NEAS[.]89cd6347b1b612b087c39c08e4a340b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.89cd6347b1b612b087c39c08e4a340b0.exe
Size

583KB
MD5

89cd6347b1b612b087c39c08e4a340b0
SHA1

ab90f686c7c3d8775e59fc8547302aa5d21ad7d1
SHA256

e05b4b3444af9ce74b780cf19ff396d6844c200f7a946d4c74bc775dfce288ba
SHA512

c944d6ca1e11bef74d5acf2f2f910ecffa389827831cb458e4d3edead20e557c41714a8f010e0a5fdd32d692f1b763e243a10166bd1ac914bcffbcad3f915da0
SSDEEP

12288:b0DudXezE09Si/ckGHt6pshsPSGkYl2XIQCb+Lk1TWbPXQnAN5L:YgXe4i7ojhsP5Lgrk1TWb4AN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.89cd6347b1b612b087c39c08e4a340b0.exe

Files

NEAS.89cd6347b1b612b087c39c08e4a340b0.exe
.exe windows:6 windows x64

a2b7716283c3a256eccc0d3dd52fbc4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

hcreg12

?GetProductName@@YA?AV?$CStringT@_WV?$StrTraitMFC_DLL@_WV?$ChTraitsCRT@_W@ATL@@@@@ATL@@XZ

mfc110u

ord12045
ord13909
ord11503
ord11502
ord1962
ord7516
ord12457
ord3890
ord3952
ord8939
ord14036
ord7498
ord7566
ord12056
ord12055
ord2385
ord5059
ord7868
ord12376
ord7928
ord8011
ord5580
ord285
ord2866
ord14108
ord5991
ord14110
ord5993
ord14109
ord5992
ord3673
ord5577
ord11759
ord11767
ord4384
ord7765
ord9969
ord11771
ord11739
ord12438
ord4959
ord5239
ord5427
ord8891
ord5215
ord5430
ord4962
ord5105
ord4943
ord7310
ord7311
ord7301
ord5103
ord7767
ord9786
ord8750
ord6477
ord4595
ord4594
ord296
ord2160
ord2217
ord1027
ord1494
ord286
ord1441
ord977
ord7245
ord9915
ord1482
ord2316
ord14030

msvcr110

_amsg_exit
__crtGetShowWindowMode
_XcptFilter
_wmakepath_s
__CxxFrameHandler3
__wgetmainargs
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crtCapturePreviousContext
__crtTerminateProcess
__crtUnhandledException
__crt_debugger_hook
__crtSetUnhandledExceptionFilter
?terminate@@YAXXZ
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
_commode
_fmode
_wcmdln
__C_specific_handler
_initterm
_initterm_e
__setusermatherr
_configthreadlocale
_cexit
_exit
exit
__set_app_type
_wsplitpath_s

kernel32

GetCurrentThreadId
GetModuleFileNameW
GetProcAddress
FreeLibrary
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
LoadLibraryW
GetCurrentProcessId
QueryPerformanceCounter
DecodePointer
EncodePointer

user32

MessageBoxW

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a2b7716283c3a256eccc0d3dd52fbc4e

Headers

DLL Characteristics

File Characteristics

Imports

hcreg12

mfc110u

msvcr110

kernel32

user32

Sections

.text Size: 4KB - Virtual size: 4KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 512B - Virtual size: 2KB

.pdata Size: 512B - Virtual size: 396B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 512B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 396B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 568KB - Virtual size: 572KB