NEAS[.]5ea03510fcd914709a8674f851e23020[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5ea03510fcd914709a8674f851e23020.exe
Size

2.1MB
MD5

5ea03510fcd914709a8674f851e23020
SHA1

f89366f729d0809ebfc5a63fc59835fdfd31b4c2
SHA256

4101fc9747403d07aa44ed5e7671aef9cf3379491ee462588eeef3938aa1bc72
SHA512

7c0a5d2d58a9391b9971cdf0f95d9c2c9e0a24a6384835647adca41733a8c4198ef1e016ed209b02628ef3efd0994959fcc27b2da17feb0d51f89584452f3490
SSDEEP

49152:qacWsgO1Qt3usmqNb40Z1NdEcCQg3JecLq5yw531KBe7ZHD:qB/gy+JmS8C1MPIov0D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5ea03510fcd914709a8674f851e23020.exe

Files

NEAS.5ea03510fcd914709a8674f851e23020.exe
.dll windows:5 windows x86

88ad7ca4f4dfefc62b14dccee31ff70d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

Shell_NotifyIconA

kernel32

GetProcessHeap
GetUserDefaultLCID
GetModuleHandleA
GetModuleHandleW
GetModuleFileNameA
GetExitCodeProcess
WaitForSingleObject
LocalFlags
TransmitCommChar
GetOverlappedResult
EnterCriticalSection
SetEvent
InterlockedPushEntrySList
DeleteCriticalSection
VirtualAlloc
DisconnectNamedPipe
VerLanguageNameW
LeaveCriticalSection
TerminateProcess
GetSystemTimeAsFileTime

user32

CreateIconIndirect
GetWindowInfo
GetMenuItemID
UpdateWindow
DestroyIcon
InternalGetWindowText
GetMenuContextHelpId
GetUpdateRgn
GetMessagePos
GetMessageA
ShowWindow
PostQuitMessage
DeferWindowPos

ole32

HMENU_UserFree

oleaut32

SafeArrayCreate
VarI2FromStr
SysAllocStringLen

advapi32

CopySid
GetServiceDisplayNameW
CloseEventLog
CryptImportKey
CryptEncrypt

setupapi

SetupDiDestroyDeviceInfoList

gdi32

EnumEnhMetaFile
SetPixelV
SetBitmapBits

msvcrt

islower
memset
free

lz32

LZRead
LZSeek
LZOpenFileW

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_MEM_READ

.data
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

de
Size: 172KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 45KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88ad7ca4f4dfefc62b14dccee31ff70d

Headers

File Characteristics

Imports

shell32

kernel32

user32

ole32

oleaut32

advapi32

setupapi

gdi32

msvcrt

lz32

Sections

.text Size: 108KB - Virtual size: 104KB

.rdata Size: 1.6MB - Virtual size: 1.6MB

.data Size: 128KB - Virtual size: 127KB

PACK Size: 76KB - Virtual size: 74KB

.qdata Size: 32KB - Virtual size: 29KB

de Size: 172KB - Virtual size: 169KB

.rsrc Size: 4KB - Virtual size: 1008B

.reloc Size: 48KB - Virtual size: 45KB

.text
Size: 108KB - Virtual size: 104KB

.rdata
Size: 1.6MB - Virtual size: 1.6MB

.data
Size: 128KB - Virtual size: 127KB

PACK
Size: 76KB - Virtual size: 74KB

.qdata
Size: 32KB - Virtual size: 29KB

de
Size: 172KB - Virtual size: 169KB

.rsrc
Size: 4KB - Virtual size: 1008B

.reloc
Size: 48KB - Virtual size: 45KB