693645e618b6dc34ceeddf9dff360e0
SHA1

25aa59b51cd2b9ce08d5ffbd3a547bbed0971a6d
SHA256

62e124b3a8113b5939e86f1d5e6a716582a2f652f1858093e387762bef1e279a
SHA512

a52cb0d50de7a07a8a2bfeffb4436bcfffe8a162ad44fb62b28f537a6d0f239c7c6762c0861e6bf75269c574760214e76b27d2c2cf07b1d4c2ff5e10588128db
SSDEEP

1536:YHbsF7Pr17x7E1pT8S3zV+0+8UclIihjsREZ2P:Ss77E12kBvhaEZ2P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5693645e618b6dc34ceeddf9dff360e0.exe

Files

NEAS.5693645e618b6dc34ceeddf9dff360e0.exe
.exe windows:5 windows x86

82ba199e214b19bf0aa05a93d04440e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ioctlsocket
connect
WSAStartup
getaddrinfo
WSAGetLastError
shutdown
WSACleanup
recv
socket
freeaddrinfo
closesocket
send

kernel32

InterlockedIncrement
SetEndOfFile
IsProcessorFeaturePresent
HeapReAlloc
HeapSize
FlushFileBuffers
CreateFileA
GetStringTypeW
ReadFile
FormatMessageW
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetProcAddress
GetModuleHandleW
ExitProcess
DecodePointer
GetCommandLineA
HeapSetInformation
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
SetStdHandle
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
GetLastError
GetFileType
WriteFile
WideCharToMultiByte
GetConsoleCP
SetHandleCount
GetStdHandle
GetStartupInfoW
DeleteCriticalSection
RtlUnwind
GetCPInfo
GetProcessHeap
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
LCMapStringW
MultiByteToWideChar
HeapFree
CreateFileW
CloseHandle
HeapAlloc
LoadLibraryW
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
SetFilePointer
Sleep
WriteConsoleW

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

82ba199e214b19bf0aa05a93d04440e6

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

kernel32

Sections

.text Size: 40KB - Virtual size: 39KB

.rdata Size: 13KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 40KB - Virtual size: 39KB

.rdata
Size: 13KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 4KB - Virtual size: 3KB