NEAS[.]90b1af3e84a880e074e41911951cecd0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.90b1af3e84a880e074e41911951cecd0.exe
Size

1.5MB
MD5

90b1af3e84a880e074e41911951cecd0
SHA1

311128bbac256719ddb573492e7201a57a770906
SHA256

7f67582dd17e97018b04efb33d50b0bf3e744de4f34b9ce4ade7e9a3d8b24962
SHA512

43e6b7ac858c271d658db1f97d0a7d9f7e5a371ee826d5d3987a1665dba345572a57306507fe28612d8084d92e9fd0e4a6b3821408472d2c4b1f972f1453a4be
SSDEEP

49152:tzg3mD5LeB+8V55FUcSY6c+Y2EdNhZM+CTq:WWD5X8V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.90b1af3e84a880e074e41911951cecd0.exe

Files

NEAS.90b1af3e84a880e074e41911951cecd0.exe
.exe windows:4 windows x86

dda464d36d6fc9beb4aad1ab987dddd9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
LocalFree
FormatMessageA
GetCurrentProcessId
GetDiskFreeSpaceExA
GetVolumeInformationA
LocalFileTimeToFileTime
SystemTimeToFileTime
ReadFile
VirtualAlloc
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
CopyFileExA
GlobalUnlock
GlobalLock
GlobalAlloc
VirtualFree
GetModuleFileNameA
LoadLibraryA
CreateFileW
GetVersion
SetEndOfFile
SetFilePointer
DosDateTimeToFileTime
GetLocalTime
GetFullPathNameA
FindFirstFileA
FindNextFileA
FindClose
SetVolumeLabelA
GetDriveTypeA
GetLocaleInfoA
GetConsoleScreenBufferInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
SetConsoleMode
GetConsoleMode
lstrcpynA
LeaveCriticalSection
lstrcmpiA
EnterCriticalSection
lstrlenA
InitializeCriticalSection
ReleaseMutex
WaitForSingleObject
CreateFileA
CreateMutexA
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
CreateProcessA
GetExitCodeProcess
RtlUnwind
GetCurrentThreadId
GetCurrentDirectoryW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetCPInfo
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
GetEnvironmentStringsW
GetFileTime
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
VirtualQuery
GetSystemInfo
VirtualProtect
SetEnvironmentVariableW
FlushFileBuffers
SetCurrentDirectoryA
GetFullPathNameW
LCMapStringW
LCMapStringA
WriteFile
UnhandledExceptionFilter
GetTimeZoneInformation
WideCharToMultiByte
GetStartupInfoA
SetHandleCount
HeapCreate
HeapDestroy
GetFileType
SetStdHandle
MultiByteToWideChar
HeapReAlloc
GetVersionExA
SetFileTime
CloseHandle
GetFileAttributesW
GetFileAttributesA
GetLastError
SetConsoleTextAttribute
ExitProcess
GetFileAttributesExA
SetFileAttributesA
Sleep
QueryPerformanceFrequency
QueryPerformanceCounter
InterlockedExchange
GetTickCount
GetCommandLineA
RemoveDirectoryA
GetProcAddress
GetModuleHandleA
TerminateProcess
GetSystemTimeAsFileTime
DeleteFileA
GetDriveTypeW
FindFirstFileW
MoveFileA
MoveFileW
FindNextFileW
GetCurrentDirectoryA
GetTimeFormatA
GetDateFormatA
CreateDirectoryA

user32

ReleaseDC
GetWindowDC
GetDesktopWindow
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
MessageBeep
GetClipboardData
IsClipboardFormatAvailable
CharToOemA
OemToCharA
MessageBoxA

gdi32

GetDeviceCaps

ws2_32

send
recv
inet_addr
socket
sendto
connect
gethostbyname
inet_ntoa
ntohs
shutdown
closesocket
WSAStartup
htons
WSACleanup
listen
getsockname
bind
setsockopt
htonl
ioctlsocket
gethostname
accept
WSAGetLastError
__WSAFDIsSet
recvfrom
select

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
OpenProcessToken

shell32

ShellExecuteA

Sections

.text
Size: 1020KB - Virtual size: 1018KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 496KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8�ݣu�
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

dda464d36d6fc9beb4aad1ab987dddd9

Headers

File Characteristics

Imports

kernel32

user32

gdi32

ws2_32

advapi32

shell32

Sections

.text Size: 1020KB - Virtual size: 1018KB

.rdata Size: 500KB - Virtual size: 496KB

.data Size: 16KB - Virtual size: 442KB

8�ݣu� Size: 20KB - Virtual size: 20KB

.text
Size: 1020KB - Virtual size: 1018KB

.rdata
Size: 500KB - Virtual size: 496KB

.data
Size: 16KB - Virtual size: 442KB

8�ݣu�
Size: 20KB - Virtual size: 20KB