NEAS[.]81b0b303e6e0bd6d5b295672e4c9f5a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.81b0b303e6e0bd6d5b295672e4c9f5a0.exe
Size

128KB
MD5

81b0b303e6e0bd6d5b295672e4c9f5a0
SHA1

f5b1c06add282e8b26780678c037e36300b5d218
SHA256

051270c8c90e43e0303337e48393a6ebd9a4485e31d9e1377ecc541c997786d8
SHA512

dfb2b117d2d2d5df014283ff51b6994a82b717ec506f66d70af1b92438b110f213eaf88e064a27560c81ba6b97b3269cfbb274bb22765ad1b72b698fc5f9954b
SSDEEP

3072:I9po+EzEXLxfem/KIqnEe4XzFWBSs9VCqQNq1Uuq1gLUdSMwQs3YVTyqvZzQM:V+EkSXEe8ZUSsGXq1Uuq1gLUdSMwQs3K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.81b0b303e6e0bd6d5b295672e4c9f5a0.exe

Files

NEAS.81b0b303e6e0bd6d5b295672e4c9f5a0.exe
.exe windows:5 windows x64

f344ca03f7a788c09aab783a6e9b6278

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ciril64

EDIClose
debug
SQLRelease
MEMFree
MEMSourceLine
MEMSourceName
SQLError
SQLCode
SQLExecute
EDIPrintf
EDIEtiquette
DATFormate
DATJour
SQLClose
SQLFetch
SQLOpen
PARSprintf
SQLConnect
EDIOpen
PARGet
PARPresent
PARInit
MEMStrDup
MEMMalloc
DATDecompose
DATDate
SQLCompleteBind
SQLGetBindInfo
SQLGetNbBinds
SQLPrepareBind
EDIGetVersion
PARFiltre

kernel32

GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetSystemTimeAsFileTime
GetCommandLineA
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
WriteFile
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapSize
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CompareStringA
MultiByteToWideChar
CompareStringW
SetEnvironmentVariableA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
ReadFile
CloseHandle
CreateFileA

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f344ca03f7a788c09aab783a6e9b6278

Headers

DLL Characteristics

File Characteristics

Imports

ciril64

kernel32

Sections

.text Size: 93KB - Virtual size: 92KB

.rdata Size: 23KB - Virtual size: 23KB

.data Size: 7KB - Virtual size: 38KB

.pdata Size: 3KB - Virtual size: 3KB

.text
Size: 93KB - Virtual size: 92KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 7KB - Virtual size: 38KB

.pdata
Size: 3KB - Virtual size: 3KB