NEAS[.]4d86dece0611e5f350a9713b276e17a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4d86dece0611e5f350a9713b276e17a0.exe
Size

3.1MB
MD5

4d86dece0611e5f350a9713b276e17a0
SHA1

7f7818570e092b32b5ee01f23307bf0628d3f852
SHA256

018579fcbf5f39df9571bf20f914ec921efd8038f8f99f7951577bd6b43b2f9d
SHA512

e05e6ab961549a6ce31f735e0f1c3fc5c1ff038500517d560f6d9575175c99e4bc67867d99ae833fa7804e0fe3eb3aa8ba42be626cbef1ecb15baa3934a2bb3c
SSDEEP

24576:rv00uA3wn6iSnogUqpN6k1hbx2ELmx5nd0z6hsdT8hbz41g:b00uAxiSogUmNVZ2E+n4LdT8hbz4q

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4d86dece0611e5f350a9713b276e17a0.exe

Files

NEAS.4d86dece0611e5f350a9713b276e17a0.exe
.exe windows:5 windows x86

28cac29e1358f8847594b6291d1b5c5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

d3dx9_43

D3DXGetImageInfoFromFileA
D3DXCreateFontIndirectA
D3DXCreateSprite
D3DXCreateLine
D3DXMatrixMultiply
D3DXMatrixRotationY
D3DXMatrixRotationX
D3DXMatrixRotationZ
D3DXMatrixTranslation
D3DXMatrixLookAtLH
D3DXMatrixRotationAxis
D3DXVec3TransformNormal
D3DXVec3Normalize
D3DXMatrixPerspectiveFovLH
D3DXCreateTextureFromFileA
D3DXCreateTextureFromFileExA

kernel32

FormatMessageA
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
SetEnvironmentVariableA
CompareStringW
CreateFileA
SetStdHandle
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoA
GetStringTypeW
GetTickCount
GetCommandLineA
OutputDebugStringA
GetSystemTimeAsFileTime
CloseHandle
GetCurrentThreadId
WaitForSingleObjectEx
CreateEventA
SetEvent
HeapAlloc
GetProcessHeap
HeapFree
Sleep
SetFilePointer
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
QueryPerformanceCounter
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
HeapQueryInformation
HeapSize
HeapReAlloc
GetModuleFileNameA
GetTimeZoneInformation
FreeLibrary
VirtualQuery
GetLocaleInfoW
SetHandleCount
SetConsoleCtrlHandler
ExitProcess
OutputDebugStringW
WriteFile
IsProcessorFeaturePresent
FatalAppExitA
InitializeCriticalSectionAndSpinCount
ExitThread
GetDateFormatA
GetTimeFormatA
GetCurrentThread
SetLastError
GetModuleHandleW
GetCPInfo
LCMapStringW
GetStartupInfoW
HeapSetInformation
IsBadReadPtr
HeapValidate
LoadLibraryW
lstrlenA
GetStdHandle
GetFileType
WriteConsoleW
RaiseException
GetModuleFileNameW
IsDebuggerPresent
CreateThread
Beep
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
InterlockedCompareExchange
GetCurrentProcessId
CreateSemaphoreA
ReleaseSemaphore
WaitForMultipleObjectsEx
GetProcAddress
GetModuleHandleA
DuplicateHandle
GetCurrentProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetNumberOfConsoleInputEvents
LocalFree
RemoveDirectoryW
DeleteFileW
GetLastError
CreateFileW
DeviceIoControl
GetFileAttributesW
SetEndOfFile
SetFilePointerEx
CreateDirectoryExW
CopyFileW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
SetFileAttributesW
MoveFileExW
GetDiskFreeSpaceExW
GetWindowsDirectoryW
GetEnvironmentVariableW
GetFullPathNameW
FindFirstFileW
FindNextFileW
FindClose
AreFileApisANSI
ResetEvent
OpenEventA
ResumeThread
GetSystemInfo
GetLogicalProcessorInformation
SystemTimeToFileTime
CreateWaitableTimerA
SetWaitableTimer
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

DialogBoxParamA
ToUnicode
PostQuitMessage
MapVirtualKeyA
GetKeyboardState
DispatchMessageA
TranslateMessage
TranslateAcceleratorA
PeekMessageA
MessageBoxA
LoadAcceleratorsA
EndPaint
BeginPaint
DefWindowProcA
DestroyWindow
RegisterClassExA
LoadCursorA
LoadIconA
GetWindowRect
SetWindowTextA
wvsprintfA
EndDialog
CreateWindowExA
ShowWindow
UpdateWindow
LoadStringA
InvalidateRect

winmm

mciSendStringA

ws2_32

closesocket
bind
htons
WSACleanup
socket
inet_ntoa
WSAStartup
inet_addr
sendto
ntohs
recvfrom
WSAGetLastError

Sections

.textbss
Size: - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 39KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28cac29e1358f8847594b6291d1b5c5d

Headers

DLL Characteristics

File Characteristics

Imports

d3d9

d3dx9_43

kernel32

user32

winmm

ws2_32

Sections

.textbss Size: - Virtual size: 1.2MB

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 439KB - Virtual size: 439KB

.data Size: 39KB - Virtual size: 57KB

.idata Size: 7KB - Virtual size: 6KB

.tls Size: 1024B - Virtual size: 514B

.rsrc Size: 58KB - Virtual size: 58KB

.reloc Size: 96KB - Virtual size: 95KB

.textbss
Size: - Virtual size: 1.2MB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 439KB - Virtual size: 439KB

.data
Size: 39KB - Virtual size: 57KB

.idata
Size: 7KB - Virtual size: 6KB

.tls
Size: 1024B - Virtual size: 514B

.rsrc
Size: 58KB - Virtual size: 58KB

.reloc
Size: 96KB - Virtual size: 95KB