NEAS[.]110a303588bc3b13fd0aa0ba1085b640[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.110a303588bc3b13fd0aa0ba1085b640.exe
Size

144KB
MD5

110a303588bc3b13fd0aa0ba1085b640
SHA1

0ba3436fe997c994c31087f36341e1a5f9bb567f
SHA256

ed14a62b71f07ddefd4588f89057a97a489b43a85053f7e7d5b4beae22e13190
SHA512

054529e8f44a757b7f51422e411c19432c436f6421cac716caf9967d52f101c9338fa7778747d737bf45cdcfbf6c71f2cdb23c9146b199c340e41f395b310395
SSDEEP

1536:EHZGPvwdcNnfJTldaPjVZe3nJBujRRRXXXXXXXXD9z3ynYPqBs89VYX0yU92DpXU:E5GHwefHIV+nJBum

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.110a303588bc3b13fd0aa0ba1085b640.exe

Files

NEAS.110a303588bc3b13fd0aa0ba1085b640.exe
.dll windows:5 windows x86

c271597a72ec5f870bc710631fea5d8a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msi

ord17
ord124
ord49
ord103
ord74
ord145
ord73
ord118
ord32
ord159
ord160
ord8

shlwapi

PathIsUNCW
PathStripToRootW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

comdlg32

PrintDlgExW

user32

GetMessageW
SendMessageA
SendMessageW
GetForegroundWindow
MessageBoxW
CreateWindowExW
PostQuitMessage
EndPaint
BeginPaint
DefWindowProcW
UpdateWindow
ShowWindow
RegisterClassExW
LoadCursorA

gdi32

StartPage
StartDocW
SetMapMode
EndPage
EndDoc
GetDeviceCaps

kernel32

GlobalAlloc
GlobalFree
GetDriveTypeW
lstrlenA
FormatMessageW
GetLastError
GlobalUnlock
GlobalLock
MulDiv
FreeLibrary
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
CloseHandle
GetCurrentProcessId
GetModuleFileNameA
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
HeapAlloc
GetProcessHeap
HeapReAlloc
HeapSize
HeapFree
GetModuleFileNameW
GlobalFindAtomW
GlobalDeleteAtom
SetLastError
GlobalAddAtomW
GetTickCount
FlushFileBuffers
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetCurrentThreadId
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

PrintEula
ValidatePath

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c271597a72ec5f870bc710631fea5d8a

Headers

DLL Characteristics

File Characteristics

Imports

msi

shlwapi

advapi32

comdlg32

user32

gdi32

kernel32

version

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 36KB

.rdata Size: 13KB - Virtual size: 13KB

.data Size: 3KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 36KB

.rdata
Size: 13KB - Virtual size: 13KB

.data
Size: 3KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 4KB