NEAS[.]3b0ae09575bd7a19969356fea1d9fd20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3b0ae09575bd7a19969356fea1d9fd20.exe
Size

242KB
MD5

3b0ae09575bd7a19969356fea1d9fd20
SHA1

ebf40307c36ba34c04b7541423c1265953418359
SHA256

bc5d6a8b4329162c004c8c9d9bbafde27504707df3816c5d6dddec8c66541104
SHA512

5ae48134b92c0c6746935264eff35f4ce31fccce307eddefd2ccb81af818e20e2f215aa04d95a32f9e69eac7554810715bc3aebcca8dbde386c530026a5b83ea
SSDEEP

3072:9EV393vKG2thRFzyt/DOLzG6cSMa7T0tWSmNOH8JyG3mHewd1e9CCA6Q+ISKYMu0:XtFzyt/C26cOf0tWSmwH4y+XSn+AOc3

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3b0ae09575bd7a19969356fea1d9fd20.exe

Files

NEAS.3b0ae09575bd7a19969356fea1d9fd20.exe
.exe windows:6 windows x86

7eb72d3620a7e1a944a8d2396c64a6e2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmLockIMCC
ImmIsIME
ImmSetHotKey
ImmGetOpenStatus
ImmReleaseContext
ImmSetConversionStatus
ImmGetDescriptionA

shlwapi

StrStrA
StrChrA

kernel32

WriteConsoleW
HeapSize
CreateFileW
GetHandleInformation
VirtualFree
FindFirstVolumeMountPointW
EnumTimeFormatsA
SetWaitableTimer
GetBinaryTypeW
EnumSystemCodePagesW
Sleep
LoadLibraryA
GetProcAddress
GetConsoleWindow
ReadConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetProcessHeap
ReadFile
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
GetFileType
SetFilePointerEx
GetFileSizeEx
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
HeapFree
HeapReAlloc
HeapAlloc
LoadLibraryExW
FreeLibrary
GetLastError
RaiseException
RtlUnwind
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
CloseHandle
SetEvent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
SetEndOfFile

shell32

ExtractIconExW
ShellExecuteExW
ShellExecuteW

msacm32

acmDriverAddA
acmDriverMessage
acmFilterDetailsW
acmStreamSize
acmDriverDetailsA

winspool.drv

ord208
EnumPrintProcessorDatatypesW
FindClosePrinterChangeNotification
ConfigurePortA
ord201
ord210

mapi32

ord78
ord19
ord205
ord195
ord138
ord68
ord177
ord23

winmm

PlaySound
midiOutGetVolume
mmioStringToFOURCCW
midiOutLongMsg
SendDriverMessage
mmioGetInfo
NotifyCallbackData
mmDrvInstall
midiInGetID

ws2_32

shutdown
WSAStartup
WSASendDisconnect
WSASocketW
WSASocketA

user32

ShowWindow

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysAllocString
VariantInit

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7eb72d3620a7e1a944a8d2396c64a6e2

Headers

DLL Characteristics

File Characteristics

Imports

imm32

shlwapi

kernel32

shell32

msacm32

winspool.drv

mapi32

winmm

ws2_32

user32

ole32

oleaut32

Sections

.text Size: 165KB - Virtual size: 165KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 4KB - Virtual size: 7KB

.gfids Size: 1024B - Virtual size: 528B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 165KB - Virtual size: 165KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 4KB - Virtual size: 7KB

.gfids
Size: 1024B - Virtual size: 528B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 8KB - Virtual size: 8KB