NEAS[.]e4abd1131d08e6d067a67bc490025750[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e4abd1131d08e6d067a67bc490025750.exe
Size

60KB
MD5

e4abd1131d08e6d067a67bc490025750
SHA1

10775e5b602901168f5e985963ce0614ea8b646e
SHA256

93a459d9894d0e42bbecca93a40cfdc0975e0c1b9b60be1a0971010ae7c10d30
SHA512

48904c88353ac3c9780022fe1e0433548c86c9647591785deceded3408397600af93f3b1ea94361a5c5678122902ac6d28f0715a2525bc59f54359e2215ab086
SSDEEP

1536:71SddTPO25cOEGxfOCBSd5gGmz0ughjRtJT:71SpOqOKkgGmzdg1RtJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e4abd1131d08e6d067a67bc490025750.exe

Files

NEAS.e4abd1131d08e6d067a67bc490025750.exe
.dll windows:6 windows x86

0e2e8e53ef42b8139ef21460a3e64e0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_column_text16
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_type
sqlite3_update_hook
sqlite3_finalize
sqlite3_reset
sqlite3_create_function_v2
sqlite3_value_text
sqlite3_user_data
sqlite3_result_int
sqlite3_extended_result_codes
sqlite3_column_int64
sqlite3_column_int
sqlite3_column_double
sqlite3_column_blob
sqlite3_step
sqlite3_column_decltype16
sqlite3_column_table_name16
sqlite3_column_name16
sqlite3_column_count
sqlite3_bind_parameter_name
sqlite3_bind_parameter_count
sqlite3_bind_text16
sqlite3_bind_null
sqlite3_bind_int64
sqlite3_bind_int
sqlite3_bind_double
sqlite3_bind_blob
sqlite3_prepare16_v2
sqlite3_errmsg16
sqlite3_open_v2
sqlite3_busy_timeout
sqlite3_changes
sqlite3_last_insert_rowid
sqlite3_close

