NEAS[.]ad404241591bfd7a452aec9d48dbdd00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ad404241591bfd7a452aec9d48dbdd00.exe
Size

544KB
MD5

ad404241591bfd7a452aec9d48dbdd00
SHA1

1d6b77c47333527e41cef96ec1e8f006140af113
SHA256

914bfab0028d3872508e5a4496a12b7390ea81dc1cfedf60ffb606122caf9ba4
SHA512

003f1add3afd6ff00dd8258e578044cbe4b993ae94d2fc3d4571ad29e849ec7b96fbf95dcd44feeef7afb473a1a5700feca9422e3f1594b94088b2bf2c0baa52
SSDEEP

6144:WqzsSJGKbp/FDPD9EJS6OcwtvJ6asAOkYe9:WfSJXbp/VPDeJ/wtvDsC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ad404241591bfd7a452aec9d48dbdd00.exe

Files

NEAS.ad404241591bfd7a452aec9d48dbdd00.exe
.exe windows:5 windows x86

0535b24cd1b76bed570b85ab13311df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

s2

?s2Transmit@@YAGPAVS2@@PAXK@Z
?s2CreateObject@@YAPAVS2@@XZ
?s2ConfigureDevice@@YAGPAVS2@@PAD@Z
?s2GetRawEthernetAdapters@@YAXPAPAPAD0PAH@Z
?s2FreeRawEthernetAdapters@@YAXPAPAPAD0@Z
?s2CreateObject@@YAPAVS2@@PAD@Z
?s2Open@@YAGPAVS2@@PAD@Z
?s2Close@@YAGPAVS2@@@Z
?s2ExecuteBinary@@YAGPAVS2@@PAXH1PAH@Z
?s2ReceiveSize@@YAGPAVS2@@PAXKPAK@Z
?s2ReceiveText@@YAGPAVS2@@PAD@Z
?s2Transmit2@@YAGPAVS2@@PAXK@Z
?s2Execute@@YAGPAVS2@@PAD1@Z
?s2Receive@@YAGPAVS2@@PAXK@Z

winmm

timeBeginPeriod
timeEndPeriod

kernel32

GetCPInfo
GetProcessHeap
SetEndOfFile
CreateFileW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
Sleep
GetTickCount
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
GetCurrentProcessId
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLocalTime
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
ExitProcess
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
GetCommandLineA
LCMapStringA
LCMapStringW
HeapAlloc
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
CloseHandle
ReadFile
WriteFile
GetConsoleCP
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CreateFileA
HeapSize
FlushFileBuffers
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 211KB - Virtual size: 210KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0535b24cd1b76bed570b85ab13311df0

Headers

DLL Characteristics

File Characteristics

Imports

s2

winmm

kernel32

version

Sections

.text Size: 211KB - Virtual size: 210KB

.rdata Size: 72KB - Virtual size: 71KB

.data Size: 7KB - Virtual size: 15KB

.rsrc Size: 253KB - Virtual size: 252KB

.text
Size: 211KB - Virtual size: 210KB

.rdata
Size: 72KB - Virtual size: 71KB

.data
Size: 7KB - Virtual size: 15KB

.rsrc
Size: 253KB - Virtual size: 252KB