NEAS[.]4f1f60bd993b4cbc6c146c2337f3b530[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4f1f60bd993b4cbc6c146c2337f3b530.exe
Size

351KB
MD5

4f1f60bd993b4cbc6c146c2337f3b530
SHA1

50036446b3f4f5c887b197ed7c027d2497f5080d
SHA256

eb6bffacf9b2138a363d2f59c1c9d2c32968f3a8247123733569cc0e14a7277e
SHA512

72ec1e09948c7068b308f10075a20fdc2cb01e9460262c1104cec2eddd8c09e7f7468b0b4f30c090dbb07e64e113d68b094e85ed06f0d519747413fdb8bd7c7b
SSDEEP

6144:mkiLnAu/uf6aCpVkk8MOKVw0u6PBeBeohvb:di8SEfofQ0uqMBeC

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4f1f60bd993b4cbc6c146c2337f3b530.exe

Files

NEAS.4f1f60bd993b4cbc6c146c2337f3b530.exe
.dll windows:5 windows x86 arch:x86

c3cf501b96acd14d4b4d65971bb8fce7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qtcore4

?changeGuard@QMetaObject@@SAXPAPAVQObject@@PAV2@@Z
?removeGuard@QMetaObject@@SAXPAPAVQObject@@@Z
??1QTextCodecPlugin@@UAE@XZ
?create@QTextCodecPlugin@@EAEPAVQTextCodec@@ABVQString@@@Z
?keys@QTextCodecPlugin@@EBE?AVQStringList@@XZ
?disconnectNotify@QObject@@MAEXPBD@Z
?connectNotify@QObject@@MAEXPBD@Z
?append@QString@@QAEAAV1@VQChar@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
?qt_metacall@QTextCodecPlugin@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QTextCodecPlugin@@UAEPAXPBD@Z
?metaObject@QTextCodecPlugin@@UBEPBUQMetaObject@@XZ
??0QTextCodecPlugin@@QAE@PAVQObject@@@Z
?qgetenv@@YA?AVQByteArray@@PBD@Z
?isNull@QByteArray@@QBE_NXZ
?qstricmp@@YAHPBD0@Z
?indexOf@QByteArray@@QBEHDH@Z
?mid@QByteArray@@QBE?AV1@HH@Z
?trimmed@QByteArray@@QBE?AV1@XZ
??4QByteArray@@QAEAAV0@ABV0@@Z
?append@QListData@@QAEPAPAXXZ
?detach@QListData@@QAEPAUData@1@H@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?append@QByteArray@@QAEAAV1@PBD@Z
?append@QByteArray@@QAEAAV1@D@Z
?shared_null@QString@@0UData@1@A
??YQString@@QAEAAV0@VQChar@@@Z
??0QChar@@QAE@UQLatin1Char@@@Z
??1QString@@QAE@XZ
?shared_null@QByteArray@@0UData@1@A
?resize@QByteArray@@QAEXH@Z
?detach@QByteArray@@QAEXXZ
??1QByteArray@@QAE@XZ
?qFree@@YAXPAX@Z
?shared_null@QListData@@2UData@1@A
??0QByteArray@@QAE@PBD@Z
??0QTextCodec@@IAE@XZ
?append2@QListData@@QAEPAPAXABU1@@Z
??1QTextCodec@@MAE@XZ

msvcr90

memcpy
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
free
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
??2@YAPAXI@Z
strchr
_CxxThrowException
??3@YAXPAX@Z
__CxxFrameHandler3
__clean_type_info_names_internal

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

Exports

Exports

qt_plugin_instance
qt_plugin_query_verification_data

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 187KB - Virtual size: 188KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c3cf501b96acd14d4b4d65971bb8fce7

Headers

File Characteristics

Imports

qtcore4

msvcr90

kernel32

Exports

Exports

Sections

.text Size: 17KB - Virtual size: 17KB

.rdata Size: 140KB - Virtual size: 139KB

.data Size: 1024B - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text Size: 187KB - Virtual size: 188KB

.text
Size: 17KB - Virtual size: 17KB

.rdata
Size: 140KB - Virtual size: 139KB

.data
Size: 1024B - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

.text
Size: 187KB - Virtual size: 188KB