NEAS[.]0888e9cec12790fe9ab2a8998b0bf870[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0888e9cec12790fe9ab2a8998b0bf870.exe
Size

9.6MB
MD5

0888e9cec12790fe9ab2a8998b0bf870
SHA1

23d96eff8cd376e47d6526befa7a3faed5d322d9
SHA256

c2858208a03a868bfdaf614d7e8e016f27262c1149cee76b85f262ca8665ab58
SHA512

af1545ba4ebfbeb956182f79659be9bb391a300cf08256f43622dbe6cf5907cf49af5ef78a530ea3eaca3e28cbec36ba7d64ccdddacaeb1d0bedabdb5ed5cfe9
SSDEEP

196608:vOwiguxbFyZohgns6DALbhb3ZuKOwKrV0IJ6q6GEPmOYfg+PnOQk0:GwiguxpyZWuCLdLMKOwK92fQfg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0888e9cec12790fe9ab2a8998b0bf870.exe

Files

NEAS.0888e9cec12790fe9ab2a8998b0bf870.exe
.dll windows:5 windows x86 arch:x86

de2543f498b9b9d1f4116ee97a5a31dc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetVersion
GetVersionExW
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

winspool.drv

DocumentPropertiesW

comctl32

ImageList_GetImageInfo

shell32

Shell_NotifyIconW

ole32

IsEqualGUID

version

GetFileVersionInfoSizeW

user32

CopyImage

oleaut32

GetErrorInfo

netapi32

NetWkstaGetInfo

advapi32

RegSetValueExW

gdi32

Pie

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
hhalrzsrxkpv

Sections

Ko9I^[DU
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

-B_)-ck*
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

;5bG);yf
Size: - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7_,fhqD*
Size: - Virtual size: 29KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

v1`BDCH8
Size: - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/o^Jcd_r
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

^o&v.XFf
Size: - Virtual size: 177B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

g&2nEE1h
Size: - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

aML1i$Vr
Size: - Virtual size: 4.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

@O.VFB0L
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

tE2U@,=<
Size: 9.5MB - Virtual size: 9.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

zbDA8YH:
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

de2543f498b9b9d1f4116ee97a5a31dc

Headers

File Characteristics

Imports

kernel32

winspool.drv

comctl32

shell32

ole32

version

user32

oleaut32

netapi32

advapi32

gdi32

Exports

Exports

Sections

Ko9I^[DU Size: - Virtual size: 3.0MB

-B_)-ck* Size: - Virtual size: 13KB

;5bG);yf Size: - Virtual size: 65KB

7_,fhqD* Size: - Virtual size: 29KB

v1`BDCH8 Size: - Virtual size: 13KB

/o^Jcd_r Size: - Virtual size: 2KB

^o&v.XFf Size: - Virtual size: 177B

g&2nEE1h Size: - Virtual size: 69B

aML1i$Vr Size: - Virtual size: 4.8MB

@O.VFB0L Size: 3KB - Virtual size: 2KB

tE2U@,=< Size: 9.5MB - Virtual size: 9.5MB

zbDA8YH: Size: 2KB - Virtual size: 1KB

Ko9I^[DU
Size: - Virtual size: 3.0MB

-B_)-ck*
Size: - Virtual size: 13KB

;5bG);yf
Size: - Virtual size: 65KB

7_,fhqD*
Size: - Virtual size: 29KB

v1`BDCH8
Size: - Virtual size: 13KB

/o^Jcd_r
Size: - Virtual size: 2KB

^o&v.XFf
Size: - Virtual size: 177B

g&2nEE1h
Size: - Virtual size: 69B

aML1i$Vr
Size: - Virtual size: 4.8MB

@O.VFB0L
Size: 3KB - Virtual size: 2KB

tE2U@,=<
Size: 9.5MB - Virtual size: 9.5MB

zbDA8YH:
Size: 2KB - Virtual size: 1KB