NEAS[.]fdaf863b958d14cf2333cfaa60c93e70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fdaf863b958d14cf2333cfaa60c93e70.exe
Size

117KB
MD5

fdaf863b958d14cf2333cfaa60c93e70
SHA1

61280f06028e6c5e9b8e98d3ea5ccfa0b295041b
SHA256

f7e77fa5dddbdf1273967ef4d05ce35ae70c907251dfadec8a3359f51d88e1e2
SHA512

bdc8120964ffa56e0a99b343fd807722d252b8ec3096bbb1b1c2e7647089df12521ef2baed2c78b8332c5183c34e35824679228f47b7f9a6dda8306c5a4695f3
SSDEEP

3072:I4ztI3JcvnwVFLAhtzEjakQoTIZhwFA/ehPwZLQJD:I5c4VBAJkQoTIbwO/owZkD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fdaf863b958d14cf2333cfaa60c93e70.exe

Files

NEAS.fdaf863b958d14cf2333cfaa60c93e70.exe
.exe windows:5 windows x64

0a060d029eef53159eb3f62f74548568

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ciril64

PARGet
EDIPrintf
EDIEtiquette
PARPresent
EDIGoto
EDISkip
EDINiveau
MEMFree
MEMSourceLine
MEMSourceName
DATAjoute
MEMMalloc
DATDifference
DATFormate
DATTest
SQLClose
SQLExecute
EDILibereRuptures
EDIEdite
EDIRupture
SQLCode
SQLError
SQLOpen
debug
PARFiltre
PARScan
SQLCommit
EDIClose
SQLRelease
SQLConnect
EDIOpen
PARObligatoire
PARInit
EDIGetVersion

kernel32

GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
GetLastError
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
WideCharToMultiByte
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
MultiByteToWideChar
GetLocaleInfoA
HeapAlloc
HeapReAlloc
CompareStringA
CompareStringW
SetEnvironmentVariableA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
ReadFile
FlushFileBuffers
CreateFileA
CloseHandle

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a060d029eef53159eb3f62f74548568

Headers

DLL Characteristics

File Characteristics

Imports

ciril64

kernel32

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 25KB - Virtual size: 25KB

.data Size: 9KB - Virtual size: 21KB

.pdata Size: 3KB - Virtual size: 3KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 25KB - Virtual size: 25KB

.data
Size: 9KB - Virtual size: 21KB

.pdata
Size: 3KB - Virtual size: 3KB