NEAS[.]e1e75578ea32dddd757b28eff2ab3e70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e1e75578ea32dddd757b28eff2ab3e70.exe
Size

220KB
MD5

e1e75578ea32dddd757b28eff2ab3e70
SHA1

ed1be07d6c983499bb0211e2340998aab13af787
SHA256

c78a991a49566b1f088413e10aedaf19f363ad993b7b83f587ed04d77d095f00
SHA512

5a63b11e25abfbb13e9012d207daf1ed0fc923bace3c4443667db46511b9ef8f33f94472135cb962d0ada5584ba26f4b28a200beb825b2b1d76dcf4c39386173
SSDEEP

3072:8IQ6ecQvd0hsYrvNIvsO1DlGQ9XoWhG2QY+2V3NmHZJsnsM:8IjeBOr+sO15j9Zh+Y+GwZJsnsM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e1e75578ea32dddd757b28eff2ab3e70.exe

Files

NEAS.e1e75578ea32dddd757b28eff2ab3e70.exe
.exe windows:4 windows x86

5d6ca8a042d816b089fb9cf08894765b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

WSACleanup
recv
accept
send
connect
closesocket
listen
WSAStartup
socket
ioctlsocket
htons
bind
gethostbyname

comctl32

InitCommonControlsEx

kernel32

GetEnvironmentStrings
GetStringTypeA
CreateDirectoryA
GetTempPathA
DeleteFileA
GetTempFileNameA
GetEnvironmentStringsW
SetEvent
ReleaseMutex
CreateThread
CreateEventA
CreateMutexA
Sleep
CloseHandle
DeviceIoControl
CreateFileA
GetCPInfo
GetStringTypeW
LoadLibraryA
GetTimeFormatA
GetDateFormatA
GetLocalTime
ResetEvent
FindClose
FindNextFileA
FindFirstFileA
GetModuleFileNameA
GetVersion
GetWindowsDirectoryA
CopyFileA
GetEnvironmentVariableA
SetFileAttributesA
GetFileAttributesA
FlushFileBuffers
GetProcAddress
GetACP
GetOEMCP
VirtualAlloc
CompareStringA
UnhandledExceptionFilter
CompareStringW
SetEnvironmentVariableA
WaitForSingleObject
VirtualFree
FreeEnvironmentStringsA
RtlUnwind
GetFileType
FreeEnvironmentStringsW
SetEndOfFile
WriteFile
SetStdHandle
LCMapStringW
SetHandleCount
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
HeapCreate
HeapDestroy
TerminateProcess
ExitProcess
GetCurrentProcess
GetStartupInfoA
GetModuleHandleA
GetCommandLineA
GetTimeZoneInformation
GetLastError
HeapAlloc
HeapFree
GetStdHandle
HeapSize
GetSystemTime
SetFilePointer
ReadFile
HeapReAlloc

user32

SendMessageA
SetWindowTextA
GetDlgItem
GetWindowRect
CreateWindowExA
LoadImageA
DialogBoxParamA
CheckDlgButton
IsDlgButtonChecked
DispatchMessageA
TranslateMessage
PostQuitMessage
DefWindowProcA
ShowWindow
FindWindowA
RegisterClassA
MessageBoxA
GetMessageA
EndDialog
LoadIconA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

Sections

.text
Size: 116KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5d6ca8a042d816b089fb9cf08894765b

Headers

File Characteristics

Imports

wsock32

comctl32

kernel32

user32

advapi32

Sections

.text Size: 116KB - Virtual size: 114KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 16KB - Virtual size: 132KB

.rsrc Size: 80KB - Virtual size: 77KB

.text
Size: 116KB - Virtual size: 114KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 16KB - Virtual size: 132KB

.rsrc
Size: 80KB - Virtual size: 77KB