493422308b21dce6f963f0a8585eaff0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

493422308b21dce6f963f0a8585eaff0_NEAS
Size

110KB
MD5

493422308b21dce6f963f0a8585eaff0
SHA1

ebfe0686dce6c14356aa82212fc3e56269cf6ec3
SHA256

8aaa272d071529f5c971fc4d63f98cb35db8857a2e619fcb54054f21ab363c0b
SHA512

7750daa2eff6e099dbfc74d85dcf2a7931d590e6f61e6e24858e1d3f0cd67ea36a0109981f7fe2aa994cf36a363c79f801589b93f07e82d075d5f9f363deecb1
SSDEEP

3072:7ThnuhS5Ak43ppPW8N/DN25dTtVKJzUs2WQHw:79nuhSWVjPW0/DEjWQHw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
493422308b21dce6f963f0a8585eaff0_NEAS

Files

493422308b21dce6f963f0a8585eaff0_NEAS
.exe windows:4 windows x86 arch:x86

0a5e9ae1b441334b02f5e33127d3247b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

LookupAccountNameA
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetKernelObjectSecurity
GetFileSecurityA
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetLengthSid
FreeSid
AllocateAndInitializeSid
LookupAccountSidA
EqualSid

kernel32

GetLastError
HeapAlloc
ExitProcess
GetProcessHeap
HeapReAlloc
HeapFree
GetVersion
FormatMessageA
GetConsoleMode
GetSystemTime
GetSystemDirectoryA
GetWindowsDirectoryA
WriteFile
UnhandledExceptionFilter
GetCommandLineA
GetEnvironmentStrings
SetErrorMode
GetCurrentProcessId
MapViewOfFile
SetFileApisToOEM
SetFilePointer
GetFileType
CloseHandle
ReadFile
CreatePipe
UnmapViewOfFile
CreateProcessA
CreateFileMappingA
GetProcessTimes
GetExitCodeProcess
WaitForMultipleObjects
DuplicateHandle
GetCurrentProcess
GetFileInformationByHandle
CreateFileA
GetFullPathNameA
GetFileAttributesA
FindClose
FindFirstFileA
GetCurrentDirectoryA
GetStdHandle
SetStdHandle
LockFile
UnlockFile
GetTickCount
OpenProcess
SetLastError
GetProcAddress
LoadLibraryA
FileTimeToDosDateTime
SetConsoleCtrlHandler
SetEvent
FindNextFileA
GetVolumeInformationA
RtlUnwind

user32

CharToOemA
MessageBoxA

Sections

.text
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a5e9ae1b441334b02f5e33127d3247b

Headers

File Characteristics

Imports

advapi32

kernel32

user32

Sections

.text Size: 86KB - Virtual size: 85KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 63KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1024B - Virtual size: 736B

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 86KB - Virtual size: 85KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 63KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 736B

.reloc
Size: 6KB - Virtual size: 5KB