NEAS[.]d8b1d6272473c96ef24a7badfda74570[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d8b1d6272473c96ef24a7badfda74570.exe
Size

2.0MB
MD5

d8b1d6272473c96ef24a7badfda74570
SHA1

af2b2eda66006e8dc11c15714c2a9e559a39f0dc
SHA256

10fba5dd396b5a8fe111a0f553d160490b8c8aec90d882c387559ac5770df935
SHA512

e6b0ac53decfc519a1e162f175bf1ac2549302201ad07f0156a37739a8c485f5da7e11b053fb9ef6d957d16ea462e99eb37ad1b2c68e33684034ccb46d5232d2
SSDEEP

49152:zsmgRj1P1q23avNNh0w8kRRHYrg52IhgNjtfMZncFsp:NgRjp1q23avjlRD8rdmc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d8b1d6272473c96ef24a7badfda74570.exe

Files

NEAS.d8b1d6272473c96ef24a7badfda74570.exe
.dll windows:5 windows x86

2c1613e2eb02c4678b505cdce3da9860

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

GetServiceDisplayNameW
ControlService
InitiateSystemShutdownW
AllocateLocallyUniqueId
SetSecurityDescriptorGroup

kernel32

TerminateProcess
SetEvent
DeleteCriticalSection
GetModuleFileNameA
GetModuleFileNameW
OutputDebugStringA
GetBinaryTypeA
GetCommModemStatus
SetConsoleOutputCP
GetSystemTimeAsFileTime
InterlockedPushEntrySList
LeaveCriticalSection
GetProcessHeap
WaitForSingleObject
GetExitCodeProcess
EnterCriticalSection

msvcrt

feof
wcscoll

gdi32

CreateHalftonePalette
GetEnhMetaFilePaletteEntries
EqualRgn
SetTextAlign
GetCurrentObject
SetMapMode

user32

UnpackDDElParam
ScreenToClient
GetUpdateRgn
PostQuitMessage
GetWindowThreadProcessId
UpdateWindow
EnumClipboardFormats
SendInput
ChangeClipboardChain
GetMenu
CallMsgFilterA
ShowWindow
SetWindowPlacement
GetKeyboardLayout
SetWindowLongA
GetMessageA

version

GetFileVersionInfoSizeW

oleaut32

LoadTypeLibEx
GetErrorInfo

ole32

CoImpersonateClient

setupapi

SetupDiDestroyDeviceInfoList

lz32

LZSeek
GetExpandedNameW
LZRead

Exports

Exports

EaenknaereiNo

Sections

.text
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c1613e2eb02c4678b505cdce3da9860

Headers

File Characteristics

Imports

advapi32

kernel32

msvcrt

gdi32

user32

version

oleaut32

ole32

setupapi

lz32

Exports

Exports

Sections

.text Size: 24KB - Virtual size: 21KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 76KB - Virtual size: 75KB

CONST Size: 1.9MB - Virtual size: 1.9MB

.rsrc Size: 4KB - Virtual size: 896B

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 24KB - Virtual size: 21KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 76KB - Virtual size: 75KB

CONST
Size: 1.9MB - Virtual size: 1.9MB

.rsrc
Size: 4KB - Virtual size: 896B

.reloc
Size: 32KB - Virtual size: 31KB