NEAS[.]f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f.exe
Size

315KB
MD5

4247de093585ea6db6b6c520ca81247d
SHA1

7f820b9bf22db8b3896640c8d6a58645759e5cc0
SHA256

f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f
SHA512

5b236ff902c5c42591bc301eced8df056800fd6e5c9ef2383e504cbb1ba1f9ee3118e8d5e82a6b7d777bbbcf81f7c2b1bd6b8403d8ccc6646bf586715d0eb14e
SSDEEP

6144:qJR3JY53d1R0vyZyBgCI3YhOaxHnp0CHnAWxZ+IAOGu+3EA:1s+qpnp7hrgu/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f.exe

Files

NEAS.f8fe61e04324bca052cb7a6808c0e15502128106028e9cd9bbca5426ee2b568f.exe
.exe windows:6 windows x86

fbead5cf30fac8e550ee40c1e88200b2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
OpenProcess
LoadLibraryW
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetProcessHeap
GetCurrentProcess
TerminateProcess
WaitForSingleObject
Sleep
CloseHandle
GetNativeSystemInfo
HeapFree
OutputDebugStringA
ReadFile
GetLastError
GetModuleHandleW
WideCharToMultiByte
HeapSize
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
MultiByteToWideChar
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
CreateEventW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
RaiseException
RtlUnwind
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetEndOfFile
CreateFileW
GetFileType
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
GetStdHandle
WriteFile
SetStdHandle
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
HeapReAlloc
ReadConsoleW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
WriteConsoleW

shell32

SHGetFolderPathA

ntdll

RtlInitUnicodeString

rstrtmgr

RmGetList
RmRegisterResources
RmStartSession
RmEndSession

crypt32

CryptUnprotectData

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fbead5cf30fac8e550ee40c1e88200b2

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

ntdll

rstrtmgr

crypt32

Sections

.text Size: 235KB - Virtual size: 235KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 3KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 11KB - Virtual size: 10KB

.text
Size: 235KB - Virtual size: 235KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 3KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 11KB - Virtual size: 10KB