NEAS[.]3f24041de91ece89f19be6645344a820[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3f24041de91ece89f19be6645344a820.exe
Size

314KB
MD5

3f24041de91ece89f19be6645344a820
SHA1

ffae974612cc9e6261497695f6a8b537f07495cc
SHA256

9494396aaa5aefc39ef989832f774eeddfdc87d60a9f361d3aa5cc861ad7da2c
SHA512

92b4384dd2940113a8c49590494eeb875edd0e8b57435b1ab3c7df59173301c3947e9fc41422d79db09f720af5ecf9d6fcf8fab9d7263f3ad31334c01356a709
SSDEEP

6144:bQPH6yg+pIAhQ63rEmwMSD7iyX4B+ZLqN2mn2DxPh9lDEPNGgjtsDdx6Pr1fvIK8:bQf6X+2arEmwMSD7iyX4B+ZLqNVn2dPX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3f24041de91ece89f19be6645344a820.exe

Files

NEAS.3f24041de91ece89f19be6645344a820.exe
.exe windows:4 windows x86

02b2911d13965648a3647b00e3a6207e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CloseServiceHandle
ControlService
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
QueryServiceStatus
RegisterServiceCtrlHandlerA
SetServiceStatus
StartServiceA
StartServiceCtrlDispatcherA

iphlpapi

GetAdaptersInfo
GetNetworkParams

kernel32

AddAtomA
CloseHandle
CreateEventA
CreateSemaphoreA
ExitProcess
FindAtomA
FormatMessageA
GetAtomNameA
GetLastError
GetModuleFileNameA
GetVersionExA
GlobalAlloc
GlobalFree
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
SetEvent
SetLastError
SetUnhandledExceptionFilter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
lstrcmpiA

msvcrt

__getmainargs
__p__environ
__p__fmode
__set_app_type
_assert
_beginthread
_cexit
_endthread
_errno
_filbuf
_iob
_onexit
_setmode
_stricmp
abort
atexit
atoi
atol
calloc
exit
fclose
fgets
fopen
fprintf
fread
free
fseek
fwrite
getenv
gmtime
localtime
malloc
memchr
memcmp
memcpy
memmove
memset
printf
signal
sprintf
strcat
strchr
strcmp
strcpy
strftime
strlen
strrchr
strstr
time

ws2_32

WSAIoctl
WSASocketA

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
htonl
htons
inet_addr
inet_ntoa
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

02b2911d13965648a3647b00e3a6207e

Headers

File Characteristics

Imports

advapi32

iphlpapi

kernel32

msvcrt

ws2_32

wsock32

Sections

.text Size: 175KB - Virtual size: 174KB

.data Size: 512B - Virtual size: 336B

.rdata Size: 16KB - Virtual size: 15KB

.bss Size: - Virtual size: 43KB

.idata Size: 3KB - Virtual size: 3KB

.text
Size: 175KB - Virtual size: 174KB

.data
Size: 512B - Virtual size: 336B

.rdata
Size: 16KB - Virtual size: 15KB

.bss
Size: - Virtual size: 43KB

.idata
Size: 3KB - Virtual size: 3KB