NEAS[.]ed79dffab4c39c3c71d7f312895e2200[.]exe

General

Target

NEAS.ed79dffab4c39c3c71d7f312895e2200.exe
Size

64KB
MD5

ed79dffab4c39c3c71d7f312895e2200
SHA1

e0d0c9e088da25395aea36293cfdb73af0076e84
SHA256

ea05a4fe3a76f62674c1495b8258f59c6bcb4bb21a94722d82b48ff856fab1c2
SHA512

a0bdcc17d282cecdd688c31c3e6bacbb7977cf5214443e2ffc54f9b1a51118a8357342458c1734866f046294155de18e4b5e4b17f73670edf6516e485c522683
SSDEEP

768:GGHjckveXvh0oJwQ4bHwjyFTf84aw1kUmgTknfjj0Tj8ZPkyocY6:BckkvlJsHhTf82HSvkadocY6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ed79dffab4c39c3c71d7f312895e2200.exe

Files

NEAS.ed79dffab4c39c3c71d7f312895e2200.exe
.dll windows:4 windows x86

652a520cce64cf16bd2336e528d7bdb8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateEventA
CloseHandle
WaitForSingleObject
SetEvent
TerminateThread
GetExitCodeThread
CreateThread
Sleep
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
MultiByteToWideChar
LoadLibraryA
GetProcAddress
GetOEMCP
GetACP
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
WriteFile
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo

ws2_32

recvfrom
connect
WSACleanup
sendto
closesocket
send
recv
WSAStartup
socket
htonl
htons
bind
gethostname
gethostbyname
inet_ntoa
setsockopt
inet_addr

Exports

Exports

_comm_close@0
_comm_getclientinfo@28
_comm_getowncomid@0
_comm_initialize@44
_comm_join_group@12
_comm_quit_group@0
_comm_recvdata@28
_comm_senddata@24

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

652a520cce64cf16bd2336e528d7bdb8

Headers

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 12KB - Virtual size: 226KB

.reloc Size: 8KB - Virtual size: 4KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 226KB

.reloc
Size: 8KB - Virtual size: 4KB