NEAS[.]1b162f752cb0596b3e27d44f959e5f50[.]exe

General

Target

NEAS.1b162f752cb0596b3e27d44f959e5f50.exe
Size

237KB
MD5

1b162f752cb0596b3e27d44f959e5f50
SHA1

12c83f0f6e27ec9a3ec65e9142402c13a2937ed1
SHA256

8681689b3a85c9c9a8065b6c60e635c52ac665718caa570a9264883c629cee32
SHA512

19e521f293c92de500f9a63d4b9e329eb02a2fdcfd06ee72955cebd6758be9e9d3ec091f9256113b07112ff9920f542228ddc442907a7254c7a39b92abde363e
SSDEEP

3072:A/SFGOO8mQIwlRSh+DAryiB1v4BWLk+mS7oL71JvtLBx3klMqqDLy/i76:6SFGONrSh+xiB9qSSH3kGqqDLuV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1b162f752cb0596b3e27d44f959e5f50.exe

Files

NEAS.1b162f752cb0596b3e27d44f959e5f50.exe
.dll windows:4 windows x86

b3082620fcaaff56ea0144da2aed839e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
LoadLibraryA
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
ExitProcess
LocalAlloc
LocalFree
CreateFileA
SetFilePointer
CloseHandle
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WriteFile
DeleteFileA
CreateDirectoryA
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
WinExec
lstrcpyA
lstrcpynA
lstrcatA
lstrlenA

user32

MessageBoxA

shell32

ShellExecuteA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

_SetacrxPtp
acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 20KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_BSS
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

LYSoft
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

b3082620fcaaff56ea0144da2aed839e

Headers

File Characteristics

Imports

kernel32

user32

shell32

advapi32

Exports

Exports

Sections

.text Size: 156KB - Virtual size: 155KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 20KB - Virtual size: 300KB

_BSS Size: 4KB - Virtual size: 16B

.rsrc Size: 4KB - Virtual size: 848B

.reloc Size: 28KB - Virtual size: 24KB

LYSoft Size: 1KB - Virtual size: 4KB

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 20KB - Virtual size: 300KB

_BSS
Size: 4KB - Virtual size: 16B

.rsrc
Size: 4KB - Virtual size: 848B

.reloc
Size: 28KB - Virtual size: 24KB

LYSoft
Size: 1KB - Virtual size: 4KB