NEAS[.]4a89821d1579ce420179264424d7dcc0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4a89821d1579ce420179264424d7dcc0.exe
Size

151KB
MD5

4a89821d1579ce420179264424d7dcc0
SHA1

4d4f408cd7e3db48c19c96c24cac8d0d2636ae7f
SHA256

9ec51ef329357055b7d71baf0165315a46242115c82a62f90185e5c3b2a559aa
SHA512

04c9598b0b9ccd96f6bd055efdefeca6fcc0c1c6533897ca476c8de8365cf9893bfac7f16bc683087a5951718e18204f890281777890ea99a53929b5e21888a7
SSDEEP

3072:DkpCbqA8q9gETXFrX7RCSkkQTZ9+7vXeMLzn+GV:Dk6fTt0SY9+7vdn+u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4a89821d1579ce420179264424d7dcc0.exe

Files

NEAS.4a89821d1579ce420179264424d7dcc0.exe
.exe windows:5 windows x86

10816aa56adcbb2d16983a9d0748191c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

wvsprintfA
MessageBoxA

urlmon

HlinkGoForward
URLDownloadToFileW

ws2_32

gethostbyname
recv
getprotobynumber
listen
ntohs
gethostbyaddr
send

opengl32

glTexCoord1dv
wglGetProcAddress
glColor4sv
glDrawPixels
glPushMatrix
glCopyPixels
glLoadMatrixf
glEndList

crypt32

CryptGetDefaultOIDFunctionAddress
CertFindSubjectInCTL
CertSetStoreProperty
CertGetValidUsages
CertRegisterSystemStore
CryptMsgEncodeAndSignCTL
CertOpenSystemStoreW

mpr

WNetAddConnectionW
WNetDisconnectDialog
WNetGetResourceInformationA
WNetGetUserA
WNetConnectionDialog1A
WNetConnectionDialog1W

kernel32

LoadLibraryW
Sleep
HeapFree
RtlUnwind
GetOEMCP
GetACP
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapAlloc
HeapReAlloc
HeapSize
IsValidCodePage
TlsGetValue
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
GetFileType
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetStdHandle
GetSystemTimeAsFileTime
GetCommandLineA
HeapSetInformation
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsSetValue
DecodePointer
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
GetProcAddress
IsProcessorFeaturePresent
ExitProcess
WriteFile
GetModuleFileNameW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 192KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

10816aa56adcbb2d16983a9d0748191c

Headers

DLL Characteristics

File Characteristics

Imports

user32

urlmon

ws2_32

opengl32

crypt32

mpr

kernel32

Sections

.text Size: 19KB - Virtual size: 18KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 7KB

.rsrc Size: 114KB - Virtual size: 192KB

.text
Size: 19KB - Virtual size: 18KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 7KB

.rsrc
Size: 114KB - Virtual size: 192KB