NEAS[.]c7e07b1b7599ce4dccc8590c09e6e5d0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.c7e07b1b7599ce4dccc8590c09e6e5d0.exe
Size

211KB
MD5

c7e07b1b7599ce4dccc8590c09e6e5d0
SHA1

d6579000f0f38dad633ecd41d2c2939d78859055
SHA256

af39af947eea4da64941f3be346320e9a2627435b7a0087f90e3a6308596962a
SHA512

fff8eb0d6ebd9b2c4f367c96ac3e779077b95c7e5b727b19d41a60b902ab6fb8490c1431527c0f72bf0c9df1640271777f3995621fbe57c2b66cc079af7274c9
SSDEEP

1536:EaK6dZoniYGTjPxSQWKbLr+1SXRTKkCxx1iPRQhNBITCykXikj3M1bVkybn/oD5q:Ea1IqXPgCrfTKkwiZU7EkXikj+V

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c7e07b1b7599ce4dccc8590c09e6e5d0.exe

Files

NEAS.c7e07b1b7599ce4dccc8590c09e6e5d0.exe
.exe windows:6 windows x64

b5bb058097274d9c92eeefbf8862845a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

tesseract400

?SetPageSegMode@TessBaseAPI@tesseract@@QEAAXW4PageSegMode@2@@Z
?ReadConfigFile@TessBaseAPI@tesseract@@QEAAXPEBD@Z
?SetImage@TessBaseAPI@tesseract@@QEAAXPEAUPix@@@Z
?Init@TessBaseAPI@tesseract@@QEAAHPEBD0W4OcrEngineMode@2@PEAPEADHPEBV?$GenericVector@VSTRING@@@@3_N@Z
?Clear@TessBaseAPI@tesseract@@QEAAXXZ
?End@TessBaseAPI@tesseract@@QEAAXXZ
?SetVariable@TessBaseAPI@tesseract@@QEAA_NPEBD0@Z
?GetUTF8Text@TessBaseAPI@tesseract@@QEAAPEADXZ
??0TessBaseAPI@tesseract@@QEAA@XZ

pvt.cppan.demo.danbloomberg.leptonica-1.74.4

pixClearInRect
pixDestroy
pixWriteImpliedFormat
pixUnsharpMaskingGray
pixClone
pixAddBlackOrWhiteBorder
pixInvert
pixClipToForeground
pixAverageOnLine
pixSelectBySize
pixConvertRGBToGray
pixConvertTo8
pixConvert24To32
pixRead
pixReadMem
pixScaleGrayLI
pixOtsuAdaptiveThreshold
pixFindSkewAndDeskew
pixGetPixel

qt5gui

?save@QImage@@QEBA_NPEAVQIODevice@@PEBDH@Z
?grabWindow@QScreen@@QEAA?AVQPixmap@@_KHHHH@Z
?toImage@QPixmap@@QEBA?AVQImage@@XZ
??1QPixmap@@UEAA@XZ
??0QImage@@QEAA@XZ
?primaryScreen@QGuiApplication@@SAPEAVQScreen@@XZ
?save@QImage@@QEBA_NAEBVQString@@PEBDH@Z
?height@QImage@@QEBAHXZ
?width@QImage@@QEBAHXZ
??1QImage@@UEAA@XZ
?clipboard@QGuiApplication@@SAPEAVQClipboard@@XZ
?setText@QClipboard@@QEAAXAEBVQString@@W4Mode@1@@Z
??1QGuiApplication@@UEAA@XZ
??0QGuiApplication@@QEAA@AEAHPEAPEADH@Z

