NEAS[.]35f70a435b50ef41834e072469952140[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.35f70a435b50ef41834e072469952140.exe
Size

340KB
MD5

35f70a435b50ef41834e072469952140
SHA1

e0a34110744535710700057a031e4367eeb6fabd
SHA256

6dde07342c71871651a03c902284c61b835e13c1f996894e0fcc2d883270520f
SHA512

79f179b58717832e42008eaa7d2228e1d04d82fb77117021e2afdaa9f93056b26af931d43c2bc8b2972d51c701082ab814f35518a278480d357d4eabbe41d798
SSDEEP

3072:mzuyvjC2xZwfebushoVYM8oH88cX7Yh6WAg0FuQftf:OuyvjC2tVoV/cLSBAOQB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.35f70a435b50ef41834e072469952140.exe

Files

NEAS.35f70a435b50ef41834e072469952140.exe
.exe windows:4 windows x86 arch:x86

892ab071d157984aa64c16f4e5bf1b3c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

QueryPerformanceFrequency
QueryPerformanceCounter
Sleep
CompareStringW
CompareStringA
ReadFile
SetEndOfFile
HeapSize
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
FlushFileBuffers
LoadLibraryA
InitializeCriticalSection
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetCurrentProcessId
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
GetTimeFormatA
GetDateFormatA
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
HeapFree
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetStdHandle
WriteFile
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
CloseHandle
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetModuleFileNameA
SetEnvironmentVariableA

winmm

waveInPrepareHeader
waveOutWrite
waveInStart
waveInClose
waveOutPrepareHeader
waveOutGetNumDevs
waveInGetDevCapsA
waveOutOpen
waveOutClose
waveInUnprepareHeader
waveOutUnprepareHeader
waveOutGetDevCapsA
waveInGetNumDevs
waveInAddBuffer
waveInOpen

ws2_32

listen
WSAStartup
socket
bind
recv
setsockopt
ioctlsocket
send
accept
htons
WSAGetLastError
closesocket
__WSAFDIsSet
select

Sections

.text
Size: 144KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 108KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

892ab071d157984aa64c16f4e5bf1b3c

Headers

File Characteristics

Imports

kernel32

winmm

ws2_32

Sections

.text Size: 144KB - Virtual size: 141KB

.rdata Size: 80KB - Virtual size: 78KB

.data Size: 108KB - Virtual size: 263KB

.rsrc Size: 4KB - Virtual size: 176B

.text
Size: 144KB - Virtual size: 141KB

.rdata
Size: 80KB - Virtual size: 78KB

.data
Size: 108KB - Virtual size: 263KB

.rsrc
Size: 4KB - Virtual size: 176B