NEAS[.]210887a84902f698369046ca1bdceaf0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.210887a84902f698369046ca1bdceaf0.exe
Size

2.5MB
MD5

210887a84902f698369046ca1bdceaf0
SHA1

c5b564f32a10f6f66d4c6f216de7046570ed4587
SHA256

ff62e79f407188449de4051aa6d5417ca868eb58494082f4a5919e0b4eeca28e
SHA512

0df4372dc69bc189e99428596a787e178234f5ff57c23ef3f99d97af9daf4034641afa00592dda06fdb572d86b4b34027ac5fc3eb9551ac4aa25a40eafa54e1f
SSDEEP

49152:/wekzFw0M2y8zGOhX7YXaAeqNQlBXkWIorNI2Ej13U45CczfQKR:/0znMnfYKxeqOlBXkWo2E6c7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.210887a84902f698369046ca1bdceaf0.exe

Files

NEAS.210887a84902f698369046ca1bdceaf0.exe
.dll windows:5 windows x86

d9934fb270e00abda764d0dc07811cab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

GetErrorInfo
SafeArrayCreate
LoadTypeLibEx

kernel32

SetEvent
GetProcessHeap
EnterCriticalSection
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetModuleHandleW
GetBinaryTypeA
FlushConsoleInputBuffer
GetConsoleCursorInfo
GetUserDefaultLangID
WaitForSingleObject
TerminateProcess
LeaveCriticalSection
InterlockedPushEntrySList
GetExitCodeProcess
GetSystemTimeAsFileTime
DeleteCriticalSection

msvcrt

iswalpha
getchar
memset

setupapi

SetupDiDestroyDeviceInfoList

gdi32

GetRgnBox
StretchBlt
GetDeviceGammaRamp

version

VerQueryValueA

user32

PostQuitMessage
ToAscii
GetMessageA
SetActiveWindow
GetKeyboardLayoutList
SetWindowContextHelpId
ShowCursor
GetUpdateRgn
SetClipboardViewer
GetClipboardData
IsWindowUnicode
ChildWindowFromPoint
ShowWindow
GetWindowInfo
ShowWindowAsync
EnumDisplayDevicesA
UpdateWindow

lz32

GetExpandedNameW
LZCopy
LZSeek

advapi32

SetSecurityDescriptorControl
PrivilegeCheck
LogonUserA
SetKernelObjectSecurity
CryptSignHashA
InitializeAcl

Exports

Exports

EaenknaereiNo

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 468KB - Virtual size: 466KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

OPBG-3
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d9934fb270e00abda764d0dc07811cab

Headers

File Characteristics

Imports

oleaut32

kernel32

msvcrt

setupapi

gdi32

version

user32

lz32

advapi32

Exports

Exports

Sections

.text Size: 36KB - Virtual size: 33KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 128KB - Virtual size: 129KB

CONST Size: 468KB - Virtual size: 466KB

OPBG-3 Size: 1.8MB - Virtual size: 1.8MB

.rsrc Size: 4KB - Virtual size: 928B

.reloc Size: 32KB - Virtual size: 30KB

.text
Size: 36KB - Virtual size: 33KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 128KB - Virtual size: 129KB

CONST
Size: 468KB - Virtual size: 466KB

OPBG-3
Size: 1.8MB - Virtual size: 1.8MB

.rsrc
Size: 4KB - Virtual size: 928B

.reloc
Size: 32KB - Virtual size: 30KB