NEAS[.]07fba7bb6f151bf50b7baf768aed0da0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.07fba7bb6f151bf50b7baf768aed0da0.exe
Size

220KB
MD5

07fba7bb6f151bf50b7baf768aed0da0
SHA1

f4b33d0a56d79aa817a5d46d2c41c0b2c58d4111
SHA256

ae156b4f1248d45249cc82f69f250dd93dfe2b449af9c13ac6437219c8d44724
SHA512

c49d15800412d3d0d9225560a0f367eed94d98a0408fb7962de80d882829a8d6283919b486f62a09c57963fb3f83a938db51a77ad0488889f5ef263f129a0371
SSDEEP

3072:4Cpdjjg/jrftezFuN3aTPEMJVGwHCPksREdl5Rt33DZkv:xjjWn8z8sTPEMJVJHmkAEtr3TZ4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.07fba7bb6f151bf50b7baf768aed0da0.exe

Files

NEAS.07fba7bb6f151bf50b7baf768aed0da0.exe
.dll windows:5 windows x86

25cfae1229ebe8ba3ebe8c90085a022a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapCreate
HeapDestroy
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
RtlUnwind
HeapSize
LCMapStringW
MultiByteToWideChar
GetStringTypeW
IsProcessorFeaturePresent

Exports

Exports

G7221_Dec_DeInit
G7221_Dec_Init
G7221_Dec_SetFormat
G7221_Decode

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

25cfae1229ebe8ba3ebe8c90085a022a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 30KB - Virtual size: 29KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 18KB - Virtual size: 21KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 2KB - Virtual size: 1KB

.text Size: 160KB - Virtual size: 160KB

.text
Size: 30KB - Virtual size: 29KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 18KB - Virtual size: 21KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 160KB - Virtual size: 160KB