NEAS[.]db6b992c4c2cab22932aa462c93176b0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.db6b992c4c2cab22932aa462c93176b0.exe
Size

212KB
MD5

db6b992c4c2cab22932aa462c93176b0
SHA1

0bb0b3027465d0852a6f24a1db6e3be848501522
SHA256

7b8b5010eb5adf9c804d5778ad77dc0e8e8d53af10cb2d4ed22048340bb746aa
SHA512

9ff9b01efa36f4f7e27b220ae9a926095a4af273320be45a73923e1ac837b3cb461175848f1517ae1870115b6dfbaeaa5d184d0570e7bd3c8167072fa8e22d0b
SSDEEP

3072:Gv/IL44frgyGGqB/QH1VdzDu43d/9gCOuMHCV+yXSD7ihxrG/AIqfc6KpYffLT:4AU40GqVQV9tirCVcXinG/Af0ZSffL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.db6b992c4c2cab22932aa462c93176b0.exe

Files

NEAS.db6b992c4c2cab22932aa462c93176b0.exe
.exe windows:4 windows x86

fc2348e5cba0fcca8012f922614733e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetActiveWindow
SubtractRect
DialogBoxParamA
EqualRect
ToAscii
DialogBoxIndirectParamA
AttachThreadInput
GetClassInfoExA
GetClipboardFormatNameA
GetClipboardOwner
OemKeyScan
SetKeyboardState
GetKeyState
SetDoubleClickTime
DdePostAdvise
GetMessageA
GetMessageTime
DdeAbandonTransaction
DdeFreeDataHandle
GetSysColor
LoadAcceleratorsA
SetWinEventHook
ClipCursor
CreateMenu

msvcrt

_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_open
__p__commode
__p__fmode
__set_app_type
_controlfp
_exit
_adjust_fdiv
_c_exit

lz32

LZSeek
LZStart
LZDone

version

GetFileVersionInfoW

kernel32

GetStartupInfoA
GetModuleHandleA
GetSystemDirectoryW
GetPrivateProfileIntW
GlobalUnfix
GetPrivateProfileSectionNamesW
GlobalDeleteAtom
GetCurrentThread
HeapAlloc
ConnectNamedPipe
GetStdHandle
GetLongPathNameA

advapi32

LsaEnumerateTrustedDomains
RegOpenKeyA
LsaQueryTrustedDomainInfo
LsaLookupSids
DecryptFileA
LsaSetInformationPolicy
RegOverridePredefKey
LsaDeleteTrustedDomain
ReadEventLogA
LsaQueryInformationPolicy
LogonUserA
LsaEnumerateAccountRights
ObjectOpenAuditAlarmA

comctl32

PropertySheetW
ord13
ImageList_Merge
ord14
ord17
InitializeFlatSB
ImageList_DragLeave
ImageList_BeginDrag
FlatSB_EnableScrollBar
ImageList_GetIconSize
FlatSB_SetScrollRange
ImageList_Copy
FlatSB_SetScrollProp
ImageList_Create
ImageList_DragEnter
DestroyPropertySheetPage
ord5
FlatSB_GetScrollPos
ImageList_AddMasked
CreatePropertySheetPageA
FlatSB_SetScrollPos
ImageList_Destroy
FlatSB_GetScrollInfo
ImageList_GetImageCount
ImageList_GetImageInfo
CreatePropertySheetPageW
ImageList_DragMove
ImageList_DragShowNolock

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 160KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc2348e5cba0fcca8012f922614733e8

Headers

File Characteristics

Imports

user32

msvcrt

lz32

version

kernel32

advapi32

comctl32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 8KB - Virtual size: 6KB

.data Size: 160KB - Virtual size: 1.2MB

.rsrc Size: 12KB - Virtual size: 11KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 160KB - Virtual size: 1.2MB

.rsrc
Size: 12KB - Virtual size: 11KB