NEAS[.]822ea88ac7406082461da38c0efee460[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.822ea88ac7406082461da38c0efee460.exe
Size

232KB
MD5

822ea88ac7406082461da38c0efee460
SHA1

44441402dedea73a2e7fc06271b24b2a7177f3b4
SHA256

8229a48ca55786bcca5285848455f6106434d4ec3e6998e6023cddda02ca79e6
SHA512

45e41505c29a88d9451ffa5d9f0c6ecc7823d2e76d063770bc64336dd0f90e50c1f4feb7a21cda2b1f941986f3ea06542595b0b1dec7f0e6ad320e19c5f3d3c1
SSDEEP

6144:KG8XBPqyPpL/HpxpkB3Hv92JtgFX7zhsqfIIhV9SewH:KlpL/HpxpkB3Hv92JtgFXDzVhU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.822ea88ac7406082461da38c0efee460.exe

Files

NEAS.822ea88ac7406082461da38c0efee460.exe
.dll windows:4 windows x86 arch:x86

964d79426291a4628122c6da2e2d90cb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
QueryPerformanceCounter
GetTickCount
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetCurrentThreadId
SetConsoleMode
TerminateThread
Sleep
GetSystemTime
CreateEventA
WaitForMultipleObjects
DisableThreadLibraryCalls
MulDiv
SetEndOfFile
GetOEMCP
GetWindowsDirectoryA
GetSystemTimeAdjustment
FindFirstFileA
FindNextFileA
FindClose
GetModuleHandleA
CreateThread
GetProcAddress
GetACP
GetCPInfo
LoadLibraryA
SetStdHandle
LCMapStringW
LCMapStringA
SetFilePointer
CreateFileA
GetEnvironmentStringsW
GetEnvironmentStrings
WideCharToMultiByte
FreeEnvironmentStringsW
FreeEnvironmentStringsA
ReadFile
WriteFile
FlushFileBuffers
TerminateProcess
GetStartupInfoA
GetFileType
GetStdHandle
HeapAlloc
HeapReAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersion
InitializeCriticalSection
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
DeleteCriticalSection
ExitProcess
RtlUnwind
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
InterlockedDecrement
InterlockedIncrement
SetHandleCount

user32

MessageBoxA
FindWindowA
SendMessageA
ReleaseDC
GetDC

gdi32

GetDeviceCaps

advapi32

RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegCreateKeyA

ws2_32

inet_ntoa
inet_addr
gethostbyname
ntohl
closesocket
htonl
ntohs
WSAStartup
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
connect
bind
htons
setsockopt
socket
listen
send
accept
ioctlsocket
getservbyname
recv

Exports

Exports

SshDisconnect
SshForwardConnect

Sections

.text
Size: 164KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

964d79426291a4628122c6da2e2d90cb

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 164KB - Virtual size: 161KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 24KB - Virtual size: 86KB

.reloc Size: 16KB - Virtual size: 13KB

.text
Size: 164KB - Virtual size: 161KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 24KB - Virtual size: 86KB

.reloc
Size: 16KB - Virtual size: 13KB