NEAS[.]b7316dbea82568b587d1504b8df41960[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b7316dbea82568b587d1504b8df41960.exe
Size

2.0MB
MD5

b7316dbea82568b587d1504b8df41960
SHA1

b2b340880c44b2581916137431bb9a6eccfb7bc5
SHA256

4df1a85d6b2c53569d4a3b3c48d2fa2e9fee8ed1f975486a4087dc850bdafae4
SHA512

af4fff1c2f277151f8ee2078ed8de42b442666c9db4ea17a871f5ade09a0ce393d7e9bdfe144789b69c026cf36d0bd2a98b459823c2f2eb52106db1ab84d0a95
SSDEEP

49152:Wl20i8Ewu1R1v0njTDQRyGw0j11tmlNQ2ayVup3:J0R4p0nfDQp11wlNQ1ya

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b7316dbea82568b587d1504b8df41960.exe

Files

NEAS.b7316dbea82568b587d1504b8df41960.exe
.exe windows:6 windows x86

84399b5970253b8a34d4dbb90a05e4ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegGetValueW
RegCloseKey
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
RegOpenKeyExA

kernel32

GetFileType
WriteConsoleW
GetCurrentProcess
LeaveCriticalSection
LoadLibraryW
GetProcAddress
EnterCriticalSection
InitializeCriticalSection
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
SetErrorMode
RtlCaptureContext
GetCurrentThread
GetCurrentThreadId
GetLastError
GetCurrentProcessId
CloseHandle
ExpandEnvironmentStringsW
SetLastError
GetEnvironmentVariableW
GetNativeSystemInfo
GetProcessTimes
GetCommandLineW
FindFirstFileW
FindNextFileW
FindClose
GetModuleFileNameW
GetLongPathNameW
GetConsoleMode
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
GetSystemTimeAsFileTime
GetModuleHandleW
GetFileAttributesW
CreateFileW
GetCurrentDirectoryW
CreateDirectoryW
SetCurrentDirectoryW
GetVolumePathNameW
GetDriveTypeW
GetFinalPathNameByHandleW
Sleep
GetFileInformationByHandle
MoveFileExW
SetFileTime
CreateFileMappingW
MapViewOfFile
VirtualQuery
DuplicateHandle
UnmapViewOfFile
FlushFileBuffers
GetSystemInfo
FindFirstFileExW
GetSystemTime
SystemTimeToFileTime
SetFileInformationByHandle
ReadFile
MultiByteToWideChar
WideCharToMultiByte
RaiseException
WaitForSingleObject
CreateProcessW
CreateJobObjectW
SetInformationJobObject
AssignProcessToJobObject
SetProcessAffinityMask
ResumeThread
TerminateProcess
K32GetProcessMemoryInfo
GetExitCodeProcess
SearchPathW
FormatMessageA
LocalFree
VirtualProtect
FreeLibrary
LoadLibraryExA
DeleteCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
InitializeSListHead
InitOnceBeginInitialize
InitOnceComplete
InitializeCriticalSectionAndSpinCount

msvcp140

?_Xbad_function_call@std@@YAXXZ
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
?_Xlength_error@std@@YAXPBD@Z
?_Winerror_map@std@@YAHH@Z
?_Syserror_map@std@@YAPBDH@Z
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_init_in_situ
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_destroy_in_situ
?set_new_handler@std@@YAP6AXXZP6AXXZ@Z

vcruntime140

__std_exception_destroy
_CxxThrowException
__current_exception_context
__current_exception
__CxxFrameHandler3
strchr
memchr
memset
_purecall
memcmp
memmove
memcpy
_except_handler4_common
__std_exception_copy

api-ms-win-crt-heap-l1-1-0

_set_new_mode
realloc
malloc
free
calloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

abort
exit
_invoke_watson
_invalid_parameter_noinfo_noreturn
_controlfp_s
terminate
_set_error_mode
_set_abort_behavior
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
signal
_seh_filter_exe
_set_app_type
_errno
_get_initial_narrow_environment
_initterm
_initterm_e
_exit
_register_thread_local_exe_atexit_callback
__p___argc
__p___argv
_c_exit

api-ms-win-crt-string-l1-1-0

isupper
wcslen
tolower
strnlen
islower
isalnum
strncmp
strcmp
toupper
isalpha
strlen

api-ms-win-crt-utility-l1-1-0

qsort
rand
srand
_byteswap_ushort

api-ms-win-crt-stdio-l1-1-0

__p__commode
_open_osfhandle
__acrt_iob_func
_lseek
_write
_close
fflush
_set_fmode
_get_osfhandle
_fileno
_lseeki64
__stdio_common_vsprintf
_setmode

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-math-l1-1-0

log10
ceil
__setusermatherr

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
asctime

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 612KB - Virtual size: 616KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84399b5970253b8a34d4dbb90a05e4ed

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 199KB - Virtual size: 198KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 612KB - Virtual size: 616KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 199KB - Virtual size: 198KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 612KB - Virtual size: 616KB