NEAS[.]a5b347fa91fc57a4fdd086bc73d40450[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a5b347fa91fc57a4fdd086bc73d40450.exe
Size

2.2MB
MD5

a5b347fa91fc57a4fdd086bc73d40450
SHA1

696ddb66f8f8d2a0ac6393d22e487a0394fcd2fc
SHA256

084019b56a5b16bef0e75943fa5b5f5215ea379a0f6d38022ceb85269c8c15a6
SHA512

08886a32954167550f21f71ca61ffd68e35c36fd28cbcef1e99990d8270361d0e8cf97267e05288317cb9dcb4f65663f8b922793ab87e2de96721f5e83df50a9
SSDEEP

49152:uuSTFgPm/r4fXILr79Pj5/TkCqkGQBuBOy7UwmxiHC/ArE:lSiGe4L/9rFkClGQBu5Uwvix

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a5b347fa91fc57a4fdd086bc73d40450.exe

Files

NEAS.a5b347fa91fc57a4fdd086bc73d40450.exe
.dll windows:5 windows x86

439f37a291f723634e08b21dd4ff9309

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

DeleteObject
PlayMetaFile
GdiFlush

mprapi

MprConfigBufferFree

ole32

OleCreateFromFile

user32

EnumClipboardFormats
RegisterClassA
ToUnicodeEx
CreatePopupMenu
GetIconInfo
PostQuitMessage

advapi32

DecryptFileW
ImpersonateAnonymousToken
GetSecurityDescriptorDacl
AreAllAccessesGranted

kernel32

GetModuleFileNameA
GetCommModemStatus
GetModuleFileNameW
OutputDebugStringA
GetSystemDirectoryW
WaitForSingleObject
GetExitCodeProcess
PrepareTape
HeapCompact
LoadLibraryA
WaitForSingleObjectEx
SetEvent

winmm

waveOutSetVolume

urlmon

CoInternetQueryInfo
CoInternetSetFeatureEnabled

shell32

ExtractIconExA
SHFormatDrive
SHGetFolderPathW

setupapi

SetupFindNextMatchLineW

rpcrt4

NdrUserMarshalBufferSize

Exports

Exports

KhhfyRlpie

Sections

.text
Size: 52KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 760KB - Virtual size: 757KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

439f37a291f723634e08b21dd4ff9309

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

mprapi

ole32

user32

advapi32

kernel32

winmm

urlmon

shell32

setupapi

rpcrt4

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 48KB

.rdata Size: 760KB - Virtual size: 757KB

.data Size: 1.2MB - Virtual size: 1.2MB

PACK Size: 144KB - Virtual size: 142KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 24KB - Virtual size: 21KB

.text
Size: 52KB - Virtual size: 48KB

.rdata
Size: 760KB - Virtual size: 757KB

.data
Size: 1.2MB - Virtual size: 1.2MB

PACK
Size: 144KB - Virtual size: 142KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 24KB - Virtual size: 21KB