NEAS[.]44b6577945985b22372d098aad1bd7c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.44b6577945985b22372d098aad1bd7c0.exe
Size

1.3MB
MD5

44b6577945985b22372d098aad1bd7c0
SHA1

72a4d4017a222da26fc42d333e34c7543ec6ce67
SHA256

34cceac576d794a76c35c9e2a11c174677948b007139791605364a7a3910e4a8
SHA512

535e622264477800d673b9f6f867596944cda23c4473f0b58fd7db2d9c514539170b40f55ec4a41b02f8a6400804f61cf43ad7c17bf0eae191804e7ef2044f8b
SSDEEP

12288:R9aHuVzrhKdq17OsIES9xZjGtEzqrBs0Ly4QRJovukniWKf/PyUMYCgHvwOyohm:R9aH787OsI1xZOEQ/QRiv3ni/GOvG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.44b6577945985b22372d098aad1bd7c0.exe

Files

NEAS.44b6577945985b22372d098aad1bd7c0.exe
.exe windows:5 windows x64

4cb0bcb130e5a05bcf628fec922fe4cf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

WideCharToMultiByte
FindClose
FindNextFileW
FindFirstFileW
LoadLibraryExW
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
GetProcAddress
CreateFileA
GetProcessHeap
SetEndOfFile
ReadFile
WriteConsoleW
FreeLibrary
MultiByteToWideChar
GetLastError
HeapFree
HeapAlloc
Sleep
ExitProcess
EnterCriticalSection
LeaveCriticalSection
GetFullPathNameW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
HeapReAlloc
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetCurrentDirectoryA
GetDriveTypeA
LCMapStringW
CloseHandle
HeapSize
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
LCMapStringA
GetTimeZoneInformation
SetStdHandle
CreateFileW
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
WriteConsoleA
GetConsoleOutputCP
CompareStringA

user32

CreateWindowExW
SetClassLongPtrW
MessageBoxW
LoadIconW

comctl32

ord17

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4cb0bcb130e5a05bcf628fec922fe4cf

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

Sections

.text Size: 91KB - Virtual size: 90KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 7KB - Virtual size: 15KB

.pdata Size: 4KB - Virtual size: 3KB

.reloc Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 7KB - Virtual size: 15KB

.pdata
Size: 4KB - Virtual size: 3KB

.reloc
Size: 1.2MB - Virtual size: 1.2MB