NEAS[.]70baaa6f97070fc6c16edba699bd3a30[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.70baaa6f97070fc6c16edba699bd3a30.exe
Size

415KB
MD5

70baaa6f97070fc6c16edba699bd3a30
SHA1

145e6c4880de631d007a11336e3708e1fbfe4c00
SHA256

71e6dac9fc21e3bc71884cde856b6d1b928493396d58085c5edf2a3f34895fbe
SHA512

5cebbc4dbe45cb083cc7809c162bc6fb40c511d279533bbf2e340936b8ea8cd2485283e0639b39465c86839bcb089eddb87ec53216227983cb08616e1a97f285
SSDEEP

12288:7NArmwJjPnHDrNOESP8YiUYwUq4dtmJjnln4/LB68G97to:aFpN+ibsJBB39Jo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.70baaa6f97070fc6c16edba699bd3a30.exe

Files

NEAS.70baaa6f97070fc6c16edba699bd3a30.exe
.exe windows:5 windows x86

5d8a3c164c606166f2b34e21e0fe09bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

inet_addr
gethostbyname
gethostbyaddr
getsockopt
send
recv
getsockname
listen
accept
ntohl
htonl
connect
bind
setsockopt
WSAStartup
ioctlsocket
WSAGetLastError
closesocket
WSASetLastError
socket
gethostname
getservbyname
ntohs
select
htons
__WSAFDIsSet

advapi32

RegOpenKeyExA
RegQueryValueExA
GetUserNameA

kernel32

WriteConsoleW
SetStdHandle
HeapSize
GetStringTypeW
LCMapStringW
GetExitCodeProcess
RtlUnwind
CompareStringW
GetConsoleMode
LoadLibraryW
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
CreateFileW
GetConsoleCP
DeleteCriticalSection
GetFileType
GetLastError
GetProcessAffinityMask
GetCurrentProcess
GlobalMemoryStatus
GetSystemInfo
GetStdHandle
SetConsoleCtrlHandler
GetSystemTimeAsFileTime
GetCurrentProcessId
CloseHandle
SetEvent
WaitForSingleObject
ResetEvent
CreateEventA
MoveFileExA
GetFileAttributesA
SetEndOfFile
FlushFileBuffers
LockFileEx
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
FindClose
FindNextFileA
FindFirstFileA
CreateProcessA
GetStartupInfoA
GetProcAddress
LoadLibraryA
GetTempFileNameA
GetTempPathA
TerminateProcess
FormatMessageA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InterlockedDecrement
InterlockedIncrement
ReadFile
WriteFile
SetFilePointer
WaitForMultipleObjects
VirtualProtect
AddVectoredExceptionHandler
GetFileSize
SetLastError
CreateFileA
HeapFree
HeapAlloc
MultiByteToWideChar
CreateDirectoryA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
DeleteFileA
RemoveDirectoryA
ExitThread
CreateThread
HeapReAlloc
GetCommandLineA
HeapSetInformation
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
WideCharToMultiByte
GetTimeZoneInformation
RaiseException
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
HeapCreate
ExitProcess
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetEnvironmentVariableW
Sleep
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

Exports

Exports

addr
b9
conn
d9
dj
dl
dot
es
host
ja
jk
js
k
ka
kb
kc
kd
ke
kf
kg
kh
ki
kj
knk
knt
kp
kpn
krr
ks
kt
ktd
ktj
ktn
kz
okx
orr
r0
r1
rcv
sd0
sd0x
sd1
setm
sn
snd
ss
xD
xT
ymd

Sections

.text
Size: 339KB - Virtual size: 338KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 524KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d8a3c164c606166f2b34e21e0fe09bb

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

kernel32

Exports

Exports

Sections

.text Size: 339KB - Virtual size: 338KB

.rdata Size: 51KB - Virtual size: 51KB

.data Size: 7KB - Virtual size: 524KB

.tls Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 14KB

.text
Size: 339KB - Virtual size: 338KB

.rdata
Size: 51KB - Virtual size: 51KB

.data
Size: 7KB - Virtual size: 524KB

.tls
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 14KB