NEAS[.]6edd3cfef05a2ccf6478f697a4d71720[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6edd3cfef05a2ccf6478f697a4d71720.exe
Size

314KB
MD5

6edd3cfef05a2ccf6478f697a4d71720
SHA1

0b5f23b3f5abd799d8829650fe49500d04b3f196
SHA256

c55f8a6df5c3c5131119c3c80455503e5a98d9a03a107de8469b0d129d523e06
SHA512

e45d5a4f9fcc09d362e53f7ecaa2b531495394c227baea39650e69960d30c627dd91b5a15656c2e03b5ba547f207ae67b317da26d5d23523de4be2765c22ed05
SSDEEP

768:IlzINdpGSd7fwxy8ZdzUmGOK6oYotZu9A9vtrUX:KGdEeTt8YDmoztrUX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6edd3cfef05a2ccf6478f697a4d71720.exe

Files

NEAS.6edd3cfef05a2ccf6478f697a4d71720.exe
.dll windows:4 windows x64

96b3d962d1abafbcbd0c3fc5dacdd197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

BitBlt
CombineRgn
CreateCompatibleDC
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExtSelectClipRgn
GetClipRgn
GetObjectA
SelectClipRgn
SelectObject
SetBkColor
SetRectRgn
StretchBlt

kernel32

DisableThreadLibraryCalls
GetModuleHandleW
GetProcAddress
GetTickCount
HeapAlloc
HeapReAlloc
QueryPerformanceCounter
QueryPerformanceFrequency

ntdll

_vsnprintf

ucrtbase

__acrt_iob_func
__stdio_common_vsprintf
_strdup
free
fwrite
getenv
memcmp
memmove
memset
strchr
strcmp
strcpy
strcspn
strlen

user32

FillRect
LoadBitmapA

Exports

Exports

cdtAnimate
cdtDraw
cdtDrawExt
cdtInit
cdtTerm

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rodata
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 4KB - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 4KB - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 4KB - Virtual size: 713B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 248KB - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

96b3d962d1abafbcbd0c3fc5dacdd197

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

kernel32

ntdll

ucrtbase

user32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1KB

.rodata Size: 4KB - Virtual size: 32B

.rdata Size: 4KB - Virtual size: 608B

.pdata Size: 4KB - Virtual size: 252B

.xdata Size: 4KB - Virtual size: 340B

.edata Size: 4KB - Virtual size: 713B

.idata Size: 4KB - Virtual size: 1KB

.rsrc Size: 248KB - Virtual size: 244KB

.reloc Size: 4KB - Virtual size: 32B

.text
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1KB

.rodata
Size: 4KB - Virtual size: 32B

.rdata
Size: 4KB - Virtual size: 608B

.pdata
Size: 4KB - Virtual size: 252B

.xdata
Size: 4KB - Virtual size: 340B

.edata
Size: 4KB - Virtual size: 713B

.idata
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 248KB - Virtual size: 244KB

.reloc
Size: 4KB - Virtual size: 32B