NEAS[.]018c569843397e307de5a79433502f90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.018c569843397e307de5a79433502f90.exe
Size

268KB
MD5

018c569843397e307de5a79433502f90
SHA1

ed943f94f32347d6367f4c31dc6f1ec95969d943
SHA256

f1771e4c85264d6660986ca52eb21a769273484df917bd2bcbb0e44e6ee4182d
SHA512

9cfd58a15bb93277a788245815f9dfcda33c1a0094833fc7a6d6920e4893ef9020d443ace471940bb8fdd878800caecbfdf08f4a0c85db206f7d62780dbc70b7
SSDEEP

3072:m+mt+LgYN+ovWCLuFfqxTWyy2Ik3k9EhC6NjqTq1rAtQptol6lBF:mh+LPzLuax0OZAKCIBF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.018c569843397e307de5a79433502f90.exe

Files

NEAS.018c569843397e307de5a79433502f90.exe
.dll windows:4 windows x86

00e792fd1e066fb1cdf0e6b58f4efce4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetModuleFileNameA
GetPrivateProfileStringA
OpenMutexA
RtlUnwind
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetFilePointer
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
GetStringTypeA
GetStringTypeW
ReadFile
SetStdHandle
LCMapStringA
LCMapStringW
FlushFileBuffers
CloseHandle

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Exports

Exports

?ge_app@@YAPADXZ
?ge_app_full@@YAPADXZ
?ge_app_path@@YAPADXZ
?ge_buy@@YAPADH@Z
?ge_check@@YAHPBD0@Z
?ge_check_ok@@YAHXZ
?ge_com@@YAPADXZ
?ge_init@@YAXXZ
?ge_purchase@@YAPADXZ
?ge_regnow@@YAPADXZ
?ge_site_app@@YAPADXZ
?ge_site_home@@YAPADXZ

Sections

.text
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 188KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00e792fd1e066fb1cdf0e6b58f4efce4

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 41KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 18KB

.reloc Size: 8KB - Virtual size: 4KB

.text Size: 188KB - Virtual size: 188KB

.text
Size: 44KB - Virtual size: 41KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 18KB

.reloc
Size: 8KB - Virtual size: 4KB

.text
Size: 188KB - Virtual size: 188KB