NEAS[.]7e2e5c1bae2cebc74728d4d79a1c7c40[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7e2e5c1bae2cebc74728d4d79a1c7c40.exe
Size

637KB
MD5

7e2e5c1bae2cebc74728d4d79a1c7c40
SHA1

170cf324e791f3b3490023ae1db8b88cbbb80d0f
SHA256

6fd19bd060e81ce90f7774403c7ed236a2b2309004163e28c26cff17b19e12a5
SHA512

b63c24b915e95b4a0c97af7704add01143ff08a14623d54f09bc13765b80bd24a31af60ce697053c0ede9fd43917b94103b0ef4a4219e96ed53120a4a58e4d15
SSDEEP

12288:6g2Xc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDt3kbE:YsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7e2e5c1bae2cebc74728d4d79a1c7c40.exe

Files

NEAS.7e2e5c1bae2cebc74728d4d79a1c7c40.exe
.exe windows:6 windows x86

9262df7f8c09e8047e8b5dd2d8d4009f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW

kernel32

GetProcAddress
GetVersion
CompareStringW
GetModuleHandleW
GetSystemTime
GetCommandLineW
GetLastError
SetLastError
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InitOnceExecuteOnce
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsDebuggerPresent
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
EnterCriticalSection
LeaveCriticalSection
HeapFree
Sleep
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
FreeLibrary
LoadLibraryExW
OutputDebugStringW
LoadLibraryW
RtlUnwind
HeapAlloc
HeapReAlloc
WideCharToMultiByte
GetStringTypeW
HeapSize
LCMapStringEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
GetFileAttributesW
CreateDirectoryW
GetTempPathW
GetCurrentDirectoryW
InitializeCriticalSection
lstrlenA
GetLocalTime
GetCurrentProcessId
SetFilePointer
GetComputerNameW
lstrlenW
GetSystemDirectoryW
GetFullPathNameW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation

msi

ord137
ord238
ord190
ord45
ord90
ord173
ord111
ord70
ord169
ord205
ord141
ord88

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

9262df7f8c09e8047e8b5dd2d8d4009f

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msi

version

Sections

.text Size: 52KB - Virtual size: 52KB

.data Size: 3KB - Virtual size: 11KB

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 52KB - Virtual size: 52KB

.data
Size: 3KB - Virtual size: 11KB

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 576KB - Virtual size: 580KB