NEAS[.]af766463e974566031a21e5035628d80[.]exe

General

Target

NEAS.af766463e974566031a21e5035628d80.exe
Size

26KB
MD5

af766463e974566031a21e5035628d80
SHA1

66b3cd1529c29d29c4be1c69c083d013e1952b1e
SHA256

b40fdbeb5b1df550c64c7f7044cae21ab5c80526ea3ee8c33a884cafaa8d83e1
SHA512

ed96d00cadc1ea830ffa55e3e42be85c43ef5e2f8d89fb859124911a7be9ee10cddd1721c6dbf9f3c28cd40a6d546f28c2dfd5f3f69271291e71d66987eadef2
SSDEEP

768:K9CrhQ+a5HolebDegWW84puiN8whI7JjiHZLil71R6dfb4NE:X6+gHyYyg7u2ukVil71cl4N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.af766463e974566031a21e5035628d80.exe

Files

NEAS.af766463e974566031a21e5035628d80.exe
.dll windows:4 windows x86

cf6f1341a52803234928306526fcd240

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExA
RegCloseKey

kernel32

CloseHandle
CreateThread
ExitProcess
FlushFileBuffers
FreeEnvironmentStringsA
GetCommandLineA
GetCurrentThreadId
GetEnvironmentStringsA
GetExitCodeThread
GetLastError
GetLocalTime
GetModuleHandleA
GetStartupInfoA
GetSystemInfo
GetVersionExA
GlobalAlloc
GlobalFree
MultiByteToWideChar
ReadFile
ResumeThread
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WideCharToMultiByte
WriteFile

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

user32

SendNotifyMessageA

wsock32

accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getservbyname
listen
recv
recvfrom
select
send
sendto
setsockopt
socket
WSAAsyncSelect
WSACleanup
WSAGetLastError
WSAStartup

Exports

Exports

LIBMAIN
ipPAI_Data
ipPAI_DataS
ipPAI_Login
ipPAI_LoginS
ipPAI_Passport
ipPAI_PassportS
ipPAI_Reply
ipPAI_ReplyS
ipPAI_Version
ipPAI_VersionS

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rloc
Size: 1024B - Virtual size: 680B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cf6f1341a52803234928306526fcd240

Headers

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

user32

wsock32

Exports

Exports

Sections

.text Size: 22KB - Virtual size: 21KB

.data Size: 1024B - Virtual size: 1KB

.link Size: 2KB - Virtual size: 1KB

.rloc Size: 1024B - Virtual size: 680B

.text
Size: 22KB - Virtual size: 21KB

.data
Size: 1024B - Virtual size: 1KB

.link
Size: 2KB - Virtual size: 1KB

.rloc
Size: 1024B - Virtual size: 680B