qt5core

?applicationDirPath@QCoreApplication@@SA?AVQString@@XZ
?nextNode@QMapNodeBase@@QEBAPEBU1@XZ
?freeNodeAndRebalance@QMapDataBase@@QEAAXPEAUQMapNodeBase@@@Z
?recalcMostLeftNode@QMapDataBase@@QEAAXXZ
?createNode@QMapDataBase@@QEAAPEAUQMapNodeBase@@HHPEAU2@_N@Z
?freeTree@QMapDataBase@@QEAAXPEAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPEAU1@XZ
?freeData@QMapDataBase@@SAXPEAU1@@Z
??1QDebug@@QEAA@XZ
??6QDebug@@QEAAAEAV0@PEBD@Z
??6QDebug@@QEAAAEAV0@AEBVQString@@@Z
??0QDir@@QEAA@AEBVQString@@@Z
??1QDir@@QEAA@XZ
?entryList@QDir@@QEBA?AVQStringList@@AEBV2@V?$QFlags@W4Filter@QDir@@@@V?$QFlags@W4SortFlag@QDir@@@@@Z
?separator@QDir@@SA?AVQChar@@XZ
??0QMutex@@QEAA@W4RecursionMode@0@@Z
?readLine@QTextStream@@QEAA?AVQString@@_J@Z
?toString@QDateTime@@QEBA?AVQString@@AEBV2@@Z
?shared_null@QMapDataBase@@2U1@B
?unlock@QMutex@@QEAAXXZ
?lock@QMutex@@QEAAXXZ
?QStringList_contains@QtPrivate@@YA_NPEBVQStringList@@AEBVQString@@W4CaseSensitivity@Qt@@@Z
?QStringList_sort@QtPrivate@@YAXPEAVQStringList@@W4CaseSensitivity@Qt@@@Z
?realloc@QListData@@QEAAXH@Z
??M@YA_NAEBVQString@@0@Z
??8@YA_NAEBVQString@@0@Z
??YQString@@QEAAAEAV0@VQChar@@@Z
?debug@QMessageLogger@@QEBA?AVQDebug@@XZ
??0QMessageLogger@@QEAA@PEBDH0@Z
?open@QBuffer@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QBuffer@@UEAA@XZ
??0QBuffer@@QEAA@PEAVQByteArray@@PEAVQObject@@@Z
?data@QByteArray@@QEAAPEADXZ
??1QRegularExpression@@QEAA@XZ
??0QRegularExpression@@QEAA@AEBVQString@@V?$QFlags@W4PatternOption@QRegularExpression@@@@@Z
??1QString@@QEAA@XZ
?fromAscii_helper@QString@@CAPEAU?$QTypedArrayData@G@@PEBDH@Z
?setOrganizationDomain@QCoreApplication@@SAXAEBVQString@@@Z
?setOrganizationName@QCoreApplication@@SAXAEBVQString@@@Z
?setApplicationName@QCoreApplication@@SAXAEBVQString@@@Z
?setApplicationVersion@QCoreApplication@@SAXAEBVQString@@@Z
?detach@QListData@@QEAAPEAUData@1@H@Z
?detach_grow@QListData@@QEAAPEAUData@1@PEAHH@Z
?dispose@QListData@@SAXPEAUData@1@@Z
?append@QListData@@QEAAPEAPEAXXZ
?size@QListData@@QEBAHXZ
?isEmpty@QListData@@QEBA_NXZ
?at@QListData@@QEBAPEAPEAXH@Z
?begin@QListData@@QEBAPEAPEAXXZ
?end@QListData@@QEBAPEAPEAXXZ
?shared_null@QListData@@2UData@1@B
??0QByteArray@@QEAA@XZ
??1QByteArray@@QEAA@XZ
??0QString@@QEAA@AEBV0@@Z
?constData@QByteArray@@QEBAPEBDXZ
??0QString@@QEAA@XZ
??4QString@@QEAAAEAV0@AEBV0@@Z
??0QString@@QEAA@$$QEAV0@@Z
??4QString@@QEAAAEAV0@$$QEAV0@@Z
?trimmed@QString@@QEGBA?AV1@XZ
?trimmed@QString@@QEHAA?AV1@XZ
?append@QString@@QEAAAEAV1@AEBV1@@Z
?split@QString@@QEBA?AVQStringList@@AEBV1@W4SplitBehavior@1@W4CaseSensitivity@Qt@@@Z
?toLocal8Bit@QString@@QEGBA?AVQByteArray@@XZ
?fromUtf8@QString@@SA?AV1@PEBDH@Z
?toInt@QString@@QEBAHPEA_NH@Z
?toDouble@QString@@QEBANPEA_N@Z
?arguments@QCoreApplication@@SA?AVQStringList@@XZ
??0QCommandLineOption@@QEAA@AEBVQString@@000@Z
??0QCommandLineOption@@QEAA@AEBVQStringList@@AEBVQString@@11@Z
??1QCommandLineOption@@QEAA@XZ
??0QCommandLineParser@@QEAA@XZ
??1QCommandLineParser@@QEAA@XZ
?addOption@QCommandLineParser@@QEAA_NAEBVQCommandLineOption@@@Z
