NEAS[.]e15246fcf998b68ff4684e13ee550c30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e15246fcf998b68ff4684e13ee550c30.exe
Size

183KB
MD5

e15246fcf998b68ff4684e13ee550c30
SHA1

4b195bbb080106acab6d40edc0d9fc93c7127be0
SHA256

6b2941a89ae385213c1a2f7c5398cdb1c1235c4db4476aa598639e88457372b6
SHA512

8caab045ac123eb6a22a5d4dac89318bc58e44a7ae01252fec1b7b0701080016508ab92f65546dd60f6643c6fa1bb62b09f9733a2ff2f07a6a0e0d1408e7c05a
SSDEEP

3072:wStyxLuA4y73eRbSUiq8KVGYCmonGihpJBOIYXBJLjcGLT8Y6j:wStyxKAV6ioZihpJuL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e15246fcf998b68ff4684e13ee550c30.exe

Files

NEAS.e15246fcf998b68ff4684e13ee550c30.exe
.dll windows:6 windows x86

d3375c760c18f3d39d416027b5050641

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_except_handler4_common
_amsg_exit
_initterm
free
malloc
_XcptFilter
_strnicmp
memset
memcpy

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventA
InitializeCriticalSection
InterlockedIncrement
GetLastError
InterlockedDecrement
WaitForMultipleObjectsEx
ExitThread
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedExchange
Sleep
ResetEvent
SetEvent
SetThreadPriority
CreateThread
WaitForSingleObject
GetVersionExA
DisableThreadLibraryCalls
HeapAlloc
GetProcessHeap
ReleaseMutex
UnmapViewOfFile
OpenMutexA
MapViewOfFile
CreateFileMappingA
HeapFree
GetCurrentProcessId
CreateProcessA
GetSystemDirectoryA
OpenEventA
HeapReAlloc
WideCharToMultiByte
MultiByteToWideChar
InterlockedCompareExchange
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

SetWindowLongA
SendMessageA
SetFocus
EndDialog
GetDlgItem
GetWindowLongA
GetDlgItemTextA
DialogBoxParamA
GetForegroundWindow

ws2_32

ioctlsocket
setsockopt
connect
getsockname
accept
recv
listen
WSAGetLastError
send
gethostbyname
gethostname
recvfrom
getpeername
__WSAFDIsSet
select
sendto
getsockopt
inet_ntoa
WSACleanup
WSAStartup
ntohs
bind
socket
inet_addr
closesocket
htons

winmm

timeGetTime

advapi32

AddAccessAllowedAce
RegQueryValueExA
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
InitializeAcl
RegCloseKey
FreeSid
SetSecurityDescriptorDacl
RegOpenKeyExA
RegEnumKeyExA

ntdll

ord1

dplayx

gdwDPlaySPRefCount

Exports

Exports

DPWS_BuildIPMessageHeader
DPWS_GetEnumPort
SPInit

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d3375c760c18f3d39d416027b5050641

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

user32

ws2_32

winmm

advapi32

ntdll

dplayx

Exports

Exports

Sections

.text Size: 38KB - Virtual size: 37KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 142KB - Virtual size: 141KB

.text
Size: 38KB - Virtual size: 37KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 142KB - Virtual size: 141KB