NEAS[.]6caafa8b6cd1a0f19959420c142fbd90[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.6caafa8b6cd1a0f19959420c142fbd90.exe
Size

729KB
MD5

6caafa8b6cd1a0f19959420c142fbd90
SHA1

388790ce49ad9a89db71ba0a521cf8d0b79e95a3
SHA256

a24aaf393abe8d382cf9f7bcbf7c619fdc15d295cadfd780ebd5b5e5124c374d
SHA512

f5d8247896286db10ab7d5671974591d4c7e72f4233f9538fa321bbfd3ecc87145e104e1bad452c100012ac7143b0ca4d56412bdcef4e48931fc6139a080b71e
SSDEEP

12288:2ogVmtWTa0NJqy1xUBL8252uui8FbECP7BhdfswdJ0NXdU8ZWH7DEP1rCJ7U3g:2ogVmtWTa0NJDxt2rR8FfBhRJUEbDk1c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6caafa8b6cd1a0f19959420c142fbd90.exe

Files

NEAS.6caafa8b6cd1a0f19959420c142fbd90.exe
.exe windows:5 windows x64

2ee77452bc96dcf5b638773db66c7b26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
WideCharToMultiByte
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
CloseHandle
MulDiv
MultiByteToWideChar
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLastError
HeapFree
RaiseException
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringA
HeapAlloc
GetVersionExW
LCMapStringW
GetCPInfo
HeapSetInformation
HeapCreate
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
FlsAlloc
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
HeapReAlloc
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoW
GetACP
GetOEMCP
VirtualProtect
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
GetStringTypeW
GetLocaleInfoW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
SetStdHandle
WriteConsoleW
SetFilePointer
InitializeCriticalSectionAndSpinCount
CreateFileW
LoadLibraryExW
SetEndOfFile
GetProcessHeap
ReadFile

gdi32

GetRgnBox
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
CreateFontA
CreateFontW
SetBkMode
BeginPath
SetTextAlign
TextOutA
TextOutW
EndPath
GetPath
DeleteDC
DeleteObject
PathToRegion

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2ee77452bc96dcf5b638773db66c7b26

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

Sections

.text Size: 116KB - Virtual size: 116KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 8KB - Virtual size: 16KB

.pdata Size: 7KB - Virtual size: 6KB

.rsrc Size: 568KB - Virtual size: 572KB

.text
Size: 116KB - Virtual size: 116KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 568KB - Virtual size: 572KB