NEAS[.]f1978648d1d04d84cac8c2f8fb32ec70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f1978648d1d04d84cac8c2f8fb32ec70.exe
Size

300KB
MD5

f1978648d1d04d84cac8c2f8fb32ec70
SHA1

69ecfb4a721e99b087c0e936a3d72a7da4ff846a
SHA256

0ba16cefed7a35cd8c85e1aceaf6ab4311d5663bea963f6827ec2c3b4f20f45d
SHA512

6b739464b0a932e421346aa21bebee45fe053b92d3fcc159f794b407879b98c8f0a71a1c43f6d225f2feb72483e4fceb6ef23010a1954e78a9d564881a0238f7
SSDEEP

6144:3u+f+bycfMT7SuyhX4NKOZPrywLCRHDPvGzkDHsrQzbpYRT70hvyGF8f3/h:3hfuMTGuyhX4NKOZjywLCdD3GzyMczbe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f1978648d1d04d84cac8c2f8fb32ec70.exe

Files

NEAS.f1978648d1d04d84cac8c2f8fb32ec70.exe
.dll windows:4 windows x86

567f80d32d70f294a038f11d2b9b8dbf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
GetFileAttributesA
CreateFileA
GetTempPathA
CloseHandle
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFileSize
GetVersionExA
LockFile
LockFileEx
UnlockFile
Sleep
GetFullPathNameA
GetSystemTime
GetSystemTimeAsFileTime
MultiByteToWideChar
CompareStringW
CompareStringA
HeapSize
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetLastError
HeapFree
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
GetCurrentThreadId
GetCommandLineA
GetProcessHeap
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
WideCharToMultiByte
GetTimeZoneInformation
LCMapStringA
LCMapStringW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSection
RtlUnwind
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetEnvironmentVariableA

ole32

CoTaskMemFree
CoTaskMemAlloc

oleaut32

SafeArrayCreate
VariantInit
SysAllocString
SafeArrayPutElement
SysFreeString
VariantClear
SysAllocStringByteLen

Exports

Exports

number_of_rows_from_last_call
sqlite3_close
sqlite3_open
sqlite_get_table
sqlite_libversion

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

567f80d32d70f294a038f11d2b9b8dbf

Headers

File Characteristics

Imports

kernel32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 236KB - Virtual size: 235KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 4KB - Virtual size: 176B

.reloc Size: 12KB - Virtual size: 9KB

.text
Size: 236KB - Virtual size: 235KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 4KB - Virtual size: 176B

.reloc
Size: 12KB - Virtual size: 9KB