NEAS[.]550c96a02226dca387852e56f6615ef0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.550c96a02226dca387852e56f6615ef0.exe
Size

137KB
MD5

550c96a02226dca387852e56f6615ef0
SHA1

e7676baa0ccfa6a8af138a53fb7fc11253737c2b
SHA256

465fc679535de7911bc63a74a588a231e4d5387508a526d67bc1291e68c9193b
SHA512

7afc82288ede6436a2ee37b0aa36f6d563ec4c4810ed3e556af951157f5d57166e381af84feecc6e3f75bebb364e727e61f1946d84b1e7be0ec1a151bf7c3e5b
SSDEEP

1536:MI6JDGAXEssQpGJwuQJFHLlU8Sq+Ugu+ZfFOs3UHL+hCqmMfmyUqYdh9JJa+G:KgiSq+UzqfAs30+QCzf4Ux

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.550c96a02226dca387852e56f6615ef0.exe

Files

NEAS.550c96a02226dca387852e56f6615ef0.exe
.exe windows:6 windows x86

e925a3bde35ecbe27f0c2c2ab1030008

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
InitiateSystemShutdownExW
StartTraceW
EnableTrace
RegSetKeyValueW
ControlTraceW
TraceEvent
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegQueryInfoKeyW
RegEnumKeyW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegQueryValueExW
RegCreateKeyExW
RegSetValueExW
RegCloseKey

kernel32

WritePrivateProfileStringW
CreateMutexW
GetStartupInfoW
CreateProcessW
ReleaseMutex
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryExW
WideCharToMultiByte
GetExitCodeProcess
GetModuleHandleA
HeapAlloc
SetUnhandledExceptionFilter
CompareStringW
CopyFileExW
FindNextFileW
FlushFileBuffers
FindFirstFileW
FindClose
DeviceIoControl
GetFileAttributesW
RemoveDirectoryW
CreateFileW
CopyFileW
SetFileAttributesW
CreateDirectoryW
GetStartupInfoA
InterlockedCompareExchange
GetModuleFileNameW
GetCurrentDirectoryW
GetFullPathNameW
LoadLibraryW
SetErrorMode
FreeLibrary
GetCommandLineW
lstrlenW
SetLastError
ExpandEnvironmentStringsW
InterlockedExchange
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
SetThreadExecutionState
CreateEventW
CreateThread
Sleep
GetLocalTime
FormatMessageW
LocalFree
SetEvent
WaitForSingleObject
CloseHandle
GetLastError
GetProcessHeap
HeapFree
GetVersionExW
GetModuleHandleW
GetProcAddress
QueryPerformanceCounter

user32

MessageBoxW
SystemParametersInfoW
DialogBoxParamW
CreateDialogParamW
ShowWindow
TranslateMessage
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
DestroyWindow
EnableWindow
IsDlgButtonChecked
EndDialog
ShutdownBlockReasonDestroy
ShutdownBlockReasonCreate
GetDlgItem
SetWindowLongW
CharNextW
LoadStringW
CharPrevW
SendMessageW

msvcrt

__set_app_type
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_unlock
__dllonexit
_lock
_vsnwprintf
_onexit
wcsrchr
wcschr
_wcsnicmp
_vsnprintf
_vscwprintf
_controlfp
memset
_except_handler4_common
__getmainargs
?terminate@@YAXXZ
_cexit

ole32

CoInitialize
CoTaskMemFree
CoCreateInstance

actionqueue

GenerateActionQueue
ProcessActionQueue

rpcrt4

UuidFromStringW

unattend

UnattendCtxDeserializeWithResults
UnattendCtxSerialize
UnattendFreeNode
UnattendCtxCleanup
UnattendCtxCancelModify
UnattendCtxCommitModify
UnattendCtxReplaceMatchedNodesWithText
UnattendCtxBeginModify
UnattendMarkPassUsedInCtx
UnattendCtxSerializeSettingsStream
UnattendAddResults
UnattendFreeResults
UnattendCtxOpenNode
UnattendFindAnswerFileWithResults

oleaut32

SysFreeString

wdscore

WdsInitialize
WdsTerminate
CurrentIP
WdsSetupLogMessageW
ConstructPartialMsgVW

shlwapi

PathRemoveFileSpecW

setupapi

pSetupIsUserAdmin
pSetupDoesUserHavePrivilege

comctl32

InitCommonControlsEx

ntdll

RtlNtStatusToDosError
NtSetInformationFile
RtlFreeHeap
RtlAllocateHeap

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e925a3bde35ecbe27f0c2c2ab1030008

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

actionqueue

rpcrt4

unattend

oleaut32

wdscore

shlwapi

setupapi

comctl32

ntdll

Sections

.text Size: 80KB - Virtual size: 79KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 24KB - Virtual size: 24KB

.reloc Size: 31KB - Virtual size: 32KB

.text
Size: 80KB - Virtual size: 79KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 24KB - Virtual size: 24KB

.reloc
Size: 31KB - Virtual size: 32KB