NEAS[.]5f005fd93478c345e561ab07ccd49bf0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5f005fd93478c345e561ab07ccd49bf0.exe
Size

68KB
MD5

5f005fd93478c345e561ab07ccd49bf0
SHA1

f557cbfe264429fa85a6dcedc793f3fb560ca476
SHA256

928bdf6a6be6656f83441177f7ec25effd6fbdf047159d1410506623756b24a3
SHA512

9006f80853dd38fbd66fd2c83fcc999b20068d721bf606e263d51bdf16997979c49427d8c095ace2606be3338833d4c71e0c7f2c3dfccd39a4f7854b18be3770
SSDEEP

1536:lrTSibVlsx4cNPnSH3pqDnO1/d8t8sWytGdtXQz:lrTRbVlsxjNvSH3pQgYuWz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5f005fd93478c345e561ab07ccd49bf0.exe

Files

NEAS.5f005fd93478c345e561ab07ccd49bf0.exe
.dll windows:5 windows x64

2a35d897a3dadc5298645716ce46c77f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
CreateFileA
GetFileSize
GetTickCount
Sleep
GetExitCodeProcess
CreateProcessA
ReadFile
GetLastError
GetTempFileNameA
CloseHandle
GetCurrentProcessId
GetTempPathA
DeleteFileA
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
LCMapStringW
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
SetLastError
EncodePointer
DecodePointer
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
GetProcessHeap
GetStdHandle
GetFileType
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
WideCharToMultiByte
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
LoadLibraryW
HeapSize
CreateFileW

ws2_32

inet_ntoa
WSAStartup
recvfrom
inet_addr
WSAGetLastError
setsockopt
sendto
WSACleanup
closesocket
WSASocketA

Exports

Exports

Libxml

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a35d897a3dadc5298645716ce46c77f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

Exports

Exports

Sections

.text Size: 31KB - Virtual size: 31KB

.rdata Size: 25KB - Virtual size: 24KB

.data Size: 5KB - Virtual size: 24KB

.pdata Size: 2KB - Virtual size: 1KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 5KB - Virtual size: 24KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 3KB - Virtual size: 3KB