NEAS[.]7119d9709c515ba7ef2631fafe1254d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7119d9709c515ba7ef2631fafe1254d0.exe
Size

402KB
MD5

7119d9709c515ba7ef2631fafe1254d0
SHA1

19b062dd68ad5efb6fbfa0a9ccab5df39196b417
SHA256

070771fdf507e63dd44dc00a696fc3629f5db363c6b65976b46250691b60a555
SHA512

48952f17ddbbeee8f214f256aa6c3b359121777c812eaa0c7c47cca83fc7d1aa3d1d6d29424af9d3a8751b0ac96483175202e622d558af5edb215c0cac5fec06
SSDEEP

12288:enghafD8WsunEe1m91ebLTMGxtly3EB83vPpAHDhpYukY3yP24qcmoW/TX:enBcKq2RosTX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7119d9709c515ba7ef2631fafe1254d0.exe

Files

NEAS.7119d9709c515ba7ef2631fafe1254d0.exe
.dll windows:5 windows x86

509e1fc4f62d90d0313673ac8fde2ce2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
OpenProcess
Sleep
ReadProcessMemory
ReadFile
lstrcatA
lstrlenW
Module32First
FindFirstFileA
GetLastError
lstrcmpiA
VirtualAlloc
CopyFileA
FindClose
Process32Next
GetTickCount
CreateToolhelp32Snapshot
OutputDebugStringA
Module32Next
CloseHandle
FileTimeToLocalFileTime
GetTempPathA
DeleteFileA
CreateThread
lstrcpyA
SetFilePointer
WriteFile
Process32First
GetCurrentProcess
lstrcpynA
CreateFileA
FileTimeToDosDateTime
FindNextFileA
ExitProcess
GetProcessHeap
SetEndOfFile
HeapSize
HeapFree
HeapAlloc
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
HeapReAlloc
GetModuleHandleW
GetProcAddress
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
InitializeCriticalSectionAndSpinCount
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

wsprintfW
wsprintfA

advapi32

AdjustTokenPrivileges
GetUserNameA
RegOpenKeyExA
LookupPrivilegeValueA
RegQueryValueExA
OpenProcessToken
RegCloseKey

shell32

SHGetFolderPathA

shlwapi

PathFileExistsA
PathFindFileNameA
StrStrIA

Exports

Exports

ReflectiveLoader

Sections

.text
Size: 332KB - Virtual size: 331KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

509e1fc4f62d90d0313673ac8fde2ce2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 332KB - Virtual size: 331KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 13KB - Virtual size: 24KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 19KB - Virtual size: 18KB

.text
Size: 332KB - Virtual size: 331KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 13KB - Virtual size: 24KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 19KB - Virtual size: 18KB