NEAS[.]d930df82fd5ad1437ecd0fbceaf3a070[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d930df82fd5ad1437ecd0fbceaf3a070.exe
Size

2.3MB
MD5

d930df82fd5ad1437ecd0fbceaf3a070
SHA1

6f77dc38d1b78fd9a60543399af66710f717f713
SHA256

6474395734e7f7e915867ef73a4b8568055a10b61b73c8dbb9da76d75ca32ab9
SHA512

133a2695e8059efb066083a70f73709d1c2c31d00e6756240ca7655be5f0c201811324c68b508967488ec01ab894ad8bf50fc3ff129106f28b97c7b6e975d237
SSDEEP

49152:I7GtlqXOobqUtwesv5IVwAsOMJCavMul3LuRIU6i3fEnT:5sRc/JCajj+c

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d930df82fd5ad1437ecd0fbceaf3a070.exe

Files

NEAS.d930df82fd5ad1437ecd0fbceaf3a070.exe
.exe windows:4 windows x64

715a4b13a4b93be0eae5ccb761dd1848

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

DeregisterEventSource
RegisterEventSourceW
ReportEventW

gdi32

CreateCompatibleBitmap
DeleteObject
GetDIBits
GetDeviceCaps
GetObjectW

kernel32

CloseHandle
DeleteCriticalSection
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetStartupInfoA
GetStdHandle
GetSystemTime
GetSystemTimeAsFileTime
GetTickCount
GetVersion
GlobalMemoryStatus
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
RtlAddFunctionTable
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetLastError
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

__C_specific_handler
__argv
__dllonexit
__doserrno
__getmainargs
__initenv
__iob_func
__lconv_init
__pioinfo
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_cexit
_errno
_exit
_filelengthi64
_fileno
_fileno
_fmode
_getch
_gmtime64
_initterm
_localtime64
_lock
_lseeki64
_mktime64
_onexit
_setmode
_setmode
_snwprintf
_stat64
_strdup
_stricmp
_strnicmp
_time64
_unlock
_vsnprintf
_vsnwprintf
_wfopen
_write
abort
atan
atof
atoi
atol
calloc
exit
fclose
feof
ferror
fflush
fgetpos
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
fsetpos
ftell
fwprintf
fwrite
getenv
isalnum
isprint
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
printf
putc
qsort
raise
rand
realloc
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strlen
strncat
strncmp
strncpy
strrchr
strstr
strtok
strtol
strtoul
tolower
vfprintf
wcscpy
wcsstr

user32

GetDC
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
ReleaseDC

winmm

timeGetTime

ws2_32

WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
closesocket
connect
gethostbyname
htonl
htons
inet_addr
ntohl
recv
send
setsockopt
shutdown
socket

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 504KB - Virtual size: 501KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

715a4b13a4b93be0eae5ccb761dd1848

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

msvcrt

user32

winmm

ws2_32

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.data Size: 65KB - Virtual size: 61KB

.rdata Size: 504KB - Virtual size: 501KB

.pdata Size: 59KB - Virtual size: 58KB

.xdata Size: 50KB - Virtual size: 50KB

.bss Size: - Virtual size: 16KB

.idata Size: 6KB - Virtual size: 6KB

.CRT Size: 512B - Virtual size: 104B

.tls Size: 512B - Virtual size: 104B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 65KB - Virtual size: 61KB

.rdata
Size: 504KB - Virtual size: 501KB

.pdata
Size: 59KB - Virtual size: 58KB

.xdata
Size: 50KB - Virtual size: 50KB

.bss
Size: - Virtual size: 16KB

.idata
Size: 6KB - Virtual size: 6KB

.CRT
Size: 512B - Virtual size: 104B

.tls
Size: 512B - Virtual size: 104B

.rsrc
Size: 1KB - Virtual size: 1KB