NEAS[.]554443ad2c31f9fcc557b0f27fde8000[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.554443ad2c31f9fcc557b0f27fde8000.exe
Size

1.1MB
MD5

554443ad2c31f9fcc557b0f27fde8000
SHA1

0a0f82017ea697c8b7dcd19731c0c832471978b7
SHA256

173e1046f070b4503d1941b4a607b5846f95f6d6bbb92c711072c2fe1f46a082
SHA512

d4a7ad124dac772f74b2415c8bf284a32f9731219e2bd579a5711b6530c0cd21a53c094820730bd40b08dcc18eee25cd81ebc56688eda936e4cd4c827a8cccfa
SSDEEP

24576:JTYexG0u8r9EXoZRJvrux3QmrIjDjNKb+O+DDXCcjZI9eib:JTYaVuY9RruxhrIjDhKbZkG0I93b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.554443ad2c31f9fcc557b0f27fde8000.exe

Files

NEAS.554443ad2c31f9fcc557b0f27fde8000.exe
.exe windows:4 windows x86

894b5eb3fe9f190030df4209a613d124

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetNameStringW
CertGetCertificateContextProperty
CertGetIntendedKeyUsage
CertNameToStrW
CryptImportPublicKeyInfo
CryptVerifyCertificateSignature
CertEnumCertificatesInStore
CertOpenSystemStoreW
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertOpenStore
CryptAcquireCertificatePrivateKey
CertSetCertificateContextProperty
CryptHashPublicKeyInfo
CertFreeCertificateContext
CertCloseStore

kernel32

GetDriveTypeW
GetTempFileNameA
MoveFileExA
GetDiskFreeSpaceW
GetFullPathNameW
GetShortPathNameW
GetFullPathNameA
GetVolumeInformationA
LoadLibraryA
GetTempPathW
MoveFileExW
GetShortPathNameA
GetTempFileNameW
MoveFileA
DeleteFileW
Sleep
CreateDirectoryW
CreateDirectoryA
GetTempPathA
SetFileAttributesW
CreateFileA
GetDiskFreeSpaceA
DeleteFileA
GetVolumeInformationW
GetVersionExW
GetCurrentDirectoryW
DeviceIoControl
GetFileAttributesA
GetFileAttributesExA
GetFileAttributesW
MoveFileW
SetFileTime
GetCurrentDirectoryA
GetFileInformationByHandle
SetFilePointer
GetFileType
SetEndOfFile
ReadFile
FlushFileBuffers
GetStringTypeExA
UnmapViewOfFile
GetLocaleInfoW
GetUserDefaultUILanguage
MapViewOfFile
CreateFileMappingW
ReleaseMutex
CreateMutexW
GetLocaleInfoA
GetDateFormatA
GetDateFormatW
FileTimeToSystemTime
GetProcAddress
GetNumberFormatW
CompareFileTime
GetVersion
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
VirtualFree
VirtualAlloc
CompareStringW
CompareStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
SetFileAttributesA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
HeapSize
HeapCreate
HeapDestroy
ExitProcess
GetModuleHandleA
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetProcessHeap
CreateThread
ExitThread
HeapAlloc
HeapReAlloc
HeapFree
LoadLibraryExW
SizeofResource
GetStringTypeA
GetModuleHandleW
GetTickCount
GetStringTypeW
SetCurrentDirectoryA
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
lstrcmpiW
SetCurrentDirectoryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GlobalUnlock
GetCurrentThreadId
GlobalLock
LeaveCriticalSection
GlobalAlloc
EnterCriticalSection
lstrlenW
GetModuleFileNameW
SetLastError
LockResource
InitializeCriticalSection
LoadResource
FindResourceW
InterlockedIncrement
DeleteCriticalSection
MulDiv
lstrcmpW
GetLastError
GlobalFree
GlobalHandle
InterlockedDecrement
CloseHandle
CreateFileW
WriteFile
GetFileAttributesExW
GetDriveTypeA
LocalFileTimeToFileTime
FileTimeToLocalFileTime
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
SetThreadPriority
WaitForSingleObject
SetEvent
ResetEvent
CreateEventW
GetEnvironmentStringsW
InterlockedExchange
RaiseException
FlushInstructionCache
GetCurrentProcess
GetNumberFormatA

