NEAS[.]c7c23d14bd8b63a059b6a4084b533870[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c7c23d14bd8b63a059b6a4084b533870.exe
Size

1.9MB
MD5

c7c23d14bd8b63a059b6a4084b533870
SHA1

56bcfb32454cc0663f55cf34842c358d6e079437
SHA256

ece8a4d3833002325db415b8217faeb8f6713476a0300efa401636055d6ffa8e
SHA512

380916aa81570a8d1bbf9f5e64f0d1a4e10c78d712366147b807bb396aeb081dbd1eaf42e96e8c2e2e6524094ac30a33ad980dbf064cf462bbd678e0e9ac5003
SSDEEP

49152:e3skL3JhrO3An8ikxqco9p39hTyVvp/TfupcAGEE4CB:askL3JBp8ikxqco9xyVvpbfuMV3B

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c7c23d14bd8b63a059b6a4084b533870.exe

Files

NEAS.c7c23d14bd8b63a059b6a4084b533870.exe
.dll windows:5 windows x86

ee376b488a67d7daad57359169324bfa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleW
Thread32First
GetEnvironmentStringsW
WaitForSingleObject
FindNextFileW
WTSGetActiveConsoleSessionId
LoadLibraryA
HeapLock
SetConsoleActiveScreenBuffer
SetUserGeoID
FlushConsoleInputBuffer
Thread32Next
GetBinaryTypeA
GetModuleFileNameA
LoadLibraryExA
VirtualAlloc
GetDiskFreeSpaceExW
SetThreadAffinityMask
DeleteTimerQueueTimer

shlwapi

PathRenameExtensionA
StrToIntW

winspool.drv

ScheduleJob

gdi32

DeleteMetaFile

ole32

CoCreateInstance

urlmon

RevokeBindStatusCallback

msvcrt

memset
realloc
tolower

user32

OpenIcon
DispatchMessageW
DrawStateW
SendMessageTimeoutA
GetMenuItemCount
SetCaretBlinkTime
GetDlgCtrlID
CheckDlgButton

advapi32

GetAce
RegFlushKey
AreAnyAccessesGranted
RevertToSelf

oleaut32

LoadTypeLibEx
GetErrorInfo

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 172KB - Virtual size: 172KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee376b488a67d7daad57359169324bfa

Headers

File Characteristics

Imports

kernel32

shlwapi

winspool.drv

gdi32

ole32

urlmon

msvcrt

user32

advapi32

oleaut32

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 172KB - Virtual size: 172KB

.CRT Size: 332KB - Virtual size: 331KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 56KB - Virtual size: 53KB

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 172KB - Virtual size: 172KB

.CRT
Size: 332KB - Virtual size: 331KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 56KB - Virtual size: 53KB