NEAS[.]4ce20d39b93d956bc57855ff28152d40[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4ce20d39b93d956bc57855ff28152d40.exe
Size

960KB
MD5

4ce20d39b93d956bc57855ff28152d40
SHA1

8f614b58732856f2728c31da892f4566bd8ae551
SHA256

e33516fe19ee07acf67d31ed8dca34fcd6a546554c821bb8d0eda1e600f021eb
SHA512

49a0bcaa8b844c341b393dc0fcb6c11dcb4d9da152061b016fc9529b6daa152409c96480ecf0787257b28340fbb2545b19132692eb0019bfbfb7f86d77b0ffa4
SSDEEP

12288:FTEd7A5sGBoGA5wIE822w9Vw10Drq/Z+c60U9pAgrvXraUiz0oWLFrM6HbUssh0j:5i7AR0FU9pAgbXrnm0oWLZlH+0PexiX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4ce20d39b93d956bc57855ff28152d40.exe

Files

NEAS.4ce20d39b93d956bc57855ff28152d40.exe
.dll windows:4 windows x86

3d525df6d258ca8c652a1e76e5bf6431

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
RaiseException
GlobalFlags
InterlockedIncrement
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetModuleFileNameA
TlsFree
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
InterlockedDecrement
GetLastError
SetLastError
MulDiv
lstrcpyW
GlobalAlloc
FormatMessageW
LocalFree
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TryEnterCriticalSection
GetThreadContext
IsDebuggerPresent
OpenProcess
VirtualProtectEx
GetLocalTime
VirtualQueryEx
CreateToolhelp32Snapshot
Module32FirstW
FreeLibrary
Module32NextW
GetModuleFileNameW
CreateEventW
ResetEvent
CreateThread
GetCurrentProcessId
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReadFile
CreateFileA
DeviceIoControl
CreateFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
CloseHandle
WideCharToMultiByte
Beep
MultiByteToWideChar
ResumeThread
LeaveCriticalSection
EnterCriticalSection
SuspendThread
InitializeCriticalSection
WaitForSingleObject
TerminateThread
FindFirstFileW
FindNextFileW
FindClose
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindResourceW
LoadResource
SizeofResource
LockResource
WriteProcessMemory
GetModuleHandleW
SetEvent
GetTickCount
ReadProcessMemory
Sleep
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

ValidateRect
PostQuitMessage
DestroyMenu
CharUpperW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
wsprintfW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
GetClassLongW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageW
GetSubMenu
GetMenuItemCount
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
SetWindowPos
SystemParametersInfoA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DrawFocusRect
WindowFromPoint
ClientToScreen
OffsetRect
DrawStateW
KillTimer
InvalidateRect
CopyRect
UnionRect
SetRectEmpty
GetSysColor
SetWindowTextA
MessageBoxA
SendMessageA
LoadCursorW
SetWindowsHookExW
SendInput
SetWindowRgn
RegisterHotKey
UnregisterHotKey
SetWindowLongW
RemovePropW
GetWindowDC
TrackMouseEvent
CallWindowProcW
FillRect
SetPropW
DrawTextW
EnumWindows
LoadMenuW
LoadBitmapW
PtInRect
GetTopWindow
GetWindow
IsWindowVisible
ShowWindow
CallNextHookEx
GetDesktopWindow
MessageBoxW
GetClassNameA
GetWindowThreadProcessId
SetTimer
GetWindowRect
GetMenuStringW
AppendMenuW
CreatePopupMenu
GetParent
GetWindowTextW
GetClassInfoExW
RegisterClassExW
GetWindowLongW
GetWindowPlacement
CreateWindowExW
DestroyWindow
ReleaseDC
GetSysColorBrush
GetMessageW
GetMenuItemID
TranslateMessage
GetDC
ExitWindowsEx
GetPropW
GetKeyState
UnregisterClassW
LoadImageW
GetDlgItem
SetWindowTextW
GetSystemMetrics
IsWindow
LoadIconW
GetFocus
GetClientRect
IsIconic
DrawIcon
InflateRect
SetRect
SetCursor
GetClassNameW
GetCursorPos
EnumChildWindows
EnableWindow
ScreenToClient
SendMessageW
MessageBoxA

gdi32

SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
Ellipse
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
MoveToEx
LineTo
CreatePen
Polygon
GetTextColor
GetBkColor
GetDeviceCaps
ExtTextOutW
CreateFontW
SetStretchBltMode
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
GetStockObject
Rectangle
RoundRect
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
CombineRgn
CreateEllipticRgnIndirect
CreateRectRgnIndirect
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
AdjustTokenPrivileges
RegSetValueExW

comctl32

ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit

ws2_32

inet_addr
htons
connect
ioctlsocket
closesocket
WSAIoctl
send
recv
shutdown
socket
select

