NEAS[.]a17047d490b99c495e83c42a3ef924f0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a17047d490b99c495e83c42a3ef924f0.exe
Size

2.6MB
MD5

a17047d490b99c495e83c42a3ef924f0
SHA1

e7bc0cb1ccc35069569d81a901cc6a0da9696957
SHA256

916bf22ade7579aa97300ed536aadf3d3f2f7238235099f2cc37bd0deb85d844
SHA512

ab06f8d585a70ab8917df893febe07538be83a2474ad54f38dfe890ace342659f56a62189300a675a88aaa3a8712ae265a8c9d3a7babe3b32f6bb3a4bff9b3b8
SSDEEP

49152:RN+3yccmqDWlE4R2WaoW2wR4rLeBuiVH2HtHUuiMbf5k:O3gGERZBIHtHUjkf5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a17047d490b99c495e83c42a3ef924f0.exe

Files

NEAS.a17047d490b99c495e83c42a3ef924f0.exe
.dll windows:4 windows x86

2559b0a0e140d4e1add657f1c25b1821

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FindClose
FindFirstFileA
FileTimeToSystemTime
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
ReadFile
InitializeCriticalSection
WriteFile
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
RaiseException
HeapDestroy
HeapCreate
VirtualFree
DeleteCriticalSection
ExitProcess
VirtualAlloc
MultiByteToWideChar
LCMapStringA
LCMapStringW
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
SetFilePointer
CreateFileA
GetStringTypeA
GetStringTypeW
GetCPInfo
RtlUnwind
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile

wsock32

ntohl
htonl

Exports

Exports

?vrInternalScanWithCause@@YAHQBEKQBD11PAJPADKH@Z
VadeRetroNotes
VrCreateSpeedupContext
VrCreateSpeedupContextWith
VrReleaseSpeedupContext
VrScanMessage
VrScanMessageWithContext
vrStandaloneScan
vrStandaloneScanWithCause

Sections

.text
Size: 468KB - Virtual size: 465KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2559b0a0e140d4e1add657f1c25b1821

Headers

File Characteristics

Imports

kernel32

wsock32

Exports

Exports

Sections

.text Size: 468KB - Virtual size: 465KB

.rdata Size: 2.0MB - Virtual size: 2.0MB

.data Size: 32KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 816B

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 468KB - Virtual size: 465KB

.rdata
Size: 2.0MB - Virtual size: 2.0MB

.data
Size: 32KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 32KB - Virtual size: 28KB