NEAS[.]94e24fae9ebae09c0ad7d6338cb8ed10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.94e24fae9ebae09c0ad7d6338cb8ed10.exe
Size

516KB
MD5

94e24fae9ebae09c0ad7d6338cb8ed10
SHA1

fcb05f1f87a37e3ed16da2be3e7662c18c7c6e59
SHA256

ae6d81733744689c785ae0b99340d1b1eba9899d40e73fc496dc641c3f91a800
SHA512

8c37f7926c35d5d29d797051463f63acfc48547c3403ab053105423ef1baa2d08e7caf3cff01c9f6bc4c1dc7f533cf215c64c8eef062b5256c54d42c1b5a46f5
SSDEEP

12288:DYFFNkQI7hBS+pMlSycKpLw8XjoodaF6KR1:EFFNkNVMnK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.94e24fae9ebae09c0ad7d6338cb8ed10.exe

Files

NEAS.94e24fae9ebae09c0ad7d6338cb8ed10.exe
.dll windows:4 windows x86

fc779c90733094f5bd558b14d0da3d33

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

plugin

PIQuickZToCString
InitializePIExpressDialogs
PIQuickZToCStringLen

kernel32

GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
WideCharToMultiByte
GetACP
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
QueryPerformanceFrequency
QueryPerformanceCounter
OutputDebugStringA
GetCurrentProcess

user32

GetClassInfoA
LoadCursorA
LoadIconA
CreateWindowExA
RegisterClassA
DefWindowProcA
UpdateWindow
GetWindowLongA
EndPaint
GetAsyncKeyState
PeekMessageA
ShowWindow
SetWindowLongA
BeginPaint

gdi32

GetStockObject
SetDIBitsToDevice

msvcp80

??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?find_last_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB

msvcr80

_onexit
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__clean_type_info_names_internal
sscanf
_lock
_CxxThrowException
strncmp
strchr
strrchr
isalpha
ferror
feof
fgets
__CxxFrameHandler3
fclose
isspace
fopen
fprintf
memcpy
__RTDynamicCast
memset
_purecall
toupper
islower
ceil
sprintf
_CIfmod
clock
atof
floor
_CIlog
_HUGE
vsprintf
_CIexp
_CIsin
_CIcos
_CIatan
_CIsqrt
_controlfp
_CItan
strerror
_errno
malloc
free
__iob_func
exit
?terminate@@YAXXZ
_except_handler4_common
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
_unlock
__dllonexit

Exports

Exports

PHOTOMERGE_UI

Sections

.text
Size: 380KB - Virtual size: 376KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc779c90733094f5bd558b14d0da3d33

Headers

File Characteristics

Imports

plugin

kernel32

user32

gdi32

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 380KB - Virtual size: 376KB

.rdata Size: 36KB - Virtual size: 32KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 72KB - Virtual size: 68KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 380KB - Virtual size: 376KB

.rdata
Size: 36KB - Virtual size: 32KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 72KB - Virtual size: 68KB

.reloc
Size: 16KB - Virtual size: 14KB