NEAS[.]1e6f5087d1c49ed199847f242ed1ea10[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.1e6f5087d1c49ed199847f242ed1ea10.exe
Size

339KB
MD5

1e6f5087d1c49ed199847f242ed1ea10
SHA1

9de2b337b60a041bfa495f82e17604a15ed6b88b
SHA256

68f02317ae04386a73ddbdcf8c02ea97840e9606fd668d020f9d9c63b4c7eda3
SHA512

090d4b87dbb9bcfea69a9032deaa771f22f11751ce2efdf5b122c0d4ed7e52e2d8cf7e3306e99c7303072d17e2f7231083004533fcbc1410309a1aa566eaed7b
SSDEEP

6144:WoMah58XSo5mD6rdYm4b7fDu+3i1h2BAy2kv2CNUgOXXw:Wozh+Ym4vf/3i6BAy2eNUNXXw

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1e6f5087d1c49ed199847f242ed1ea10.exe

Files

NEAS.1e6f5087d1c49ed199847f242ed1ea10.exe
.exe windows:4 windows x86

ca8a9084f9e7c0e958e12d8090cfc614

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
WritePrivateProfileStringW
OutputDebugStringA
GetModuleFileNameW
GetPrivateProfileStringW
lstrlenA
GetFileAttributesW
WideCharToMultiByte
GetPrivateProfileStringA
MultiByteToWideChar
GetPrivateProfileIntW
GetCurrentProcessId
LoadLibraryW
EnterCriticalSection
GetCurrentThreadId
FreeLibrary
GetTempPathW
CreateDirectoryW
InitializeCriticalSection
CopyFileW
InterlockedIncrement
InterlockedDecrement
LoadLibraryExW
lstrcmpiW
GetSystemDirectoryW
DeleteCriticalSection
CreateProcessW
DeleteFileW
GetCommandLineW
FindFirstFileW
FindNextFileW
FindClose
WriteFile
FileTimeToSystemTime
ReadFile
GetLocalTime
GetFileInformationByHandle
SetFilePointer
SystemTimeToFileTime
GetVersionExW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalMemoryStatusEx
GetThreadLocale
IsProcessorFeaturePresent
InterlockedCompareExchange
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
RaiseException
InterlockedExchange
LoadLibraryA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetConsoleMode
GetConsoleCP
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
ExitProcess
GetModuleFileNameA
GetStdHandle
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
TlsFree
OpenProcess
GetModuleHandleW
GetProcAddress
GetExitCodeThread
FlushInstructionCache
Sleep
GetCurrentProcess
TerminateThread
GetTickCount
CreateFileMappingW
LeaveCriticalSection
lstrcpyW
FindResourceExW
LoadResource
LockResource
SizeofResource
CreateThread
WaitForSingleObject
FindResourceW
lstrlenW
GetLastError
CreateFileW
UnmapViewOfFile
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetStartupInfoW
GetProcessHeap
GetVersionExA
HeapReAlloc
HeapFree
HeapAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileSize
MapViewOfFile
CloseHandle
SetStdHandle

user32

ScreenToClient
SendMessageW
DefWindowProcW
GetSystemMenu
GetDlgItem
SetWindowLongW
EnableWindow
SetDlgItemTextW
GetWindowLongW
MoveWindow
GetMenuItemCount
GetMenuItemID
ShowWindow
GetWindowRect
EnableMenuItem
SetForegroundWindow
DispatchMessageW
TranslateMessage
PeekMessageW
GetMessageW
PostMessageW
GetWindowTextLengthW
wvsprintfW
DialogBoxParamW
UpdateWindow
DrawIcon
InvalidateRect
CallWindowProcW
EndDialog
GetDesktopWindow
CharNextW
wvsprintfA
MessageBoxW
PostQuitMessage
IsWindowVisible
wsprintfA
LoadBitmapW
wsprintfW
ReleaseDC
LoadCursorW
LoadStringW
SetCursor
GetWindowDC
RedrawWindow
EndPaint
GetActiveWindow
GetCursorPos
GetDlgCtrlID
GetWindowTextW
SetWindowTextW
BeginPaint
DestroyWindow
CreateDialogParamW
UnregisterClassA

gdi32

CreateSolidBrush
TextOutW
SetBkMode
SetTextColor
CreateFontW
DeleteObject
BitBlt
CreateCompatibleDC
CreateBitmap
DeleteDC
SetBkColor
SelectObject

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW

shell32

SHGetFolderPathW
SHGetFileInfoW
ShellExecuteW
ShellExecuteA
CommandLineToArgvW

ole32

CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc

oleaut32

VarUI4FromStr

shlwapi

PathRemoveFileSpecW
PathStripPathW
PathFindFileNameW
PathAppendW

comctl32

ImageList_DrawEx
ImageList_Destroy
ImageList_LoadImageW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

ws2_32

htons
inet_addr
gethostbyname
connect
WSAAsyncSelect
setsockopt
socket
WSACleanup
closesocket
WSAStartup
WSAGetLastError
send

psapi

EnumProcesses
GetModuleFileNameExW
GetProcessMemoryInfo

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
HttpSendRequestW
HttpOpenRequestW
InternetConnectW
InternetSetOptionW

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ca8a9084f9e7c0e958e12d8090cfc614

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

ws2_32

psapi

wininet

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 84KB - Virtual size: 84KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 84KB - Virtual size: 84KB