qt6sql

??1QSqlDriverPlugin@@UAE@XZ
??0QSqlDriverPlugin@@QAE@PAVQObject@@@Z
?qt_metacall@QSqlDriverPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QSqlDriverPlugin@@UAEPAXPBD@Z
?staticMetaObject@QSqlDriverPlugin@@2UQMetaObject@@B
?stripDelimiters@QSqlDriver@@UBE?AVQString@@ABV2@W4IdentifierType@1@@Z
?sqlStatement@QSqlDriver@@UBE?AVQString@@W4StatementType@1@ABV2@ABVQSqlRecord@@_N@Z
?setSelect@QSqlResult@@MAEX_N@Z
?setQuery@QSqlResult@@MAEXABVQString@@@Z
?setNumericalPrecisionPolicy@QSqlCachedResult@@MAEXW4NumericalPrecisionPolicy@QSql@@@Z
?setLastError@QSqlResult@@MAEXABVQSqlError@@@Z
?setLastError@QSqlDriver@@MAEXABVQSqlError@@@Z
?setForwardOnly@QSqlResult@@MAEX_N@Z
?setAt@QSqlResult@@MAEXH@Z
?setActive@QSqlResult@@MAEX_N@Z
?savePrepare@QSqlResult@@MAE_NABVQString@@@Z
?nextResult@QSqlResult@@MAE_NXZ
?maximumIdentifierLength@QSqlDriver@@UBEHW4IdentifierType@1@@Z
?isOpen@QSqlDriver@@UBE_NXZ
?isNull@QSqlCachedResult@@MAE_NH@Z
?isIdentifierEscaped@QSqlDriver@@UBE_NABVQString@@W4IdentifierType@1@@Z
?formatValue@QSqlDriver@@UBE?AVQString@@ABVQSqlField@@_N@Z
?fieldSerial@QSqlResultPrivate@@UBE?AVQString@@H@Z
?fetchPrevious@QSqlCachedResult@@MAE_NXZ
?fetchNext@QSqlCachedResult@@MAE_NXZ
?fetchLast@QSqlCachedResult@@MAE_NXZ
?fetchFirst@QSqlCachedResult@@MAE_NXZ
?fetch@QSqlCachedResult@@MAE_NH@Z
?data@QSqlCachedResult@@MAE?AVQVariant@@H@Z
?cancelQuery@QSqlDriver@@UAE_NXZ
?bindValue@QSqlResult@@MAEXHABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
?bindValue@QSqlResult@@MAEXABVQString@@ABVQVariant@@V?$QFlags@W4ParamTypeFlag@QSql@@@@@Z
??0QSqlCachedResultPrivate@@QAE@PAVQSqlResult@@PBVQSqlDriver@@@Z
??1QSqlCachedResultPrivate@@UAE@XZ
?virtual_hook@QSqlCachedResult@@MAEXHPAX@Z
?clearValues@QSqlCachedResult@@IAEXXZ
?cleanup@QSqlCachedResult@@IAEXXZ
?init@QSqlCachedResult@@IAEXH@Z
??0QSqlCachedResult@@IAE@AAVQSqlCachedResultPrivate@@@Z
?isVariantNull@QSqlResultPrivate@@SA_NABVQVariant@@@Z
?numericalPrecisionPolicy@QSqlResult@@IBE?AW4NumericalPrecisionPolicy@QSql@@XZ
?boundValues@QSqlResult@@IBEAAV?$QList@VQVariant@@@@XZ
?driver@QSqlResult@@IBEPBVQSqlDriver@@XZ
?isSelect@QSqlResult@@IBE_NXZ
?isActive@QSqlResult@@IBE_NXZ
?lastError@QSqlResult@@IBE?AVQSqlError@@XZ
??1QSqlResult@@UAE@XZ
?next@QSqlQuery@@QAE_NXZ
?value@QSqlQuery@@QBE?AVQVariant@@H@Z
?exec@QSqlQuery@@QAE_NABVQString@@@Z
?setForwardOnly@QSqlQuery@@QAEX_N@Z
?lastError@QSqlQuery@@QBE?AVQSqlError@@XZ
??1QSqlQuery@@QAE@XZ
??0QSqlQuery@@QAE@PAVQSqlResult@@@Z
?append@QSqlIndex@@QAEXABVQSqlField@@@Z
??1QSqlIndex@@QAE@XZ
??0QSqlIndex@@QAE@ABVQString@@0@Z
?count@QSqlRecord@@QBEHXZ
?clear@QSqlRecord@@QAEXXZ
?isEmpty@QSqlRecord@@QBE_NXZ
?append@QSqlRecord@@QAEXABVQSqlField@@@Z
??1QSqlRecord@@QAE@XZ
??0QSqlRecord@@QAE@ABV0@@Z
??0QSqlRecord@@QAE@XZ
?setAutoValue@QSqlField@@QAEX_N@Z
?setSqlType@QSqlField@@QAEXH@Z
?setDefaultValue@QSqlField@@QAEXABVQVariant@@@Z
?setRequiredStatus@QSqlField@@QAEXW4RequiredStatus@1@@Z
??1QSqlField@@QAE@XZ
??0QSqlField@@QAE@ABVQString@@VQMetaType@@0@Z
?isValid@QSqlError@@QBE_NXZ
?databaseText@QSqlError@@QBE?AVQString@@XZ
??1QSqlError@@QAE@XZ
??0QSqlError@@QAE@ABVQString@@0W4ErrorType@0@0@Z
?staticMetaObject@QSqlDriver@@2UQMetaObject@@B
?setOpen@QSqlDriver@@MAEX_N@Z
??0QSqlDriver@@IAE@AAVQSqlDriverPrivate@@PAVQObject@@@Z
?notification@QSqlDriver@@QAEXABVQString@@W4NotificationSource@1@ABVQVariant@@@Z
?isOpenError@QSqlDriver@@QBE_NXZ
??1QSqlDriver@@UAE@XZ
?qt_metacall@QSqlDriver@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QSqlDriver@@UAEPAXPBD@Z
?setOpenError@QSqlDriver@@MAEX_N@Z

