NEAS[.]1b3a787573fbdc06b889d9b29b7bb390[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.1b3a787573fbdc06b889d9b29b7bb390.exe
Size

24KB
MD5

1b3a787573fbdc06b889d9b29b7bb390
SHA1

dedf20c1c2a8e2059fd931eae47b305116b015d8
SHA256

1e8ace181f5dfd24e8ea4a795d39780104723cefa90b0d326b0332167d1b333a
SHA512

7207060049bdaea7862d5078057447a551ce708dd6cf9223997c989228b3dc237fc1ad629edb324f0b624ccadb7eb02e737b3ac3b68ca1364f1d7a7a815bddc2
SSDEEP

768:qG0Nml/vhduPXUsMxYOfbWFZXAQ0uiuAS:qG0NAvfuPX+fKAFVu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1b3a787573fbdc06b889d9b29b7bb390.exe

Files

NEAS.1b3a787573fbdc06b889d9b29b7bb390.exe
.exe windows:5 windows x86

48906431912994489fef2893ae1c9899

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileIntA
WideCharToMultiByte
Sleep
CreateProcessA
MultiByteToWideChar
GetPrivateProfileStringA
GetTickCount
GetPrivateProfileStructA
GetModuleFileNameA
CloseHandle
GetCurrentProcessId
WaitForSingleObject
WritePrivateProfileStructA
ExitProcess
WritePrivateProfileStringA

user32

LoadIconA
TranslateMessage
SendDlgItemMessageA
CreateDialogParamA
PostThreadMessageA
SetTimer
GetDlgItemInt
GetClassNameA
MessageBeep
RegisterClassA
SetDlgItemTextA
MessageBoxExW
DialogBoxParamA
GetDlgItemTextA
FindWindowA
EnableWindow
SetWindowTextA
GetMessageA
SendMessageA
SetDlgItemInt
CreateWindowExA
GetDlgItem
EndDialog
DefWindowProcA
SetWindowPos
EnumChildWindows
ShowWindow
PostMessageA
DispatchMessageA
SystemParametersInfoA
KillTimer
SwitchToThisWindow

ws2_32

socket
WSAStartup
recvfrom
setsockopt
sendto
bind

shell32

Shell_NotifyIconA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

msvcrt

time
??3@YAXPAX@Z
localtime
_beginthreadex
??2@YAPAXI@Z
sprintf
_ultoa
memset
memcpy

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

Sections

.text
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

48906431912994489fef2893ae1c9899

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ws2_32

shell32

advapi32

msvcrt

msvcp60

Sections

.text Size: 11KB - Virtual size: 11KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 7KB - Virtual size: 7KB

.text
Size: 11KB - Virtual size: 11KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 7KB - Virtual size: 7KB