NEAS[.]fcd55ae57dc3029fe9997d68b58d0fd0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fcd55ae57dc3029fe9997d68b58d0fd0.exe
Size

89KB
MD5

fcd55ae57dc3029fe9997d68b58d0fd0
SHA1

7bf68cdebbd7d24aeb4cfe819328d306d670c5b0
SHA256

15f81b9db3593742ce9e3fd9659c9c53ddfd90c50aee7af95ac92e80a9b46b11
SHA512

2857e4509c791ba3c9feb1d849839c8a2b9fa1d24fceb279cd5f70ccccf14bb715d6747b77ee94679dee151b7b480d9306911792800212e0854828c3fd2a04c7
SSDEEP

1536:8V7Zyfxz7yxmkKnnYz9+0ecLY/zlI/J5eCXIgzXcSADw3uk9ZRQOuTc:8jyJzegY/TY/qDXIgWw3lZRQOuY

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fcd55ae57dc3029fe9997d68b58d0fd0.exe

Files

NEAS.fcd55ae57dc3029fe9997d68b58d0fd0.exe
.exe windows:5 windows x64

79f2a46f7b344d25c13b9f023a5bec76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ciril64

MEMFree
MEMSourceLine
MEMSourceName
debug
EDIPrintf
EDIEtiquette
SQLFetch
SQLCode
SQLError
SQLOpen
PARGet
SQLExecute
PARFiltre
MEMMalloc
SQLConnect
EDIOpen
PARObligatoire
PARInit
EDIGetVersion
SQLRelease
SQLClose
EDIClose
PARPresent

kernel32

GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapFree
CloseHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CompareStringA
MultiByteToWideChar
CompareStringW
SetEnvironmentVariableA
HeapAlloc
CreateFileA
SetStdHandle
FlushFileBuffers
HeapReAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

Sections

.text
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

79f2a46f7b344d25c13b9f023a5bec76

Headers

DLL Characteristics

File Characteristics

Imports

ciril64

kernel32

Sections

.text Size: 60KB - Virtual size: 60KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 6KB - Virtual size: 16KB

.pdata Size: 3KB - Virtual size: 2KB

.text
Size: 60KB - Virtual size: 60KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 6KB - Virtual size: 16KB

.pdata
Size: 3KB - Virtual size: 2KB