qt6core

?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?flagsForDumping@QObjectPrivate@@UBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
??1QRegularExpression@@QAE@XZ
??0QRegularExpression@@QAE@ABVQString@@V?$QFlags@W4PatternOption@QRegularExpression@@@@@Z
??1QObjectPrivate@@UAE@XZ
??0QObjectPrivate@@QAE@H@Z
?toString@QDateTime@@QBE?AVQString@@W4DateFormat@Qt@@@Z
??1QDateTime@@QAE@XZ
?toString@QTime@@QBE?AVQString@@VQStringView@@@Z
?constData@QVariant@@QBEPBXXZ
?toList@QVariant@@QBE?AV?$QList@VQVariant@@@@XZ
?toDateTime@QVariant@@QBE?AVQDateTime@@XZ
?toTime@QVariant@@QBE?AVQTime@@XZ
?toString@QVariant@@QBE?AVQString@@XZ
?toDouble@QVariant@@QBENPA_N@Z
?toLongLong@QVariant@@QBE_JPA_N@Z
?toInt@QVariant@@QBEHPA_N@Z
?userType@QVariant@@QBEHXZ
??4QVariant@@QAEAAV0@$$QAV0@@Z
??0QVariant@@QAE@$$QAV0@@Z
??4QVariant@@QAEAAV0@ABV0@@Z
??0QVariant@@QAE@ABVQString@@@Z
??0QVariant@@QAE@ABVQByteArray@@@Z
??0QVariant@@QAE@N@Z
??0QVariant@@QAE@_J@Z
??0QVariant@@QAE@H@Z
??0QVariant@@QAE@ABV0@@Z
??0QVariant@@QAE@VQMetaType@@PBX@Z
??1QVariant@@QAE@XZ
??0QVariant@@QAE@XZ
?translate@QCoreApplication@@SA?AVQString@@PBD00H@Z
??6QDebug@@QAEAAV0@ABVQString@@@Z
??6QDebug@@QAEAAV0@_J@Z
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?id@QMetaType@@QBEHH@Z
??0QMetaType@@QAE@H@Z
?registerNormalizedTypedef@QMetaType@@SAXABVQByteArray@@V1@@Z
??6QDataStream@@QAEAAV0@_J@Z
??5QDataStream@@QAEAAV0@AA_J@Z
?QStringList_contains@QtPrivate@@YA_NPBV?$QList@VQString@@@@VQStringView@@W4CaseSensitivity@Qt@@@Z
?qHash@@YAIVQStringView@@I@Z
?globalSeed@QHashSeed@@SA?AU1@XZ
??5@YAAAVQDataStream@@AAV0@AAVQString@@@Z
??6@YAAAVQDataStream@@AAV0@ABVQString@@@Z
?toIntegral_helper@QString@@CA_JVQStringView@@PA_NH@Z
?isNull@QString@@QBE_NXZ
?number@QString@@SA?AV1@HH@Z
?fromUtf8@QString@@SA?AV1@VQByteArrayView@@@Z
?toLocal8Bit@QString@@QGBE?AVQByteArray@@XZ
?toUtf8@QString@@QGBE?AVQByteArray@@XZ
?replace@QString@@QAEAAV1@VQChar@@VQLatin1String@@W4CaseSensitivity@Qt@@@Z
?remove@QString@@QAEAAV1@VQChar@@W4CaseSensitivity@Qt@@@Z
?append@QString@@QAEAAV1@ABV1@@Z
?append@QString@@QAEAAV1@VQChar@@@Z
?insert@QString@@QAEAAV1@HVQChar@@@Z
?trimmed@QString@@QHAE?AV1@XZ
?toLower@QString@@QHAE?AV1@XZ
?toLower@QString@@QGBE?AV1@XZ
?endsWith@QString@@QBE_NVQChar@@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QBE_NVQChar@@W4CaseSensitivity@Qt@@@Z
?startsWith@QString@@QBE_NVQLatin1String@@W4CaseSensitivity@Qt@@@Z
?mid@QString@@QBE?AV1@HH@Z
?left@QString@@QBE?AV1@H@Z
?contains@QString@@QBE_NABVQRegularExpression@@PAVQRegularExpressionMatch@@@Z
?lastIndexOf@QString@@QBEHVQChar@@HW4CaseSensitivity@Qt@@@Z
?indexOf@QString@@QBEHVQChar@@HW4CaseSensitivity@Qt@@@Z
?arg@QString@@QBE?AV1@VQLatin1String@@HVQChar@@@Z
?at@QString@@QBE?BVQChar@@H@Z
?clear@QString@@QAEXXZ
?constData@QString@@QBEPBVQChar@@XZ
