NEAS[.]eeec9d361632437d97a6f491d43af2d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.eeec9d361632437d97a6f491d43af2d0.exe
Size

196KB
MD5

eeec9d361632437d97a6f491d43af2d0
SHA1

a7d8572a9853a0fbf5bb0278b98a764a00bff81f
SHA256

278bb8ad205b21978f85bb31bf2c36fd7d561af3ab06a2d957951a0e39953bd2
SHA512

b1bed744ea34e05a1a52b1bfda7eea1a3f90d6eb126a8b0cd35ec2fa4ef53ae62330326304035f1affd04a93363138a0ed5b332c4a5611e6d009321fcc29cb70
SSDEEP

3072:C8TPHpVXhSFaf0nqZntfNvzdBctCVPKFVl1MegpKb8eOzA8o9z+fhlu48Vbx6u:C4JVXAFaJlctCsVl1MegpB3LMb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.eeec9d361632437d97a6f491d43af2d0.exe

Files

NEAS.eeec9d361632437d97a6f491d43af2d0.exe
.exe windows:4 windows x86

648a3b2f8c24db3420dd54184e7d5b46

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

bc32fn

PRINTINFO
pszCurrentModule
ZMINVERUX
ZMINVER
ZTRADVER
PropertiesEx
ZEXVARG
bGetActualArgsExv
bPrintFileName
ZPREXTEND
RADDR
DBFILEINFO
WS
GetTimeExt
SetString
XRS2
ZDECEURO
BCRound
CallDllFunction2
StrToUpper
GetLineArgs
MakeDirectory
AddSl
PHB
GetRightChar
GetPartOfString
pszSaveCurrentModule
BcxExit
DBClose
DBDatabase
FreeLocalData
szTmpBuf
pvTerminateProgram
AllocLocalData
strtrim
EMAILINFO
ZPRPAGERANGE
ZPRDUPLEX
ZPRCOLLATE
ZPRRUNFILEAPPL
ZTST
bIniModExecuted
ZENDFIL
Find
ZNOKEY
FormatDouble
Insert
Unlock
ZNODIR
ZNOFIL
iDBXError
SearchString
BCXFreeDynaArray
BCXGetDynaArray
fd4
CheckDate
fd11
FindDB5
ComposeFileName
SetCondition
PR
PRP
StrAdd
TABSet
GR
PHD
Open2
DBXAccess
BCXReadProgramOptions
iSopError
GetLeftChar
SkipRightBlk
DITTA
XRS1
DefineOutputDev
BCXWriteProgramOptions
CreateKey
Search
Next
TABCheckIntrExt
InvertDate
GetFileLen
TruncDecimal
FormatNumber
DBXISAMExvInterpreter
Update
TABWriteLineExt
TABJumpRowsExt
TABCloseSettings
TABClosePrinting
Close
bOptimizeSearch
iNewFrmSpec
pszSUBProto
psArgv
iArgc
CallAllPrograms
PROGC
ZNOMEXE
GetSharedMemEntry
BcMain2

bc32ui

RI
cColsRI
cRowsRI
pszDecodMessage
EntryInitProgramData
DBDefineStructs
DBCreateVars2
TRIC
RRA
EntryTerminateProgram
DBRemoveVars
RCCHAN
WgsInitData
ExitTerminateProgram
ZNUMDEC
TraceDebug2
SYSDATEXT
szProgramName
ABC
CANVID
ZINIDEC
pszID
WgsDefineWindow
WgsDrawScreenFrame
RO
RIF
KYM
RRI
RCI
ZDECOD
WgsSetValidateInput
WgsDrawScreen
WgsSetEnabledKeys
WgsSetDefinedKeys
WgsSetUncheckedKeys
WgsGetVideoInput
ZVIDCOMPVIS
WgsCheckInputData
WgsRestoreInputData
pszErrorMessage
WgsMessageBoxEx
pszWindowHeader
RTAB
RCSRCH
SearchSTR
WgsExitAppThread
WgsInitID
ExitInitProgramData

kernel32

TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
GetProcAddress
RaiseException
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
LCMapStringA
LCMapStringW
ExitProcess

Sections

.text
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

648a3b2f8c24db3420dd54184e7d5b46

Headers

File Characteristics

Imports

bc32fn

bc32ui

kernel32

Sections

.text Size: 128KB - Virtual size: 124KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 52KB - Virtual size: 52KB

.rsrc Size: 4KB - Virtual size: 824B

.text
Size: 128KB - Virtual size: 124KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 52KB - Virtual size: 52KB

.rsrc
Size: 4KB - Virtual size: 824B