NEAS[.]724c491d241a1d7eacd86eabcd07ef10[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.724c491d241a1d7eacd86eabcd07ef10.exe
Size

40KB
MD5

724c491d241a1d7eacd86eabcd07ef10
SHA1

f6c299cf4f412116cf900a3c031b31295ebb01da
SHA256

c2f961910bdf94077ef755e7f750cca2904103675078c1e5cd200d119765c3dc
SHA512

022237add2e82e77c576bd28635cb4473babd7626245f1efaedcee1309e693c8e8fde27e4609a62c8233729613c5fce681806f5fbfc19782e5f7b9cb13ab8225
SSDEEP

768:R2O8cA6C1/2fWNLKhOLUNqRcR7sc9AvPwI/7:RUcA6C1+fW6SUUi9AvPwIz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.724c491d241a1d7eacd86eabcd07ef10.exe

Files

NEAS.724c491d241a1d7eacd86eabcd07ef10.exe
.dll windows:4 windows x86

e45a7198fa4af57679bc3c3071d8019a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

perl514

Perl_xs_apiversion_bootcheck
Perl_xs_version_bootcheck
Perl_newXS
Perl_call_list
Perl_sv_isobject
Perl_call_method
Perl_hv_clear
Perl_newSVpv
Perl_av_push
Perl_newRV_noinc
Perl_av_len
Perl_av_fetch
Perl_sv_2iv_flags
Perl_sv_setuv
Perl_croak_nocontext
Perl_croak_xs_usage
Perl_sv_2pv_flags
Perl_sv_newmortal
Perl_sv_setiv
Perl_sv_setpv
Perl_mg_set
Perl_get_context
Perl_push_scope
Perl_save_int
Perl_markstack_grow
Perl_stack_grow
Perl_sv_2mortal
Perl_newRV
Perl_call_sv
Perl_free_tmps
Perl_pop_scope
Perl_newSV_type
Perl_newSViv
Perl_hv_common_key_len
Perl_sv_free

kernel32

GetProcAddress
LoadLibraryA
CloseHandle
GetCurrentProcess
CopyFileA
GetFileAttributesA
ExpandEnvironmentStringsA
GetModuleFileNameA
GetVersionExA
CreateThread
TerminateThread
GetExitCodeThread
Sleep
AllocConsole
FreeConsole
GetCurrentThreadId
GetLastError

user32

wsprintfA
SetTimer
GetThreadDesktop
GetProcessWindowStation
DispatchMessageA
PostThreadMessageA
GetWindow
GetMessageA
TranslateMessage
GetUserObjectSecurity
SetUserObjectSecurity
OpenWindowStationA
SetProcessWindowStation
OpenDesktopA
SetThreadDesktop
CloseDesktop
CloseWindowStation
KillTimer
GetDesktopWindow

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExA
RegLoadKeyA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
IsValidSid
OpenProcessToken
InitializeSecurityDescriptor
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
GetAclInformation
GetLengthSid
InitializeAcl
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
QueryServiceObjectSecurity
GetSecurityDescriptorSacl
SetServiceObjectSecurity
QueryServiceConfigA
ChangeServiceConfigA
OpenServiceA
DeleteService
OpenSCManagerA
LockServiceDatabase
CloseServiceHandle
CreateServiceA
UnlockServiceDatabase
RegConnectRegistryA
RegSetValueExA
CopySid
AddAccessAllowedAce
GetAce
AddAce
SetSecurityDescriptorDacl

msvcrt

malloc
_initterm
free
_onexit
__dllonexit
strchr
strncmp
sprintf
strlen
strcpy
strcmp
strcat
??2@YAPAXI@Z
memset
??3@YAXPAX@Z
_stricmp
_adjust_fdiv

Exports

Exports

_boot_Win32__Daemon
boot_Win32__Daemon

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e45a7198fa4af57679bc3c3071d8019a

Headers

File Characteristics

Imports

perl514

kernel32

user32

advapi32

msvcrt

Exports

Exports

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 8KB - Virtual size: 7KB

.data Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 1KB