user32

DestroyMenu
TrackPopupMenu
CreatePopupMenu
CreateAcceleratorTableW
GetActiveWindow
DialogBoxParamW
IsWindowVisible
LoadImageW
GetWindowTextA
GetCursorPos
MsgWaitForMultipleObjects
PeekMessageW
DdeCreateStringHandleW
IsDialogMessageW
TranslateMessage
DispatchMessageW
DestroyIcon
IsDlgButtonChecked
GetClassInfoExW
ReleaseDC
GetDlgItemTextW
RegisterClassExW
LoadCursorW
ClientToScreen
MessageBoxW
CharNextW
MoveWindow
InsertMenuW
GetSystemMenu
DestroyAcceleratorTable
EnableWindow
GetDesktopWindow
GetSysColor
DdeConnect
DdeDisconnect
DdeFreeStringHandle
DdeUninitialize
DdeClientTransaction
DdeGetLastError
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
DdeInitializeW
CheckDlgButton
DialogBoxIndirectParamW
SetCapture
RegisterWindowMessageW
ReleaseCapture
IsChild
GetFocus
GetWindowTextLengthW
SetWindowContextHelpId
ShowWindow
PostMessageW
InvalidateRect
LoadStringW
RedrawWindow
FillRect
InvalidateRgn
SetCursor
GetDC
MapDialogRect
SetWindowPos
DrawTextW
SetDlgItemTextW
GetSystemMetrics
GetWindow
GetWindowTextW
SetWindowTextW
SetForegroundWindow
EndDialog
SetWindowLongW
SystemParametersInfoW
DestroyWindow
GetWindowRect
GetClientRect
GetWindowLongW
SendMessageW
ScreenToClient
DefWindowProcW
GetParent
CallWindowProcW
EndPaint
DrawIcon
BeginPaint
MapWindowPoints
CreateWindowExW
GetDlgItem
IsWindow
SetFocus
GetClassNameW
UnregisterClassA

gdi32

DeleteDC
DeleteObject
GetStockObject
GetDeviceCaps
GetTextExtentPoint32W
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject

advapi32

RegSetValueExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptGetUserKey
CryptAcquireContextA
CryptVerifySignatureW
CryptDestroyKey
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptSetHashParam
CryptDestroyHash
CryptReleaseContext
CryptAcquireContextW
CryptGenRandom
CryptDecrypt
RegDeleteValueW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegCloseKey
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyW
RegSetValueW
CryptGetProvParam
CryptImportKey
CryptGetKeyParam
CryptGenKey
CryptDeriveKey
CryptSetKeyParam

shell32

SHGetFolderPathW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW
SHGetFileInfoW

ole32

CoCreateGuid
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoTaskMemFree
OleUninitialize
CoGetClassObject
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
OleLockRunning
OleInitialize
CLSIDFromString
CLSIDFromProgID
CreateStreamOnHGlobal

oleaut32

VariantInit
VarUI4FromStr
SysStringLen
SysAllocString
SysStringByteLen
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
SysAllocStringLen
SysFreeString

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

Sections

.text
Size: - Virtual size: 557KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 172KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 332KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

894b5eb3fe9f190030df4209a613d124

Headers

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: - Virtual size: 557KB

.rdata Size: 172KB - Virtual size: 168KB

.data Size: - Virtual size: 83KB

.rsrc Size: 24KB - Virtual size: 25KB

.pklstb Size: 332KB - Virtual size: 348KB

.relo2 Size: 4KB - Virtual size: 60B

.text
Size: - Virtual size: 557KB

.rdata
Size: 172KB - Virtual size: 168KB

.data
Size: - Virtual size: 83KB

.rsrc
Size: 24KB - Virtual size: 25KB

.pklstb
Size: 332KB - Virtual size: 348KB

.relo2
Size: 4KB - Virtual size: 60B