NEAS[.]b54244e13cfaba0c975dbf11debfc6b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b54244e13cfaba0c975dbf11debfc6b0.exe
Size

584KB
MD5

b54244e13cfaba0c975dbf11debfc6b0
SHA1

63b60a9c25ea5df3e1d9a9e20b06a2c3ef132b74
SHA256

7ee7b6b1c335c63f77862ad77db6e0848b6a378906747b541e2e6dc31e9223b6
SHA512

668ff955e16f8342c4679a9e062d55cd71dd60c41be3d05f642d41b9f74046e6b2c1c6828c4fba5c0fe012baf08157ff354570ca752feaaab272d124363a0fe9
SSDEEP

12288:ryAkDd7wqQw2WeDtOTv39JdO5z8P4tBcbbGPMVTHF9Sa6qpO:+FDVZQWepKvdEYbGPeua6q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b54244e13cfaba0c975dbf11debfc6b0.exe

Files

NEAS.b54244e13cfaba0c975dbf11debfc6b0.exe
.exe windows:4 windows x86

3dbaede8c40adc56acadcba4c42aebfa

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
SetEvent
CreateThread
CreateEventA
CopyFileA
CreateDirectoryA
GetModuleFileNameW
GetModuleFileNameA
GetTempPathA
ExitProcess
lstrcmpiW
VirtualAlloc
GetCommandLineW
LCMapStringA
GetStringTypeW
GetStringTypeA
MultiByteToWideChar
GetOEMCP
GetACP
GetCPInfo
WriteFile
LoadLibraryExA
FindResourceA
SizeofResource
LoadResource
LockResource
GlobalAlloc
GetTickCount
lstrcpyW
CloseHandle
lstrcatW
Sleep
DeleteFileW
CopyFileW
CreateFileW
GetModuleHandleA
GetCurrentProcess
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
lstrcmpiA
LoadLibraryA
GetProcAddress
CreateFileA
GetLastError
GetLocalTime
RtlUnwind
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapReAlloc
VirtualFree
HeapCreate
HeapAlloc
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
LCMapStringW

user32

GetKeyState
wsprintfA

gdi32

DeleteDC
CreateCompatibleDC
SelectObject
GetMapMode
SetMapMode
GetObjectW
DPtoLP
StretchBlt
BitBlt

advapi32

AdjustTokenPrivileges
RegSetValueExA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegQueryValueExA
OpenSCManagerA
CreateServiceA
CloseServiceHandle
RegisterServiceCtrlHandlerA
SetServiceStatus
RegCreateKeyExA
RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

shell32

CommandLineToArgvW

shlwapi

PathFileExistsW

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 540KB - Virtual size: 538KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3dbaede8c40adc56acadcba4c42aebfa

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 12KB - Virtual size: 22KB

.rsrc Size: 540KB - Virtual size: 538KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 12KB - Virtual size: 22KB

.rsrc
Size: 540KB - Virtual size: 538KB