NEAS[.]22cd52164cf1b196e8969f4b9acb7a5b1b993f7289aad73ce3f62b7c0292dba4[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.22cd52164cf1b196e8969f4b9acb7a5b1b993f7289aad73ce3f62b7c0292dba4.exe
Size

226KB
MD5

9a5f6468e02166ad7a4fe0134898697a
SHA1

6c77457dfadebb9629ce91da084bb7b54817d386
SHA256

22cd52164cf1b196e8969f4b9acb7a5b1b993f7289aad73ce3f62b7c0292dba4
SHA512

cadbe51cd2c2c44dacbb3028ad263190ac8e4f13bc452aef4911c0feebbef84f6def069ad5daf935cbfb9500c2ce0f11c1b6d4936867371cdbbdc160b454e66f
SSDEEP

3072:bWKI9kEeHSSb5uEzqScBnGSolAAshZXMxZ/JyUPTv+9iLWYHl0tgVxvmTnxoplrW:dI9kVyHT0ApfXMfRyU7G98l0r+dG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.22cd52164cf1b196e8969f4b9acb7a5b1b993f7289aad73ce3f62b7c0292dba4.exe

Files

NEAS.22cd52164cf1b196e8969f4b9acb7a5b1b993f7289aad73ce3f62b7c0292dba4.exe
.exe windows:6 windows x86

e1336886443ac30ae88fd142cb43c984

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathW
WriteConsoleW
FindNextFileW
FindFirstFileW
FindClose
EnumSystemCodePagesA
VirtualAlloc
DeleteFileW
HeapSize
CreateFileW
GetProcessHeap
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
HeapReAlloc
ReadConsoleW
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
CloseHandle
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapFree
HeapAlloc
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
WriteFile
GetStdHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
LCMapStringEx
GetCPInfo
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
RaiseException
RtlUnwind
SetEndOfFile

crypt32

CryptVerifyMessageHash
CertDeleteCTLFromStore
CertAddSerializedElementToStore
CryptVerifyMessageSignatureWithKey

mswsock

SetServiceW
MigrateWinsockConfiguration
GetTypeByNameW
sethostname
GetNameByTypeA
rcmd
GetAcceptExSockaddrs
inet_network
GetAddressByNameW

winspool.drv

EnumMonitorsA
GetPrinterW
EXTDEVICEMODE
EnumJobsA
GetPrinterDataExW
GetPrinterDataA
DeletePrinterDriverW
ord216
AdvancedDocumentPropertiesA
EnumPrinterKeyA
AddPrintProcessorW
DeletePrinterKeyA

rpcrt4

I_RpcConnectionInqSockBuffSize
RpcObjectSetType
I_RpcBindingToStaticStringBindingW
NdrConformantStructBufferSize
MesEncodeIncrementalHandleCreate
RpcBindingInqObject
NdrConformantVaryingStructBufferSize
NdrNsSendReceive
I_RpcReallocPipeBuffer

wsock32

WSAAsyncGetProtoByName
WSAIsBlocking
socket
send
htons

wininet

RetrieveUrlCacheEntryFileW
InternetConnectA
FindFirstUrlCacheContainerW
InternetCrackUrlW
InternetGetCookieW
GetUrlCacheEntryInfoExW
CreateUrlCacheContainerW
RunOnceUrlCache
FindNextUrlCacheEntryExA
InternetSetOptionA
FindNextUrlCacheEntryExW

ws2_32

WSAProviderConfigChange
WSAGetServiceClassNameByClassIdW

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e1336886443ac30ae88fd142cb43c984

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

crypt32

mswsock

winspool.drv

rpcrt4

wsock32

wininet

ws2_32

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 44KB - Virtual size: 44KB

.data Size: 10KB - Virtual size: 14KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 10KB - Virtual size: 14KB