NEAS[.]1b37a59ae12365cf19ace96a0e3125f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1b37a59ae12365cf19ace96a0e3125f0.exe
Size

112KB
MD5

1b37a59ae12365cf19ace96a0e3125f0
SHA1

bf1b58670cfb25abed874066c30915455793c119
SHA256

33c5f5614cc33593d662c125fd8c016f1710f74a7221472f47e20d871cc75214
SHA512

4a95d2f300e2ed08584f24bccc9410f92ff44ed112a264ee18fe065315a9c1238d06f3f4c86f40065ffe706a0b600206ecf10fe9a264c1c5c3aeec8cd2ac2c1f
SSDEEP

3072:izJVeGF0AUUznj4Pnv1knI/fN7LrrMw36RYHPZUa:MveGFTzEN6I/flP2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1b37a59ae12365cf19ace96a0e3125f0.exe

Files

NEAS.1b37a59ae12365cf19ace96a0e3125f0.exe
.exe windows:6 windows x64

df4c612956801fe4f50a5ddfda565167

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

MultiByteToWideChar
HeapSize
GetShortPathNameW
WideCharToMultiByte
lstrlenW
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
GetTempPathW
LoadLibraryW
GetProcAddress
Sleep
GetVersionExW
lstrlenA
GetPrivateProfileStringW
DeleteFileW
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
VirtualProtect
WriteConsoleW
GetStringTypeW
InitializeCriticalSectionAndSpinCount
LCMapStringW
SetEndOfFile
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
RtlUnwindEx
FlushFileBuffers
GetModuleFileNameW
SetFilePointer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetStartupInfoW
GetLastError
ReadFile
CloseHandle
GetFileType
CreateFileW
SetUnhandledExceptionFilter
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
DeleteCriticalSection
EncodePointer
DecodePointer
FlsFree
SetLastError
FlsSetValue
FlsGetValue
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
OutputDebugStringA

gdi32

DeleteDC
DeleteObject
SelectObject
CreateCompatibleDC
GetObjectW
MoveToEx
BitBlt
LineTo
GetStockObject
CreateSolidBrush

user32

GetActiveWindow
SendMessageW
GetSystemMetrics
LoadBitmapW
GetWindowRect
FrameRect
SetWindowPos
EndDialog
LoadIconW
GetWindowTextLengthW
MessageBoxW
PostMessageW
SetWindowLongPtrW
DialogBoxParamW
EnableWindow
SetWindowTextW
DefWindowProcW
GetWindowLongPtrW
SetFocus
SetDlgItemInt
GetWindowTextW
GetDlgItem
GetDlgItemInt
SendDlgItemMessageW
GetSysColor
DrawFocusRect

winspool.drv

EnumPrintersW
GetPrinterDriverW
ClosePrinter
OpenPrinterW
GetPrinterW

comctl32

ord17

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

df4c612956801fe4f50a5ddfda565167

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

user32

winspool.drv

comctl32

version

Sections

.text Size: 90KB - Virtual size: 89KB

.data Size: 6KB - Virtual size: 14KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 11KB - Virtual size: 11KB

.text
Size: 90KB - Virtual size: 89KB

.data
Size: 6KB - Virtual size: 14KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 11KB