NEAS[.]4ba8b01f3d42e1201db93ad7951286c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4ba8b01f3d42e1201db93ad7951286c0.exe
Size

366KB
MD5

4ba8b01f3d42e1201db93ad7951286c0
SHA1

bad4a90764b00f58923896f87ad20f0de8bb8ea2
SHA256

23d818b75482e0d1f55f6ee5c167863cde9c8c828cf95a448afe8c90b2f336dd
SHA512

ad17dc176cc65896031fc687fed75093a67846b9854bc70a195f309146682431fca5d4a28b077d6c68bc72d50e98889cddc273903c0b5b25f384f60e925bfc5d
SSDEEP

6144:y4y4t0gfMqRRnq/Tj4/vf14LtkzpjVJ60uNA/TFmUmRKnY7F3NjEFov:by4igfMkq/fg14LypjHjNmFKs3OW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4ba8b01f3d42e1201db93ad7951286c0.exe

Files

NEAS.4ba8b01f3d42e1201db93ad7951286c0.exe
.exe windows:4 windows x86

64fb51e23cfef1d3d0a582916a16221d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

wininet

InternetCanonicalizeUrlW

mfc71

ord3948
ord5226
ord5224
ord2931
ord1920
ord3832
ord5382
ord6219
ord5102
ord1010
ord3806
ord5583
ord2018
ord2063
ord4326
ord6276
ord3801
ord6278
ord4014
ord4038
ord907
ord782
ord1955
ord4100
ord2094
ord3244
ord1283
ord6144
ord4104
ord1308
ord2176
ord262
ord2321
ord1486
ord911
ord4394
ord3489
ord1161
ord2164
ord501
ord709
ord3989
ord2468
ord5403
ord4320
ord1185
ord3997
ord4081
ord2272
ord1482
ord6138
ord3466
ord3648
ord4799
ord4445
ord395
ord635
ord4299
ord4013
ord4342
ord5165
ord4265
ord4277
ord1306
ord2173
ord5205
ord5148
ord3945
ord1557
ord4019
ord2424
ord2425
ord2992
ord5356
ord943
ord4904
ord2939
ord4135
ord4309
ord5012
ord5009
ord2615
ord1913
ord2246
ord587
ord3605
ord6065
ord2566
ord1166
ord1726
ord497
ord4568
ord328
ord588
ord486
ord3060
ord927
ord6002
ord6188
ord3085
ord5894
ord3596
ord6008
ord658
ord559
ord747
ord3174
ord3204
ord1571
ord3875
ord5869
ord5871
ord2873
ord3879
ord3651
ord3350
ord5731
ord3287
ord5640
ord5641
ord4648
ord3795
ord3230
ord4238
ord1641
ord531
ord723
ord1003
ord5481
ord300
ord783
ord2403
ord2415
ord2392
ord2396
ord2398
ord2400
ord2390
ord5233
ord5235
ord776
ord577
ord293
ord283
ord3996
ord4106
ord4084
ord2270
ord774
ord282
ord1488
ord2932
ord2320
ord6165
ord287
ord280
ord5402
ord2466
ord2450
ord2130
ord1230
ord1481
ord6169
ord6175
ord5489
ord1485
ord903
ord900
ord6170
ord5528
ord2269
ord6171
ord6177
ord4107
ord777
ord4080
ord1466
ord1614
ord261
ord898
ord5230
ord5213
ord5566
ord2838
ord4481
ord3333
ord5182
ord4212
ord4735
ord4890
ord1671
ord1670
ord1551
ord5912
ord1401
ord5203
ord4262
ord3182
ord807
ord496
ord1289
ord2131
ord1976
ord1203
ord4580
ord266
ord265
ord2020
ord3641
ord1892
ord605
ord354
ord2248
ord2367
ord5975
ord1054
ord1122
ord1126
ord3830
ord1101
ord757
ord566
ord3683
ord4035
ord1187
ord1191
ord1645
ord2654
ord5642
ord589
ord330
ord2368
ord3889
ord3888
ord3762
ord1389
ord3357
ord3401
ord1063
ord2252
ord2253
ord2250
ord314
ord3633
ord5991
ord4353
ord6223
ord784
ord304
ord730
ord3563
ord762
ord2322
ord3337
ord4244
ord3684
ord4125
ord6090
ord5833
ord3423
ord3952
ord1160
ord1071
ord760
ord572
ord2933
ord1489
ord299
ord4232
ord1964
ord2714
ord3164
ord5915
ord1620
ord1617
ord3946
ord1402
ord5152
ord1908
ord5073
ord6275
ord4185
ord5214
ord3403
ord4722
ord4282
ord1600
ord5960
ord923
ord928
ord932
ord930
ord934
ord2410
ord2394
ord2413
ord2408
ord2385
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord6277
ord3345
ord4967
ord1362
ord5175
ord1656
ord1655
ord1599
ord5200
ord2537
ord2731
ord2835
ord4307
ord2862
ord2540
ord2646
ord2533
ord3718
ord3719
ord3709
ord2644
ord3949
ord4486
ord4261
ord3255
ord1580
ord5331
ord6297
ord5320
ord6286
ord2346
ord297
ord781
ord310
ord326
ord1280
ord3163
ord3210
ord1934
ord1425
ord3761
ord5613
ord1903
ord1091
ord2372
ord1084
ord1545
ord578
ord764
ord1207

