NEAS[.]abd4b18b3c461ef6749e2b7293845e30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.abd4b18b3c461ef6749e2b7293845e30.exe
Size

72KB
MD5

abd4b18b3c461ef6749e2b7293845e30
SHA1

da323fe23ead8fd637a625b23647a209067d6230
SHA256

c686add8368794793291529fbabe6968f0ad38557b7fb5b0a08e6c8accfaf226
SHA512

5fee34b4534288f779816313501ee44a8d999dd2cc55c88379696238b8a3813f4e114dd17b50d40575c30fa9c1ce0b7dd2d856ad75757aace1c4dfc44d53804b
SSDEEP

384:I9JWVcM6PSj6Xs1YkzYBYe+0GfzR0hSuJrr47A4Y3ktbWcRscKE+Wi:I9Jacjhs1ha/+jzRMSuJr8SApRs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.abd4b18b3c461ef6749e2b7293845e30.exe

Files

NEAS.abd4b18b3c461ef6749e2b7293845e30.exe
.dll windows:4 windows x64

8bf383bee8f932d956d1ae8307123c59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

combase

WindowsCreateString
WindowsGetStringRawBuffer

kernel32

DisableThreadLibraryCalls
EnterCriticalSection
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapReAlloc
IsBadStringPtrW
LeaveCriticalSection

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
calloc
free
fwrite
getenv
memcmp
memmove
strchr
strcmp
strcspn
strlen
wcscmp

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 320B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8bf383bee8f932d956d1ae8307123c59

Headers

DLL Characteristics

File Characteristics

Imports

combase

kernel32

ntdll

ucrtbase

Exports

Exports

Sections

.text Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 384B

.rodata Size: 4KB - Virtual size: 20B

.rdata Size: 12KB - Virtual size: 8KB

.pdata Size: 4KB - Virtual size: 1KB

.xdata Size: 4KB - Virtual size: 884B

.bss Size: - Virtual size: 320B

.edata Size: 12KB - Virtual size: 8KB

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 736B

.reloc Size: 4KB - Virtual size: 200B

.text
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 384B

.rodata
Size: 4KB - Virtual size: 20B

.rdata
Size: 12KB - Virtual size: 8KB

.pdata
Size: 4KB - Virtual size: 1KB

.xdata
Size: 4KB - Virtual size: 884B

.bss
Size: - Virtual size: 320B

.edata
Size: 12KB - Virtual size: 8KB

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 736B

.reloc
Size: 4KB - Virtual size: 200B