NEAS[.]e5f870655596ffc451a6c2a9931f5240[.]exe

General

Target

NEAS.e5f870655596ffc451a6c2a9931f5240.exe
Size

80KB
MD5

e5f870655596ffc451a6c2a9931f5240
SHA1

e994195f7f0f3423da239fc5150440f755689dfe
SHA256

52c7e1e54b74872136513fad1c6733e3f3134cfef7148f0638f2911a5059d525
SHA512

fbb55e9fd297a51e26541c0cc30b5ecb53ef2e650caf4bcfd5e37daecbb8e4c78efa6846d4d0e1027565eef0da4252e555d9657d588a0eaa3a22e59d533e3cb9
SSDEEP

768:4muy8UYSRNHO5dxUOUYC/uC9d28XT8KngY2SUQ5+w81kiB9MQUxcvBesvqd4Fxcr:4Fy1YuSA/lT8SgSVxcvp+oMtNXZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e5f870655596ffc451a6c2a9931f5240.exe

Files

NEAS.e5f870655596ffc451a6c2a9931f5240.exe
.dll windows:4 windows x86

c8a8afe7a2554b88380ef520cbe85cdc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
GetProcAddress
GetModuleHandleA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetCommandLineA
GetVersion
RtlUnwind
HeapFree
RaiseException
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
VirtualAlloc
IsBadWritePtr
SetUnhandledExceptionFilter
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
LoadLibraryA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
ReadFile
LCMapStringA
LCMapStringW

user32

SendMessageA
FindWindowA

Exports

Exports

GetModuleAuthor
GetModuleDescription
GetModuleEmail
GetModuleVersion
GetModuleWebsite
OnClientStart
OnClientStop
OnGameCommandLine
OnGameJoin
OnGameLeave
OnGamePacketBeforeReceived
OnGamePacketBeforeSent
OnGameTimerTick

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8a8afe7a2554b88380ef520cbe85cdc

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 52KB - Virtual size: 49KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 8KB - Virtual size: 29KB

.reloc Size: 8KB - Virtual size: 5KB

.text
Size: 52KB - Virtual size: 49KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 8KB - Virtual size: 29KB

.reloc
Size: 8KB - Virtual size: 5KB