NEAS[.]d02b31cd3e3bbfead0c2bb9819007d10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d02b31cd3e3bbfead0c2bb9819007d10.exe
Size

204KB
MD5

d02b31cd3e3bbfead0c2bb9819007d10
SHA1

10de78387bb2047a08edfcefff3034c3b910379c
SHA256

d511a2536b2e413d2aec0ef7ad5ecf6c7799116fab3f5ccc0336c24d49f70b1e
SHA512

0d76a404cd3f328e1ea6284ecbdfc1cd96b8bb7cf4ab2c6ae5176b369f34c20576f93039f1329331bf604cd49cfbf61b273e914e604d3f93160ff3f16bf97ba5
SSDEEP

3072:HnBvpZUsD3OTRCtD1o1vtiEg3qp6COWCQVzf74sLHduDV5G2l0/D:J9rOdCtD14IjlLofFLHEDVQ/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d02b31cd3e3bbfead0c2bb9819007d10.exe

Files

NEAS.d02b31cd3e3bbfead0c2bb9819007d10.exe
.dll windows:4 windows x86

c7fab51d14f5482eca3e2717baf4d76f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

PlaySoundA
mciSendStringA

imm32

ImmEscapeA
ImmGetContext

kernel32

lstrlenA
WideCharToMultiByte
lstrcpynA
MultiByteToWideChar
HeapAlloc
HeapCreate
HeapFree
GetLastError
SetLastError
GetSystemTime
GetModuleHandleA
SetEndOfFile
GlobalLock
GlobalAlloc
GlobalFree
GlobalUnlock
RaiseException
LocalFree
lstrcpyA
GetTempFileNameA
GetTempPathA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
WriteFile
ReadFile
SetFilePointer
SetErrorMode
CreateFileA
UnmapViewOfFile
CreateMutexA
WaitForSingleObject
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
ReleaseMutex
CloseHandle
LoadLibraryA
GetProcAddress
FreeLibrary
FindClose
LocalAlloc
FindFirstFileA
QueryPerformanceCounter
RtlUnwind
HeapReAlloc
GetCurrentThreadId
GetCommandLineA
GetVersionExA
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
HeapSize
LCMapStringA
LCMapStringW
GetACP
GetOEMCP
GetCPInfo
HeapDestroy
VirtualFree
VirtualAlloc
IsBadWritePtr
InterlockedExchange
VirtualQuery
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
InitializeCriticalSection
GetLocaleInfoA
VirtualProtect
GetSystemInfo
GetStringTypeA
GetStringTypeW

user32

FillRect
SetRect
GetDesktopWindow
wsprintfA

gdi32

GetDeviceCaps
CreateCompatibleBitmap
SetStretchBltMode
CreateSolidBrush
SelectPalette
RealizePalette
StretchDIBits
GetTextColor
CreateCompatibleDC
SelectObject
BitBlt
StretchBlt
DeleteDC
CreateDIBitmap
CreatePalette
GetObjectA
DeleteObject
GetBkColor

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA

Exports

Exports

RT_GetDate2
RT_GetLotNo2
RT_NotifyDrtUpdate2

Sections

.text
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

init
Size: 4KB - Virtual size: 445B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GFC_TEXT
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c7fab51d14f5482eca3e2717baf4d76f

Headers

File Characteristics

Imports

winmm

imm32

kernel32

user32

gdi32

advapi32

shell32

Exports

Exports

Sections

.text Size: 140KB - Virtual size: 136KB

init Size: 4KB - Virtual size: 445B

GFC_TEXT Size: 24KB - Virtual size: 20KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 6KB

.rsrc Size: 4KB - Virtual size: 800B

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 140KB - Virtual size: 136KB

init
Size: 4KB - Virtual size: 445B

GFC_TEXT
Size: 24KB - Virtual size: 20KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 4KB - Virtual size: 800B

.reloc
Size: 8KB - Virtual size: 7KB