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo

Exports

Exports

+46��݌�&�g��o��6�u��-r�� rwKpS��t;��ɷM�N��q@k��q�D+��Th�+�{i��#�a*HŚ_�ײY#��`qvJ)�e��i��K�5 ��s��3m�*<e��+c"VA��'v=��y��t��w�+{U�2VF/��'�te��b��ւ�&�gC�ҽN��_�;��/M1@k��!�\+5��9y�$ɬ�t �li��ߕƁ-��2�� :(A\��{y��'v��~��0�H��Rg ��{��-�|�9> .8�T�g�Nk3��U��v�!8v+�1?A<|\싚��h� �)�Z�n��l��\��vʃ��5fQyc$��L��!�ޕ��fB��L?�H4�+�.%�~��Σ�h��P�g��x�m�{i׍oQ�铷D�cj�h��Rߪ��"��tgG��K y-2��#��p�=�`Y��ye۹2��o��7��W+��=�2..��_��.s��'f��o*7sS��8XB+��%'׫Z�y/A��$L��vO��,*�$�-�)F�ܲ�"�tq ۠P��0w `� ��t3��+��qk�=�%�0C��~ҍ�7{+�F[m�\�K��0Ih+t��ű�>Y=�!��V�TPZ�6�=�4f��Wg��|]�~��_�3��33��^�]ەc 㾭c�ܝ��\��m��}��b��1�`��%7S-I��4�~i��,뒠q��C]�p7�ל 1�og�)�$�#�Cb�k%��`�'޿�x ��p@�A�,��C��c��t�K�,f�l�!�:;�k)xV]?��]�byC��!<Y��z��Vǩ��:��w�_��â��o4��4�~gmͥ�[��o�|��û�J��˥X�pB>�|��9_F�϶��]�~nPPb.�,t�M��v깧܇o��I��h�1�蠧b�\��e�56Y�㞈^i� ̑�R� D^��+)�Q��TG�v�1�he��4Ue�[ޮ`^אxR�)_</i�ż�,��]�p�-�ꆠ�J��E�}T��&�;)D�u��HW4:�͂�Ď��v%��`�'��Ĕ_aO\bb�$v�ʰ��E��R��LE��K��h��VSi�{��ބ� ^{LT��h�74��<�<mo��2{AL-�v��[�^��ݱ�� q��]L�:G&��Y��8C��uZ�19��xෘ��)�F��-�U��t5�*C�&��&�@n��Tu�(e��t�pO2C5Y GE��R�5�"5-8M\b{=�X��f��9��W��,��Iز�e�"i�A{l�=6-F�� 6cX��Ӫ��h�N]ɝ�F&�*ld�r�x��ŔE��Ԇ��v��?��y��\��l��*d�O�`��|�L�@��Q$2��D��֗��CWf^�nً��vK ACWe��i$n��Zx�iv� �RvE��"��fx6a�'�K��-�U�瘕xdH��eՎ��!��+ ��^��j:[ͺ��¤GQ�_��CIȀ�n��6��*w. ��&Eqc��F)��z��iR��_/r��d��n70��*<�s��K�xWX� Dz_�;�ǌ�� wT��nV�#!b�'g�H��<m|��?�XĪ�Dɔ2*�KP9o�=C�CO�Po��{��.��R��;&SGCw}��Es�$Yu�:Ͷ6�fM��~��Ԓ�,�ӹ�t��+"&X��=ҺF�H"�;��@�W� `��CЪ��U0�O��ڍM��j��u��ѕ�L�_��rlv�~V�S��/]�֑�Wjx�ܹ6��ަ?i�A\�=�N`��Bq��T��L��\I� מ��&��xjk2z ��Hd��n�~3��~(T�@�+C��a�yMY��C��ҋ̽ͮ��3��Hg� �a�\G� ,�F�MO��#۩v��e��O��`i��u�@�+(�$��\��bdy�!��w�|'�܀��ˈ,Gr��. *��o+[�h�^k��0�Z�'�9��gTYJN1��t�� &3��Ko~'��-� ��Z%��aQ��Soyx8��g��Ġ�1/��w�i��$�;��wx�D��hJ�MJF#�l��I��⭚|��?g��-�P��kqh"j,[̏�F5�L��t1��'��SS��e-k��"4%6��3,�:�+A�J��4��&Jm�C<x��9��$�Dgׯ�>��L6�ے��<`�s#�헕��T��~��&��"�m][=��V��?b�x��u@��xZ� �EҾ+�ឱb�5��0eѧ� �r<.��u�� 6j��x}3-d��,�'/x�@vϘ��kz�g�D1[�Wb8�@��Z��-P�%E_��%$!��#o��J��+��Ah?9(mS�@nBGTJ�#��I�� -�m� .��g�z��I��d�5��''��+��n:��]y��v7Zh�*-ؾ��խ+P2J�R9�h(��]�g ��`B��AC��Shfm�{��<��G{!U�o�MU�U�o��C8l�� N��<�\�j�� %b�l�rzȤ�a��3�,U��0h�@�z�k/��|S��ڱ�]��&��6<�g<�1��;�}�٧��{�e)��|Pnq��H��+�T�B)#"8�^<,G;'X��I�A�M$�?��0��A�$�ފ��̓��`؎��胘�S]W��}�^JiQ��~v\��i��zF��|U�� {Fm�8�K��Gf1��c)�7��3X

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text0
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 152KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3d525df6d258ca8c652a1e76e5bf6431

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

ws2_32

winmm

iphlpapi

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 72KB - Virtual size: 68KB

.data Size: 20KB - Virtual size: 43KB

.rsrc Size: 120KB - Virtual size: 116KB

.text0 Size: 60KB - Virtual size: 57KB

.text1 Size: 152KB - Virtual size: 150KB

.tls Size: 4KB - Virtual size: 24B

.text2 Size: 44KB - Virtual size: 43KB

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 72KB - Virtual size: 68KB

.data
Size: 20KB - Virtual size: 43KB

.rsrc
Size: 120KB - Virtual size: 116KB

.text0
Size: 60KB - Virtual size: 57KB

.text1
Size: 152KB - Virtual size: 150KB

.tls
Size: 4KB - Virtual size: 24B

.text2
Size: 44KB - Virtual size: 43KB

.reloc
Size: 40KB - Virtual size: 37KB