NEAS[.]0f28ea02f74a0d960e04abbd7acb0c60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0f28ea02f74a0d960e04abbd7acb0c60.exe
Size

86KB
MD5

0f28ea02f74a0d960e04abbd7acb0c60
SHA1

1bf22f2110040092ca27ebee7be300bf3c10fe58
SHA256

58b1ae77ce059b536bc8b1c979868047ad9197ba8e524f9a6c4238428148a1e0
SHA512

6349c5b4f5ca6c007e7c4587fddfe7dd63468c5bc297a1e87d2ea0c0641fd09c6da7557ed25e7280783617177dce7f636ec83e25bf1b0780e602a79855424ff7
SSDEEP

1536:sDv9T3LoAotSxRQXs0SSYnWPJNno9bdqhkLbSCkFhNbereBZF:e3LodtcRurEYJNSbHSCkFXyiBZF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0f28ea02f74a0d960e04abbd7acb0c60.exe

Files

NEAS.0f28ea02f74a0d960e04abbd7acb0c60.exe
.dll windows:5 windows x86

30e92ff569d459d0d4b2bf498b34e7f2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
DisableThreadLibraryCalls
CreateFileA
ReadFile
WriteFile
CloseHandle
SetFilePointer
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
lstrcmpiA
lstrlenA
CreateDirectoryA
SetFileAttributesA
GetLastError
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteFileA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo

ole32

CoTaskMemFree
CoTaskMemAlloc

Exports

Exports

DeleteExtractedFiles
DllGetVersion
Extract
FCIAddFile
FCICreate
FCIDestroy
FCIFlushCabinet
FCIFlushFolder
FDICopy
FDICreate
FDIDestroy
FDIIsCabinet
FDITruncateCabinet
GetDllVersion

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

30e92ff569d459d0d4b2bf498b34e7f2

Headers

File Characteristics

Imports

kernel32

ole32

Exports

Exports

Sections

.text Size: 75KB - Virtual size: 74KB

.data Size: 7KB - Virtual size: 9KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 75KB - Virtual size: 74KB

.data
Size: 7KB - Virtual size: 9KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 2KB - Virtual size: 1KB