NEAS[.]bb6b9a9379afeadf42f38a3c648d5540[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bb6b9a9379afeadf42f38a3c648d5540.exe
Size

1.4MB
MD5

bb6b9a9379afeadf42f38a3c648d5540
SHA1

7b36a1de9a499a641f2d82edd2a0e549797581cd
SHA256

40a23c9f4e5f9614fcdc1943656a487d887dacd51dda2d2737ba968517d8bdb4
SHA512

30510ff21edfe1e99e221e2d4bef86974d681925025325b18c0c49292f7bea0db607e692757481c0f8b6c149e1a6c2dadfd51c679002436c75e0fe90a53067e2
SSDEEP

24576:7gHm6jFanKkinOlbsMlPjz3dXhQChtNsB:v6jgnKkinOlxdrrQCjNu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bb6b9a9379afeadf42f38a3c648d5540.exe

Files

NEAS.bb6b9a9379afeadf42f38a3c648d5540.exe
.exe windows:5 windows x86

d03571fa204f7a6fb711b47388159ceb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

zlib1

gzopen
gzerror
gzclose
gzwrite
gzsetparams
gzdopen

libintl-8

libintl_textdomain
libintl_bindtextdomain
libintl_ngettext
libintl_gettext

libpq

ord4
ord106
ord140
ord14
ord152
ord156
ord65
ord81
ord104
ord103
ord26
ord21
ord16
ord68
ord75
ord91
ord67
ord76
ord69
ord77
ord126
ord95
ord48
ord47
ord45
ord35
ord34
ord33
ord105
ord24
ord23
ord15
ord113
ord97
ord165
ord78

ws2_32

htonl
ntohl
select

kernel32

IsProcessorFeaturePresent
EncodePointer
QueryPerformanceCounter
IsDebuggerPresent
FindNextFileA
FindFirstFileA
FindClose
SleepEx
SetEnvironmentVariableA
GetModuleHandleA
GetSystemTimeAsFileTime
GetProcAddress
SetConsoleMode
GetConsoleMode
GetStdHandle
WideCharToMultiByte
MultiByteToWideChar
MoveFileExA
GetFileAttributesExA
GetFileAttributesA
CreateFileA
RemoveDirectoryA
CreateDirectoryA
FormatMessageA
DeviceIoControl
GetCurrentDirectoryA
CreateProcessA
CreatePipe
DuplicateHandle
CloseHandle
ReadFile
WaitForSingleObject
GetCurrentProcess
LocalFree
LocalAlloc
WaitForSingleObjectEx
GetLastError
GetExitCodeThread
DecodePointer
GetCurrentThreadId
GetCurrentProcessId
InterlockedIncrement

advapi32

AddAccessAllowedAceEx
GetAce
AddAce
GetAclInformation
InitializeAcl
GetLengthSid
SetTokenInformation
GetTokenInformation

msvcr120

_lseek
_open
_close
_strdup
_getcwd
_unlink
_umask
__iob_func
fclose
fopen
fwrite
puts
sscanf
_errno
exit
atoi
atol
strtod
free
strchr
strerror
isalpha
isspace
_dup
_time32
memcpy
memset
_commit
_fstat32
fputc
_pclose
getenv
strncpy
malloc
realloc
abort
strncmp
strstr
isupper
islower
toupper
tolower
sprintf
memmove
strrchr
isdigit
_dclass
_stat32
strcspn
fflush
fgets
fputs
_putenv
setlocale
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
_except1
_XcptFilter
_amsg_exit
__getmainargs
__set_app_type
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__initenv
_fmode
_commode
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_invoke_watson
_controlfp_s
_except_handler4_common
_beginthreadex
_fileno
_write
_mkdir

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

d03571fa204f7a6fb711b47388159ceb

Headers

DLL Characteristics

File Characteristics

Imports

zlib1

libintl-8

libpq

ws2_32

kernel32

advapi32

msvcr120

Sections

.text Size: 49KB - Virtual size: 49KB

.rdata Size: 16KB - Virtual size: 15KB

.data Size: 1024B - Virtual size: 3KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 49KB - Virtual size: 49KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 1024B - Virtual size: 3KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB