NEAS[.]1cd18d94f5cc39ef2f135b521a6663e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1cd18d94f5cc39ef2f135b521a6663e0.exe
Size

2.0MB
MD5

1cd18d94f5cc39ef2f135b521a6663e0
SHA1

d19bfcb9e12499749b7825178d8d35350fd1401c
SHA256

2eebc4ec7d23ec4486189d82c798790d38628be5652a0a9ddd86d9d8b5a26c74
SHA512

d06faa5a5446eacd1b844490ca6fceb8974a2d3a6005b8fa64935993184bd2c9044565694d11bef790476cde008090f064e6a3974ed60623d2f7b58669f1a2c4
SSDEEP

24576:FUCaGOSkqJGCaRY8qIfQD2I2Ud9aHyYquZN5xdVpcKSI7OVUwLG8ve8h1hblUS6D:YGOAGfQJ9Y7qOxeNVZTQMYT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1cd18d94f5cc39ef2f135b521a6663e0.exe

Files

NEAS.1cd18d94f5cc39ef2f135b521a6663e0.exe
.exe windows:4 windows x86

6967edf6b640eb5f78cb3aaa01f2c068

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

mixerClose
waveOutUnprepareHeader
waveOutRestart
waveOutReset
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
waveInAddBuffer
waveInClose
waveInGetDevCapsW
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInStop
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsW
waveOutGetNumDevs
waveOutOpen
waveOutPause
waveOutPrepareHeader
waveOutWrite

comctl32

ImageList_BeginDrag
InitCommonControlsEx
ImageList_GetIcon
ImageList_EndDrag
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_AddMasked

kernel32

GetACP
GetCommandLineW
GetConsoleCP
GetConsoleMode
GetCPInfo
GetCPInfoExW
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentThread
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStringsW
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameW
GetLocaleInfoW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetOEMCP
GetPrivateProfileIntW
GetPrivateProfileStringW
GetProcessHeap
GetProfileIntW
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryW
GetSystemInfo
GetTempFileNameW
GetTempPathW
GetThreadLocale
GetThreadPriority
GetTimeZoneInformation
GetVersionExW
GetVolumeInformationW
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFindAtomW
GlobalFlags
GlobalFree
GlobalHandle
GlobalLock
GlobalReAlloc
GlobalSize
FreeResource
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LoadLibraryExW
LoadLibraryW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LocalReAlloc
LockFile
LockResource
lstrcmpA
lstrcmpW
lstrlenW
MoveFileExW
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
PeekNamedPipe
QueryPerformanceFrequency
RaiseException
ReadConsoleW
ReadFile
RemoveDirectoryW
ResetEvent
ResumeThread
SetEndOfFile
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetPriorityClass
SetProcessWorkingSetSize
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnlockFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile
WritePrivateProfileStringW
FreeEnvironmentStringsW
FormatMessageW
FlushFileBuffers
FindResourceW
FindResourceExW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
ExpandEnvironmentStringsW
ExitProcess
EnumSystemCodePagesW
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
EndUpdateResourceW
DuplicateHandle
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CreateThread
CreateFileW
CreateDirectoryW
CopyFileW
CompareStringW
CompareStringA
BeginUpdateResourceW
OpenMutexA
CreateMutexA
GetSystemDefaultLCID
lstrcpyW
GetStartupInfoA
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
LoadLibraryA
GetProcAddress
CreateEventW
OpenEventW
WaitForSingleObject
CloseHandle
CreateSemaphoreW
GetLastError
RtlUnwind
GetVersion
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
SetHandleCount
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
LCMapStringA
GetStringTypeA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock

user32

GrayStringW
InflateRect
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsChild
IsDialogMessageW
IsIconic
IsMenu
IsRectEmpty
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapW
LoadCursorW
LoadIconW
MapDialogRect
MapWindowPoints
MessageBeep
MessageBoxW
ModifyMenuW
MoveWindow
OffsetRect
OpenClipboard
PeekMessageW
PostMessageW
PostQuitMessage
PostThreadMessageW
PtInRect
RedrawWindow
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterHotKey
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendDlgItemMessageA
SendMessageTimeoutW
SetActiveWindow
SetCapture
SetClipboardData
SetClipboardViewer
SetCursor
SetFocus
SetMenu
SetMenuItemBitmaps
SetMenuItemInfoW
SetPropW
SetRectEmpty
SetScrollInfo
SetScrollPos
SetTimer
SetWindowContextHelpId
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
ShowWindow
SystemParametersInfoW
TabbedTextOutW
TrackPopupMenu
TranslateMessage
UnhookWindowsHookEx
UnionRect
UnregisterClassW
UnregisterHotKey
UpdateWindow
ValidateRect
WaitForInputIdle
WinHelpW
wsprintfW
GetWindowThreadProcessId
GetScrollPos
GetScrollInfo
GetPropW
GetNextDlgTabItem
GetNextDlgGroupItem
GetMessageW
GetMessageTime
GetMessagePos
GetMenuItemID
GetMenuItemCount
GetMenuCheckMarkDimensions
GetLastActivePopup
GetKeyState
GetIconInfo
GetForegroundWindow
GetDlgItem
GetDlgCtrlID
GetDC
GetCursorPos
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetClassInfoExW
GetCapture
GetAsyncKeyState
GetActiveWindow
FindWindowW
FillRect
EqualRect
EnumWindows
EnumDesktopWindows
EndPaint
EndDialog
EndDeferWindowPos
EnableWindow
EnableMenuItem
EmptyClipboard
DrawTextW
DrawTextExW
DrawMenuBar
DrawIconEx
DrawFocusRect
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DeleteMenu
DefWindowProcW
CreateWindowExW
CreatePopupMenu
CreateIconFromResourceEx
CreateIconFromResource
CreateDialogIndirectParamW
CopyRect
CopyAcceleratorTableW
CloseClipboard
CheckMenuRadioItem
CheckMenuItem
CharUpperW
CharNextW
ChangeClipboardChain
CallWindowProcW
CallNextHookEx
BeginPaint
BeginDeferWindowPos
AppendMenuW
AdjustWindowRectEx
FindWindowA
SendMessageA
SetForegroundWindow
GetFocus
GetParent
GetWindowLongW
GetDesktopWindow
SendMessageW
GetWindowTextW
GetWindowTextLengthW
GetWindowRect
GetWindowDC
GetTopWindow
GetThreadDesktop
GetSubMenu
GetSysColorBrush
ClientToScreen

gdi32

ExtTextOutW
GetBkColor
GetClipBox
GetCurrentObject
GetDeviceCaps
GetDIBColorTable
CombineRgn
CopyMetaFileW
GetMapMode
GetObjectW
GetPaletteEntries
GetRgnBox
GetStockObject
ExtSelectClipRgn
GetTextColor
GetTextExtentPoint32W
GetTextMetricsW
GetViewportExtEx
GetWindowExtEx
OffsetViewportOrgEx
PtVisible
RectVisible
RestoreDC
SaveDC
ScaleViewportExtEx
ScaleWindowExtEx
SelectObject
SetBkColor
SetBkMode
SetDIBColorTable
SetMapMode
SetStretchBltMode
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
StartDocW
StartPage
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
ExcludeClipRect
Escape
EndPage
EndDoc
Ellipse
DPtoLP
DeleteObject
DeleteDC
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgnIndirect
CreatePen
GetStretchBltMode
BitBlt
CreateFontIndirectW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
OpenProcessToken
LookupPrivilegeValueW
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidIdentifierAuthority
AdjustTokenPrivileges
RegCloseKey
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegQueryValueW
RegSetValueExW

shell32

ShellExecuteExW
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
ShellExecuteW
DragFinish

ole32

StgOpenStorageOnILockBytes
RevokeDragDrop
ReleaseStgMedium
RegisterDragDrop
PropVariantClear
OleUninitialize
OleIsCurrentClipboard
OleInitialize
OleGetClipboard
OleFlushClipboard
OleDuplicateData
DoDragDrop
CreateStreamOnHGlobal
CreateILockBytesOnHGlobal
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoRevokeClassObject
CoRegisterMessageFilter
CoLockObjectExternal
CoGetClassObject
CoFreeUnusedLibraries
CoCreateInstance
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
StgCreateDocfileOnILockBytes

shlwapi

PathStripToRootW
PathRemoveFileSpecW
PathRemoveExtensionW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW
StrFormatByteSizeW

Sections

.text
Size: 412KB - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

div1010
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6967edf6b640eb5f78cb3aaa01f2c068

Headers

File Characteristics

Imports

winmm

comctl32

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

shlwapi

Sections

.text Size: 412KB - Virtual size: 409KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 356KB - Virtual size: 355KB

div1010 Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 412KB - Virtual size: 409KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 356KB - Virtual size: 355KB

div1010
Size: 1.2MB - Virtual size: 1.2MB