NEAS[.]6f9e7281329b18ca0e4026ca5d717960[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6f9e7281329b18ca0e4026ca5d717960.exe
Size

160KB
MD5

6f9e7281329b18ca0e4026ca5d717960
SHA1

75d05bafd570a219d96c9ed52198bb23325849a3
SHA256

83886717632603aa780c549cf2df49a18cd7a82f03e9f68b25f8343a54a17c25
SHA512

cbbc9c69dec46812df8dbb5d93785a710b8550166d907872c8f43f49b7c1799cbcb0ad3d8a15a3d59244189c100f10651473c960c5a80f5cf4cc399cf2337d6b
SSDEEP

3072:auJBnVIDW4pbwj9+FVUcMloGFuCAEg8E+5RQTuUBpA7UmhP/:DnVIDRpb29iBFSNEcQhf+UmZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6f9e7281329b18ca0e4026ca5d717960.exe

Files

NEAS.6f9e7281329b18ca0e4026ca5d717960.exe
.exe windows:4 windows x86

2735d141aa6e5d474fc196c56393f3d9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrlenA
lstrcmpiA
CloseHandle
WaitForSingleObject
CreateThread
Sleep
InterlockedIncrement
lstrcpynA
lstrcpyA
GetModuleFileNameA
lstrcatA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
CreateEventA
lstrlenW
GetProcAddress
LoadLibraryA
CreateMutexA
GetCurrentThreadId
GetCommandLineA
WriteFile
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
FlushFileBuffers
SetStdHandle
SetFilePointer
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetCPInfo
GetOEMCP
IsBadCodePtr
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
CompareFileTime
WaitForMultipleObjects
InterlockedDecrement
IsBadReadPtr
GetSystemTimeAsFileTime
GetCurrentProcessId
VirtualFree
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
ExitProcess
GetStartupInfoA
HeapReAlloc
VirtualQuery
FreeEnvironmentStringsA
UnhandledExceptionFilter
LocalFree
RtlUnwind
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
GetStdHandle

user32

EnumDisplaySettingsA
PostThreadMessageA
CharNextA
ChangeDisplaySettingsExA
ChangeDisplaySettingsA
DefWindowProcA
PostQuitMessage
PostMessageA
SendNotifyMessageA
FindWindowA
RegisterClassA
CreateWindowExA
GetMessageA
DispatchMessageA

advapi32

RegDeleteValueA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegQueryInfoKeyA

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoInitialize
CoSuspendClassObjects
CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
StringFromGUID2
CoUninitialize

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysFreeString
SysAllocString
VariantClear

shlwapi

PathFindExtensionA

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2735d141aa6e5d474fc196c56393f3d9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 56KB - Virtual size: 55KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 4KB - Virtual size: 8KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 56KB - Virtual size: 55KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 8KB

.rsrc
Size: 84KB - Virtual size: 84KB