NEAS[.]1546542c956ae421e2d06a6b11c39f30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1546542c956ae421e2d06a6b11c39f30.exe
Size

2.5MB
MD5

1546542c956ae421e2d06a6b11c39f30
SHA1

14ab09e69f5b882708e3036c10d86a37661ce17e
SHA256

5a0efae945033aa7f5dc9df1c26cd3c723fc2b0249f9d5376866fe15a18dd31d
SHA512

c92da6b8bb01dc2cc5ca6e94f4eeda6afcc9e4b20cdb0ad99bea6d47f7b3ee9bcf229ce21f424e49931a41b1019a1b5ff2f587c8ba763394f7fd7fa55d250fc8
SSDEEP

24576:RENJKEt6dq8hXj8R2vxW870KHpe5GqR6FokG81Cvz44sLy0aZJQ5Te6LGmxtSP+Z:RENwzIR257BIIqR6FoRvku04YLG3MT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1546542c956ae421e2d06a6b11c39f30.exe

Files

NEAS.1546542c956ae421e2d06a6b11c39f30.exe
.exe windows:5 windows x86

bc5ce9212a98c781316c39a0a5c45ffb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryW
CopyFileW
GetModuleFileNameW
CreateProcessW
GetCommandLineW
lstrcatW
GetCurrentDirectoryW
ReleaseMutex
WaitForSingleObject
CreateMutexW
Sleep
GetProcAddress
GetSystemDirectoryW
FindResourceExW
OutputDebugStringW
FreeLibrary
DeleteFileW
EndUpdateResourceW
UpdateResourceW
BeginUpdateResourceW
ReadFile
GetFileSize
SetFilePointer
Process32NextW
TerminateProcess
OpenProcess
Process32FirstW
CreateToolhelp32Snapshot
LocalUnlock
LocalLock
LocalFree
LocalAlloc
UnmapViewOfFile
MapViewOfFile
GetVersionExW
VirtualQuery
FindResourceW
GetLastError
CreateEventW
DeviceIoControl
GetDriveTypeW
lstrlenW
ExitProcess
CreateThread
GetStartupInfoW
SetEndOfFile
CreateFileA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
CompareStringW
GetLocaleInfoW
IsValidCodePage
GetOEMCP
GetACP
HeapCreate
HeapQueryInformation
SetConsoleCtrlHandler
WriteConsoleW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetFileType
GetStdHandle
SetHandleCount
GetCurrentProcessId
LoadResource
LockResource
SizeofResource
CreateFileW
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetModuleHandleW
RaiseException
SetEvent
OpenEventA
OutputDebugStringA
MultiByteToWideChar
lstrlenA
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualAlloc
GetSystemInfo
CreateFileMappingA
GetCurrentThread
OpenFileMappingA
InterlockedIncrement
InterlockedDecrement
GetLogicalDrives
InitializeCriticalSection
FindClose
FindNextFileW
FindFirstFileW
SetLastError
WideCharToMultiByte
GetStringTypeW
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
RtlUnwind
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
IsBadReadPtr
GetCPInfo
HeapSetInformation
GetModuleFileNameA
LCMapStringW
FatalAppExitA
TlsAlloc
TlsGetValue
TlsSetValue
GetCurrentThreadId
TlsFree
SetFileAttributesW

user32

EndDialog
RegisterHotKey
MessageBoxW
DialogBoxParamW
DestroyWindow
DefWindowProcW
BeginPaint
EndPaint
PostQuitMessage
CreateWindowExW
ShowWindow
UpdateWindow
LoadIconW
RegisterClassExW
LoadStringW
LoadAcceleratorsW
GetMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
FindWindowW
PostMessageW
GetCursorPos
WindowFromPoint
GetParent
GetWindowTextW
wsprintfW
LoadCursorW

gdi32

TextOutW

advapi32

LsaNtStatusToWinError
RevertToSelf
SetThreadToken
OpenThreadToken
GetSecurityInfo
SetEntriesInAclW
SetSecurityInfo

shell32

ShellExecuteW

Sections

.textbss
Size: - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 647KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bc5ce9212a98c781316c39a0a5c45ffb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

Sections

.textbss Size: - Virtual size: 305KB

.text Size: 647KB - Virtual size: 647KB

.rdata Size: 115KB - Virtual size: 114KB

.data Size: 8KB - Virtual size: 19KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1.7MB - Virtual size: 1.7MB

.reloc Size: 30KB - Virtual size: 29KB

.textbss
Size: - Virtual size: 305KB

.text
Size: 647KB - Virtual size: 647KB

.rdata
Size: 115KB - Virtual size: 114KB

.data
Size: 8KB - Virtual size: 19KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1.7MB - Virtual size: 1.7MB

.reloc
Size: 30KB - Virtual size: 29KB