msvcr71

_onexit
?terminate@@YAXXZ
_c_exit
_exit
_XcptFilter
_ismbblead
_cexit
exit
_acmdln
_amsg_exit
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__dllonexit
??1type_info@@UAE@XZ
__CxxFrameHandler
memset
_except_handler3
_mbschr
_ismbcdigit
_mbsnbicmp
qsort
_wcsdup
_CxxThrowException
iswupper
swscanf
iswcntrl
iswspace
wcsncmp
_mbscmp
realloc
towupper
_wcsnicmp
wcsncat
wcstol
_purecall
wcsncpy
sscanf
atoi
_localtime64
strftime
_time64
_mktime64
_wtoi
_mbsstr
wcscat
strtoul
strncpy
strstr
wcslen
sprintf
wcscpy
??0exception@@QAE@ABV0@@Z
wcscmp
wcschr
wcsstr
free
malloc
_wcsicmp
??0exception@@QAE@XZ
??1exception@@UAE@XZ
_mbsicmp
__p__fmode
__set_app_type
__security_error_handler
_controlfp
_strdup
_setmbcp
memmove

kernel32

CreateProcessA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
DuplicateHandle
CreateMutexA
CreateEventA
MapViewOfFile
ExitProcess
SetUnhandledExceptionFilter
LoadLibraryA
lstrcpynA
LockResource
LoadResource
FindResourceA
MulDiv
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcess
OutputDebugStringA
FlushFileBuffers
WriteFile
GetStdHandle
GlobalSize
Sleep
InterlockedDecrement
InterlockedIncrement
FindNextFileW
WideCharToMultiByte
CloseHandle
WaitForSingleObject
GlobalFree
ReleaseMutex
OpenProcess
GetLastError
CreateFileMappingA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenW
lstrlenA
MultiByteToWideChar
GetProcAddress
FreeLibrary
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetModuleFileNameW
GetSystemDirectoryA
GetSystemDirectoryW
GetPrivateProfileStringA
GetPrivateProfileStringW
CreateProcessW
GetStartupInfoA
QueryPerformanceCounter
SetEvent
UnmapViewOfFile
InitializeCriticalSection
RaiseException
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
IsBadWritePtr
lstrcmpA
CreateFileA
LoadLibraryExA
LoadLibraryExW
CreateFileW
LocalFree
FindFirstFileA
FindFirstFileW
GlobalHandle
FindNextFileA
LocalAlloc
GetFullPathNameA
GetFullPathNameW
GetModuleHandleA
GetModuleHandleW
lstrcpyA

user32

FillRect
RedrawWindow
GetWindowRect
PostMessageA
SendMessageA
GetParent
LoadBitmapA
DrawTextA
EnableWindow
GetClassInfoA
LoadCursorA
IsClipboardFormatAvailable
GetClipboardData
UnionRect
CharUpperBuffW
WindowFromDC
WindowFromPoint
ClientToScreen
TrackMouseEvent
SetCapture
FrameRect
GetWindowLongA
InvalidateRect
RegisterClassA
AdjustWindowRectEx
wsprintfA
SetMenuDefaultItem
LoadIconA
PtInRect
EqualRect
CopyRect
ReleaseCapture
RegisterWindowMessageA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
RegisterClipboardFormatA
IsWindow
IsChild
OffsetRect
GetFocus
DefWindowProcA
AppendMenuA
CreatePopupMenu
UpdateWindow
GetDesktopWindow
GetWindowThreadProcessId
SetForegroundWindow
IsWindowVisible
IsIconic
FindWindowA
MessageBoxA
MessageBeep
GetSysColor
GetClassNameA
ReleaseDC
GetDC
TrackPopupMenu
GetCursorPos
GetMenuItemID
EnableMenuItem
GetMenuItemCount
GetSubMenu
LoadMenuA
KillTimer
SetTimer
DestroyWindow
SendMessageTimeoutA
GetSystemMetrics
GetClientRect
GetWindow

gdi32

GetTextCharacterExtra
GetTextCharsetInfo
TextOutW
TextOutA
GetTextFaceA
MoveToEx
GetCurrentPositionEx
ExtTextOutW
ExtTextOutA
SetTextAlign
SetTextCharacterExtra
GetTextAlign
GetTextColor
GetBkColor
GetBkMode
GetTextExtentPoint32W
Rectangle
CreatePen
CreateFontIndirectA
GetStockObject
SetBkMode
GetTextMetricsA
GetDeviceCaps
GetTextExtentPointA
GetObjectA
SetTextColor
SetBkColor
CreateSolidBrush
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
GetCharWidthW

advapi32

RegSetValueExW
RegSetValueExA
RegOpenKeyExW
RegOpenKeyExA
RegEnumValueW
RegEnumValueA
RegDeleteValueW
RegDeleteValueA
RegCloseKey

shell32

Shell_NotifyIconA

comctl32

_TrackMouseEvent
FlatSB_GetScrollProp
FlatSB_EnableScrollBar
FlatSB_SetScrollProp
ord17

ole32

CoCreateInstance
CoGetClassObject
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CreateStreamOnHGlobal

oleaut32

VariantClear
VariantInit
SysStringLen
SysAllocStringLen
VarBstrCat
SafeArrayPutElement
SafeArrayCreate
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
SysAllocString
SysFreeString
VarBstrCmp

urlmon

URLDownloadToCacheFileW
CoInternetGetSession

msvcp71

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

Sections

.text
Size: 164KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 24KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

64fb51e23cfef1d3d0a582916a16221d

Headers

File Characteristics

Imports

winmm

version

wininet

mfc71

msvcr71

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

urlmon

msvcp71

Sections

.text Size: 164KB - Virtual size: 160KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 24KB - Virtual size: 27KB

.rsrc Size: 100KB - Virtual size: 100KB

.text
Size: 164KB - Virtual size: 160KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 24KB - Virtual size: 27KB

.rsrc
Size: 100KB - Virtual size: 100KB