NEAS[.]61d06e48841521d8eb1f36c9a1fae960[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.61d06e48841521d8eb1f36c9a1fae960.exe
Size

1.2MB
MD5

61d06e48841521d8eb1f36c9a1fae960
SHA1

54d8592c48147473a57d07d4373035df5cfd75cb
SHA256

aa61a86fc507c69c47a7853f569166ce9e07c44211cc68b6875c10b5acbc6c68
SHA512

5ff12136ab2fb80e2f0d9b377e856418c6e14c0ca41ef47f4ab4a089c5116f003e6a1970a609b2f4806ef63b4fd35e4fddcdec1292ab04e91e32f28670befd42
SSDEEP

24576:lJDi6fzMYhF/fa/q06Qaz+T96CFiU/OMXLX9i+qAZq9TjK:lJDiezRhF/Iq06QaCoUi+XLX9i+tZsT+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.61d06e48841521d8eb1f36c9a1fae960.exe

Files

NEAS.61d06e48841521d8eb1f36c9a1fae960.exe
.dll windows:6 windows x64

4ed9c156de4af7b98b81544a848f263a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
CreateMutexW
GetCurrentProcess
ExitProcess
GlobalMemoryStatusEx
GetSystemInfo
GetTickCount64
GetModuleFileNameA
GetModuleHandleW
GetProcAddress
LoadLibraryA
lstrcatW
MultiByteToWideChar
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetModuleFileNameW
GetFileAttributesW
GetCurrentDirectoryW
ReadFile
SetFilePointer
SetFileTime
SystemTimeToFileTime
WriteConsoleW
SetFilePointerEx
GetLastError
RaiseException
CloseHandle
IsDebuggerPresent
WriteFile
DeleteFileW
CreateFileW
SetStdHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
LCMapStringW
LocalFileTimeToFileTime
CreateDirectoryW
GetModuleHandleExW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
TerminateProcess

user32

wsprintfW

shell32

SHGetSpecialFolderLocation
ShellExecuteW
ShellExecuteExW
SHGetPathFromIDListW
SHGetSpecialFolderPathW

ole32

CoInitializeSecurity
CoImpersonateClient
CoCreateInstance
CLSIDFromProgID
CoInitialize
CoUninitialize

oleaut32

VariantClear
VariantInit
SysAllocString

shlwapi

PathFileExistsW

wininet

InternetGetConnectedState
HttpQueryInfoW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW

Exports

Exports

_$_levnc

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gehcont
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ed9c156de4af7b98b81544a848f263a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

ole32

oleaut32

shlwapi

wininet

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 7KB

.pdata Size: 6KB - Virtual size: 6KB

.gehcont Size: 512B - Virtual size: 12B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 103KB - Virtual size: 102KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 6KB

.gehcont
Size: 512B - Virtual size: 12B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB