NEAS[.]a1aae71c5257b92027c8baee0ba79ca0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a1aae71c5257b92027c8baee0ba79ca0.exe
Size

468KB
MD5

a1aae71c5257b92027c8baee0ba79ca0
SHA1

33d7be8ec2a015015cd3bedefe7788d68f9f44cf
SHA256

da8768d133168a6cea51e92b841fe7feac54ccbd099f6e71a5ee9515241d3dcc
SHA512

90ba5370ae2133aaa2c95aba9447e5f68dc6965b36e2e062d39aef332fd2798a40bb6393e35e05abfdd4003b87bfa344d71949a3820128ce4ee54d44c24594bb
SSDEEP

12288:+Zua1tWOhwwBpbw7DmjG/SEAIkpKPTrNHnvI8:8ua1aSd+mS/SE5TrFI8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a1aae71c5257b92027c8baee0ba79ca0.exe

Files

NEAS.a1aae71c5257b92027c8baee0ba79ca0.exe
.dll windows:5 windows x86

40fb68ea109b066c7e873732cf645a80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

gethostbyaddr
inet_ntoa
ntohl
inet_addr
select
__WSAFDIsSet
listen
accept
recvfrom
sendto
WSASetLastError
gethostbyname
getaddrinfo
freeaddrinfo
socket
connect
setsockopt
getsockopt
htons
bind
ntohs
getsockname
ioctlsocket
send
recv
WSAGetLastError
closesocket
WSAStartup
WSACleanup

kernel32

SetLastError
GetFileInformationByHandle
CreateFileMappingW
GetLocalTime
CreateFileW
FileTimeToSystemTime
WideCharToMultiByte
WriteFile
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
SetFilePointer
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetFileSize
GetCurrentThreadId
MultiByteToWideChar
CreateEventW
ResetEvent
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
FormatMessageA
SetUnhandledExceptionFilter
GetCurrentProcessId
Sleep
GetProcAddress
LoadLibraryW
VirtualProtect
WriteProcessMemory
GetCurrentProcess
CreateToolhelp32Snapshot
Process32FirstW
CloseHandle
SleepEx
DuplicateHandle
WaitForSingleObject
ReleaseMutex
SetEvent
WaitForMultipleObjects
CreateEventA
CreateMutexA
GetExitCodeThread
TerminateThread
GetLastError
ReadFile
PeekNamedPipe
GetFileType
GetStdHandle
FreeLibrary
LoadLibraryA
GetTickCount
ExpandEnvironmentStringsA

user32

GetDesktopWindow

msvcr90

fread
__iob_func
strtoul
strstr
fwrite
sscanf
tolower
atoi
isxdigit
strncpy
strrchr
fseek
isdigit
isspace
_strtoi64
memchr
strncmp
fclose
fgets
fopen
fputs
_CxxThrowException
sprintf
fputc
_errno
_beginthreadex
_gmtime64
_fstat64
_lseeki64
fflush
getenv
isalnum
isalpha
strerror
__sys_nerr
_stat64
rand
srand
memmove_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABV01@@Z
_endthread
_beginthread
_invalid_parameter_noinfo
strtok
printf
??3@YAXPAX@Z
??2@YAPAXI@Z
??_V@YAXPAX@Z
clock
_localtime64
_itoa
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
_read
_wcsicmp
abort
vfprintf
strncat
_strnicmp
_strdup
_close
_fileno
_open
_stricmp
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_vsnprintf
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
strchr
_time64
memcpy
memset
malloc
free
realloc
calloc
__CxxFrameHandler3
memmove
strtol

msvcp90

?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?at@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAADI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?clear@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHPBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

StartCrawer
Test

Sections

.text
Size: 331KB - Virtual size: 330KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40fb68ea109b066c7e873732cf645a80

Headers

File Characteristics

Imports

ws2_32

kernel32

user32

msvcr90

msvcp90

Exports

Exports

Sections

.text Size: 331KB - Virtual size: 330KB

.rdata Size: 117KB - Virtual size: 117KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 688B

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 331KB - Virtual size: 330KB

.rdata
Size: 117KB - Virtual size: 117KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 688B

.reloc
Size: 17KB - Virtual size: 16KB