NEAS[.]ca1f499d25e5381820ac2dfc6243fe00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ca1f499d25e5381820ac2dfc6243fe00.exe
Size

72KB
MD5

ca1f499d25e5381820ac2dfc6243fe00
SHA1

2c01b8f2012c1e8dcbce68334cfc66dd7d766adb
SHA256

b3cc96f2a43b92f89d998c3d8e808d230d50ce613676fadc4a1d9cf5bc4774ba
SHA512

65b57a5cd7840bc975e7ecce3daf232f0ed2fb1aa96646a7070665aa11f5d48453a9f56f68b5f78f8b931fb2fa68d23d314ee0da864fcb4f3f248b2fa4f6a8b9
SSDEEP

768:1ksxCvwPDfRffsUlUNcvwivv2HSVJEAgDoaoDfEsJ2+ri6fSb0aFWSX1ytoScAmQ:njPLRffWElEXDSe590doScAmOtB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ca1f499d25e5381820ac2dfc6243fe00.exe

Files

NEAS.ca1f499d25e5381820ac2dfc6243fe00.exe
.exe windows:4 windows x86

329288d9668cc70719d2c639e60db799

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SizeofResource
CreateDirectoryA
FindResourceA
GetModuleHandleA
RemoveDirectoryA
LoadResource
LockResource
DeleteFileA
GetModuleHandleW
HeapReAlloc
HeapAlloc
LCMapStringW
LCMapStringA
ReadFile
SetEndOfFile
GetOEMCP
GetACP
GetCPInfo
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
MoveFileExA
GetModuleFileNameA
GetProcAddress
LocalFree
LocalUnlock
LocalLock
LocalAlloc
LoadLibraryA
CloseHandle
GetFileSize
FreeLibrary
CreateFileA
GetSystemDirectoryA
RtlUnwind
HeapDestroy
HeapCreate
GetCurrentProcess
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
VirtualFree
VirtualAlloc
IsBadWritePtr
GetLastError
WriteFile

user32

DdeCreateStringHandleA
DdeConnect
DdeInitializeA
DdeUninitialize
DdeFreeStringHandle
DdeClientTransaction
LoadBitmapA
LoadStringA
DialogBoxParamA
EndPaint
GetClientRect
BeginPaint
CreateWindowExA
GetDlgItem
SetWindowPos
GetSystemMetrics
GetWindowRect
SetDlgItemTextA
SendMessageA
MessageBoxA
IsDlgButtonChecked
EndDialog
wsprintfA

gdi32

DeleteObject
DeleteDC
BitBlt
GetObjectA
SetBkColor
GetStockObject
SelectObject
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA

lz32

LZOpenFileA
LZCopy
LZClose

comctl32

ord17

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

329288d9668cc70719d2c639e60db799

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

lz32

comctl32

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 16KB - Virtual size: 15KB