NEAS[.]a210b1c1971bfe084b7945ee75752b10[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a210b1c1971bfe084b7945ee75752b10.exe
Size

6.2MB
MD5

a210b1c1971bfe084b7945ee75752b10
SHA1

76eb9b256498b247b489184bda2ad4903cfdf7c1
SHA256

593e53e545c40763becb4bd69491bc0d427c17b6265a9a2ab54a15a9a97b2ab4
SHA512

70e25d19eddce7c7a8a98c217ebbfc1531a08539bbc0908d7e1534e8e1aed8c5396218da1f1261ffd02cf95a984e3bb71404b75354d076ec9954b6638430ab54
SSDEEP

98304:ngwkQ7KIqMeMKU5C/+JOrRYI9urj6KvySznefhv3z:ngwkmiMKU5CQWRY2/t

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a210b1c1971bfe084b7945ee75752b10.exe

Files

NEAS.a210b1c1971bfe084b7945ee75752b10.exe
.exe windows:5 windows x86

bc5ce9212a98c781316c39a0a5c45ffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
CopyFileW
GetModuleFileNameW
CreateProcessW
GetCommandLineW
lstrcatW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObject
CreateMutexW
Sleep
GetProcAddress
GetSystemDirectoryW
FindResourceExW
OutputDebugStringW
FreeLibrary
DeleteFileW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
ReadFile
GetFileSize
SetFilePointer
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
LocalUnlock
LocalLock
LocalFree
LocalAlloc
UnmapViewOfFile
MapViewOfFile
GetVersionExW
VirtualQuery
FindResourceW
GetLastError
CreateEventW
DeviceIoControl
GetDriveTypeW
lstrlenW
ExitProcess
CreateThread
GetStartupInfoW
SetEndOfFile
CreateFileA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CompareStringW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
HeapQueryInformation
SetConsoleCtrlHandler
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcessId
LoadResource
LockResource
SizeofResource
CreateFileW
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetModuleHandleW
RaiseException
SetEvent
OpenEventA
OutputDebugStringA
MultiByteToWideChar
lstrlenA
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetSystemInfo
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetLogicalDrives
InitializeCriticalSection
FindClose
FindNextFileW
FindFirstFileW
SetLastError
WideCharToMultiByte
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
GetCPInfo
HeapSetInformation
GetModuleFileNameA
LCMapStringW
FatalAppExitA
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetFileAttributesW

user32

EndDialog
RegisterHotKey
MessageBoxW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
CreateWindowExW
ShowWindow
UpdateWindow
LoadIconW
RegisterClassExW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowW
PostMessageW
GetCursorPos
WindowFromPoint
GetParent
GetWindowTextW
wsprintfW
LoadCursorW

gdi32

TextOutW

advapi32

LsaNtStatusToWinError
RevertToSelf
SetThreadToken
OpenThreadToken
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo

shell32

ShellExecuteW

Sections

.textbss
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc5ce9212a98c781316c39a0a5c45ffb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.textbss Size: - Virtual size: 305KB

.text Size: 647KB - Virtual size: 647KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 8KB - Virtual size: 19KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 5.4MB - Virtual size: 5.4MB

.reloc Size: 30KB - Virtual size: 29KB

.textbss
Size: - Virtual size: 305KB

.text
Size: 647KB - Virtual size: 647KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 8KB - Virtual size: 19KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 5.4MB - Virtual size: 5.4MB

.reloc
Size: 30KB - Virtual size: 29KB