?addVersionOption@QCommandLineParser@@QEAA?AVQCommandLineOption@@XZ
?addHelpOption@QCommandLineParser@@QEAA?AVQCommandLineOption@@XZ
?setApplicationDescription@QCommandLineParser@@QEAAXAEBVQString@@@Z
?process@QCommandLineParser@@QEAAXAEBVQCoreApplication@@@Z
?isSet@QCommandLineParser@@QEBA_NAEBVQCommandLineOption@@@Z
?value@QCommandLineParser@@QEBA?AVQString@@AEBVQCommandLineOption@@@Z
?values@QCommandLineParser@@QEBA?AVQStringList@@AEBVQCommandLineOption@@@Z
?showHelp@QCommandLineParser@@QEAAXH@Z
?isOpen@QIODevice@@QEBA_NXZ
??0QTextStream@@QEAA@PEAVQIODevice@@@Z
??0QTextStream@@QEAA@PEAU_iobuf@@V?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??1QTextStream@@UEAA@XZ
?setCodec@QTextStream@@QEAAXPEBD@Z
?atEnd@QTextStream@@QEBA_NXZ
?flush@QTextStream@@QEAAXXZ
?replace@QString@@QEAAAEAV1@AEBVQRegularExpression@@AEBV1@@Z
??6QTextStream@@QEAAAEAV0@AEBVQString@@@Z
??6QTextStream@@QEAAAEAV0@PEBD@Z
?endl@@YAAEAVQTextStream@@AEAV1@@Z
?close@QFileDevice@@UEAAXXZ
??0QFile@@QEAA@XZ
??0QFile@@QEAA@AEBVQString@@@Z
??1QFile@@UEAA@XZ
?setFileName@QFile@@QEAAXAEBVQString@@@Z
?exists@QFile@@SA_NAEBVQString@@@Z
?open@QFile@@UEAA_NV?$QFlags@W4OpenModeFlag@QIODevice@@@@@Z
??0QRect@@QEAA@XZ
?setCoords@QRect@@QEAAXHHHH@Z
??0QDateTime@@QEAA@XZ
??0QDateTime@@QEAA@AEBV0@@Z
??1QDateTime@@QEAA@XZ
??4QDateTime@@QEAAAEAV0@$$QEAV0@@Z
?currentDateTime@QDateTime@@SA?AV1@XZ
??8QString@@QEBA_NPEBD@Z
?replace@QString@@QEAAAEAV1@AEBV1@0W4CaseSensitivity@Qt@@@Z
?x@QRect@@QEBAHXZ
?y@QRect@@QEBAHXZ
?width@QRect@@QEBAHXZ
?height@QRect@@QEBAHXZ
??1QMutex@@QEAA@XZ

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext

vcruntime140

__std_terminate
_CxxThrowException
__CxxFrameHandler3
memcpy
__C_specific_handler
__std_exception_copy
__std_exception_destroy
memset

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__acrt_iob_func
__p__commode

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

__p___argc
_exit
_c_exit
_initterm_e
_initterm
_get_initial_narrow_environment
exit
__p___argv
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
terminate
_register_thread_local_exe_atexit_callback

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

��
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b5bb058097274d9c92eeefbf8862845a

Headers

DLL Characteristics

File Characteristics

Imports

tesseract400

pvt.cppan.demo.danbloomberg.leptonica-1.74.4

qt5gui

qt5core

kernel32

vcruntime140

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 61KB - Virtual size: 60KB

.rdata Size: 41KB - Virtual size: 40KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 2KB - Virtual size: 2KB

.gfids Size: 512B - Virtual size: 56B

.rsrc Size: 98KB - Virtual size: 98KB

�� Size: 512B - Virtual size: 80B

.text
Size: 61KB - Virtual size: 60KB

.rdata
Size: 41KB - Virtual size: 40KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 2KB

.gfids
Size: 512B - Virtual size: 56B

.rsrc
Size: 98KB - Virtual size: 98KB

��
Size: 512B - Virtual size: 80B