NEAS[.]a7fb29d5deb8f50977629a3be0250490[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a7fb29d5deb8f50977629a3be0250490.exe
Size

62KB
MD5

a7fb29d5deb8f50977629a3be0250490
SHA1

f06ace9303f977a9962cdb482dc7843a0ffda720
SHA256

8b8627bc10982fb647951af93068469a84d51857816125f7237fb4e3c7abcfe2
SHA512

140f3e813a1c0ab95941c6572b6197a7f0a1922adb8a3440d15778bc49d5af31efad881c9f5f4e660e760b11d70bc9065f34e63ada727dd64ad5524159fcb5e1
SSDEEP

1536:fMGJxDEMHFyT/w8ALrTQ0a5Sa//Cylrri+oecvIVwB:f/bDLHFyJYGIanCylre+oecvbB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a7fb29d5deb8f50977629a3be0250490.exe

Files

NEAS.a7fb29d5deb8f50977629a3be0250490.exe
.dll regsvr32 windows:4 windows x86

878ccf1e06a259f04b3e2cdb3105904e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
UnmapViewOfFile
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetShortPathNameA
GetModuleHandleA
WideCharToMultiByte
FreeLibrary
SizeofResource
GetLastError
CreateFileMappingA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
GetProcAddress
LoadLibraryA
lstrcpyA
lstrcatA
GetTickCount
TlsGetValue
GetCurrentThreadId
OutputDebugStringW
MapViewOfFile
CloseHandle
TlsAlloc
TlsSetValue
GetModuleFileNameA
lstrlenA
FindResourceA
LoadResource
lstrcmpiA
HeapCreate
VirtualFree
GetVersionExA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
TlsFree
IsBadWritePtr
GetCPInfo
VirtualAlloc
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
WriteFile
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersion
SetLastError
GetEnvironmentVariableA
GetOEMCP
GetACP
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
ExitProcess
TerminateProcess
GetCurrentProcess
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW

user32

GetClassNameA
CharNextA
IsWindow
GetKeyState
EnumWindows
GetWindowLongA
IsIconic
GetWindowRect
GetDesktopWindow
CallNextHookEx
SetWindowsHookExA
UnhookWindowsHookEx

advapi32

RegDeleteKeyA
RegCreateKeyExA
RegDeleteValueA
RegCloseKey
RegOpenKeyExA
RegEnumKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegEnumValueA

ole32

CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysFreeString
SysStringLen
LoadRegTypeLi
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

878ccf1e06a259f04b3e2cdb3105904e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 6KB - Virtual size: 5KB

.data Size: 11KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 6KB - Virtual size: 5KB

.data
Size: 11KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 4KB - Virtual size: 4KB