?data@QString@@QBEPBVQChar@@XZ
?unicode@QString@@QBEPBVQChar@@XZ
??4QString@@QAEAAV0@$$QAV0@@Z
??0QString@@QAE@$$QAV0@@Z
??1QString@@QAE@XZ
??0QString@@QAE@ABV0@@Z
??0QString@@QAE@VQLatin1String@@@Z
??0QString@@QAE@PBVQChar@@H@Z
??0QString@@QAE@XZ
?split@QStringView@@QBE?AV?$QList@VQStringView@@@@VQChar@@V?$QFlags@W4SplitBehaviorFlags@Qt@@@@W4CaseSensitivity@Qt@@@Z
?trimmed@QtPrivate@@YA?AVQStringView@@V2@@Z
?startsWith@QtPrivate@@YA_NVQStringView@@VQLatin1String@@W4CaseSensitivity@Qt@@@Z
?equalStrings@QtPrivate@@YA_NVQStringView@@VQLatin1String@@@Z
?compareStrings@QtPrivate@@YAHVQStringView@@VQLatin1String@@W4CaseSensitivity@Qt@@@Z
?compareStrings@QtPrivate@@YAHVQStringView@@0W4CaseSensitivity@Qt@@@Z
?isNull@QByteArray@@QBE_NXZ
?size@QByteArray@@QBEHXZ
?constData@QByteArray@@QBEPBDXZ
?data@QByteArray@@QBEPBDXZ
??0QMessageLogger@@QAE@PBDH0@Z
?warning@QMessageLogger@@QBAXPBDZZ
?tr@QMetaObject@@QBE?AVQString@@PBD0H@Z
?normalizedType@QMetaObject@@SA?AVQByteArray@@PBD@Z
?invokeMethod@QMetaObject@@SA_NPAVQObject@@PBDW4ConnectionType@Qt@@VQGenericReturnArgument@@VQGenericArgument@@444444444@Z
?allocate@QArrayData@@SAPAXPAPAU1@HHHW4AllocationOption@1@@Z
?reallocateUnaligned@QArrayData@@SA?AU?$pair@PAUQArrayData@@PAX@std@@PAU1@PAXHHW4AllocationOption@1@@Z
?deallocate@QArrayData@@SAXPAU1@HH@Z
?mid@QContainerImplHelper@QtPrivate@@SA?AW4CutResult@12@HPAH0@Z
?compareMemory@QtPrivate@@YAHVQByteArrayView@@0@Z
?lengthHelperCharArray@QByteArrayView@@CAHPBDI@Z
??0QByteArray@@QAE@PBDH@Z
??1QByteArray@@QAE@XZ
?isEmpty@QByteArray@@QBE_NXZ

vcruntime140

_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memset
memmove
memcpy

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_register_onexit_function
_initterm_e
_crt_atexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_initterm
_initialize_narrow_environment
_seh_filter_dll

kernel32

SetUnhandledExceptionFilter
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
CloseHandle
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection

Exports

Exports

qt_plugin_instance
qt_plugin_query_metadata_v2

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 512B - Virtual size: 102B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e2e8e53ef42b8139ef21460a3e64e0f

Headers

DLL Characteristics

File Characteristics

Imports

sqlite3

qt6sql

qt6core

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

kernel32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 18KB - Virtual size: 18KB

.data Size: 1024B - Virtual size: 1KB

.qtmetad Size: 512B - Virtual size: 102B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 18KB - Virtual size: 18KB

.data
Size: 1024B - Virtual size: 1KB

.qtmetad
Size: 512B - Virtual size: 102B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB