NEAS[.]0ec30ce820db004bb775bfff1967ade0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0ec30ce820db004bb775bfff1967ade0.exe
Size

197KB
MD5

0ec30ce820db004bb775bfff1967ade0
SHA1

bfa2a90ed299448d01412d52b905f1799c3490d8
SHA256

04adf9fe0cb6f84a0aae07b5f1e7f7f4dde403536a118f4cf9f2a2245a314fc2
SHA512

ea75200cb3802ff8cb5924ae2a4e5019dbc892d4a2bac041b908a17d1623c44c0234a7cb029b108abe23ff9a46d72f9afc7981964ad4d37bd58a1c5ebecf6ae9
SSDEEP

3072:reT9OnHDeThCXOAvJjItBIoEutrhjaeMYZZtQNW+t5ic6LA4K:9nHDeFaOoJiBIutrV8LW+fgM4K

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0ec30ce820db004bb775bfff1967ade0.exe

Files

NEAS.0ec30ce820db004bb775bfff1967ade0.exe
.dll windows:5 windows x64

2c545db12b83186eec76f7046782517a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

WSAGetLastError
WSAStartup
WSAStringToAddressA
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyname
gethostname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket

msvcrt

___lc_codepage_func
___mb_cur_max_func
__iob_func
_amsg_exit
_errno
_getcwd
_initterm
_localtime64
_lock
_stat64
_strdup
_time64
_unlock
_vscprintf
_vsnprintf
abort
atoi
calloc
exit
fclose
fopen
fputc
fread
free
fwrite
getenv
isxdigit
localeconv
malloc
memcmp
memcpy
memset
qsort
rand
realloc
srand
strcat
strchr
strcmp
strerror
strlen
strncmp
strstr
strtok
tolower
toupper
vfprintf
wcslen

kernel32

CloseHandle
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExitThread
FreeLibrary
GetComputerNameExA
GetCurrentProcessId
GetLastError
GetModuleHandleW
GetProcAddress
GetStdHandle
GetSystemTimeAsFileTime
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
PeekNamedPipe
ReadFile
SetEvent
Sleep
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WideCharToMultiByte
WriteFile

Exports

Exports

Main
ServiceMain

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2c545db12b83186eec76f7046782517a

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

msvcrt

kernel32

Exports

Exports

Sections

.text Size: 120KB - Virtual size: 120KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 58KB - Virtual size: 60KB

.pdata Size: 1024B - Virtual size: 768B

.tls Size: 512B - Virtual size: 16B

.reloc Size: 9KB - Virtual size: 8KB

.text
Size: 120KB - Virtual size: 120KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 58KB - Virtual size: 60KB

.pdata
Size: 1024B - Virtual size: 768B

.tls
Size: 512B - Virtual size: 16B

.reloc
Size: 9KB - Virtual size: 8KB