NEAS[.]e500598fcc483ed97d5c09f7b7027400[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.e500598fcc483ed97d5c09f7b7027400.exe
Size

372KB
MD5

e500598fcc483ed97d5c09f7b7027400
SHA1

bd0aa96a0aaab5c41993dd36c6e33b765f959284
SHA256

17be865284183525912d1bb346081da85ec8643477279dc4e8b5fd885562423b
SHA512

59f82a1079d3864002ead91d0693d628162f92439e167a65fbe20c772a9f26c1b2932401214911a937f70fcbe0882eb7584a4e4660c717f23672d56584d6b64d
SSDEEP

6144:p57NExaCD5FWpCJQ7sLpTfE8kqu1SqOwTLmi4rNv1jX:p57WxaCVFWwJgsLfk1SqV3mi4x1jX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e500598fcc483ed97d5c09f7b7027400.exe

Files

NEAS.e500598fcc483ed97d5c09f7b7027400.exe
.dll windows:5 windows x86

c1ef89401d6ec406687599ea9ee31ec0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetThreadContext
ReadProcessMemory
VirtualProtectEx
WriteProcessMemory
GetCurrentDirectoryW
CreateProcessA
TerminateProcess
ResumeThread
GetFullPathNameA
GetLogicalDrives
GetFileAttributesA
CopyFileA
MoveFileA
FindFirstFileA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
FindNextFileA
FindClose
ExpandEnvironmentStringsA
OpenProcess
GetCurrentProcessId
CreateThread
VirtualAllocEx
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
GetVersionExA
SetLastError
PeekNamedPipe
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
GetComputerNameA
GetModuleFileNameA
GetACP
GetCurrentProcess
DeleteProcThreadAttributeList
GetProcessHeap
HeapFree
InitializeProcThreadAttributeList
HeapAlloc
UpdateProcThreadAttribute
SetErrorMode
ProcessIdToSessionId
DuplicateHandle
CreateToolhelp32Snapshot
Process32First
Process32Next
ExitThread
ExitProcess
CreateNamedPipeA
GetCurrentThread
ReadFile
ConnectNamedPipe
GetLocalTime
CloseHandle
DisconnectNamedPipe
FlushFileBuffers
WriteFile
GetTickCount
GetCurrentDirectoryA
GetLastError
WaitForSingleObject
CreatePipe
MultiByteToWideChar
GetStartupInfoA
SetCurrentDirectoryA
Sleep
VirtualFree
VirtualQuery
RaiseException
SetEnvironmentVariableW
SetEnvironmentVariableA
VirtualAlloc
GetModuleHandleA
GetProcAddress
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
HeapSize
LCMapStringW
CompareStringW
GetStringTypeW
LoadLibraryW
OutputDebugStringW
FreeLibrary
GetOEMCP
LoadLibraryA
EncodePointer
DecodePointer
InterlockedDecrement
GetModuleHandleExW
AreFileApisANSI
GetSystemTimeAsFileTime
HeapReAlloc
GetCommandLineA
GetCurrentThreadId
GetStdHandle
GetModuleFileNameW
IsProcessorFeaturePresent
IsDebuggerPresent
InterlockedIncrement
IsValidCodePage
GetCPInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LoadLibraryExW
RtlUnwind
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
SetFilePointerEx
ReadConsoleW
GetFileType
RemoveDirectoryW
DeleteFileW
CreateDirectoryW
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW

advapi32

GetTokenInformation
OpenThreadToken
CryptReleaseContext
CryptAcquireContextA
CryptGenRandom
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
LogonUserA
DuplicateTokenEx
LookupAccountSidA
ImpersonateNamedPipeClient
RevertToSelf
GetUserNameA
CreateProcessAsUserA
CreateProcessWithTokenW
CreateProcessWithLogonW
OpenProcessToken
ImpersonateLoggedOnUser
AdjustTokenPrivileges
LookupPrivilegeValueA

ws2_32

accept
__WSAFDIsSet
select
listen
bind
WSAGetLastError
ioctlsocket
shutdown
recv
ntohs
send
connect
gethostbyname
socket
closesocket
WSAIoctl
WSASocketA
inet_pton
WSACleanup
WSAStartup
htons
htonl
ntohl

dnsapi

DnsFree
DnsQuery_A

Exports

Exports

_GetCurrentVersion@4

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c1ef89401d6ec406687599ea9ee31ec0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ws2_32

dnsapi

Exports

Exports

Sections

.text Size: 294KB - Virtual size: 293KB

.rdata Size: 50KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 42KB

.reloc Size: 18KB - Virtual size: 18KB

.text
Size: 294KB - Virtual size: 293KB

.rdata
Size: 50KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 42KB

.reloc
Size: 18KB - Virtual size: 18KB