NEAS[.]1e150cdb906257ed51410bebf23fcc30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1e150cdb906257ed51410bebf23fcc30.exe
Size

1.2MB
MD5

1e150cdb906257ed51410bebf23fcc30
SHA1

24f06f7a59ea39f362824223b100e70c2bca027d
SHA256

46231206be869de5167765d99719224c9e14c9f8d0dc4c3eefd42f5c0458e98e
SHA512

dbbf7e4f4a3ae4d8eb9028a43cf44283b9dcc116f9d0e5ac6dc13749fd5af9aa3a65d3af4ab10e6be53a3186d6e8d1be7a39a207b5cc042a82439b9e81509363
SSDEEP

12288:RuRq9G+KjAotZ73u+YdSB/5xWWWBlNxJZv9TcL4LQiYVsLwBVOE67eQqQf:sBZ72SB/3WWWBlNxRcLHiYuLu16EQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1e150cdb906257ed51410bebf23fcc30.exe

Files

NEAS.1e150cdb906257ed51410bebf23fcc30.exe
.exe windows:4 windows x86

ff2830aa4806a253616b74642e6ea704

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASocketA
inet_ntoa
WSAStartup
WSACleanup
WSAIoctl
gethostbyname
setsockopt
getsockopt
ioctlsocket
accept
listen
recvfrom
sendto
shutdown
getsockname
getpeername
connect
WSAAsyncGetHostByName
send
recv
closesocket
WSACancelAsyncRequest
bind
htonl
inet_addr
htons
WSASetLastError
socket
WSAGetLastError
WSAAsyncSelect

pluginnetwork

CreatePluginNetwork

wininet

InternetGetConnectedState
InternetGetConnectedStateEx
InternetSetOptionA

ivgdi

IXGDI_Build

kernel32

GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetLastError
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetModuleFileNameA
Sleep
GetEnvironmentVariableW
GetVersion
MultiByteToWideChar
GetEnvironmentVariableA
CompareStringW
CompareStringA
lstrlenW
WideCharToMultiByte
GetStringTypeExW
GetStringTypeExA
lstrcmpiW
lstrcmpiA
lstrlenA
GetSystemTime
FindResourceA
SizeofResource
LockResource
LoadResource
FindResourceExA
OutputDebugStringA
InterlockedDecrement
IsBadStringPtrA
CreateMutexA
CloseHandle
HeapAlloc
GetProcessHeap
FlushInstructionCache
GetCurrentProcess
InterlockedIncrement
FreeLibrary
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetPrivateProfileStringA
WriteFile
SetEndOfFile
CreateFileA
CreateProcessA
GetTickCount
GetThreadLocale
CopyFileA
Process32Next
Process32First
CreateToolhelp32Snapshot
HeapFree
lstrcpyA
GetCurrentProcessId
LocalFree
FormatMessageA
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
MulDiv
VirtualQuery
VirtualProtect
GetStdHandle
HeapValidate
IsBadWritePtr
LoadLibraryA
GetProcAddress
DebugBreak
RtlUnwind
OpenFileMappingA
GetCurrentThread
CreateFileMappingA
MapViewOfFile
GetSystemInfo
IsBadReadPtr
UnmapViewOfFile
VirtualAlloc
HeapDestroy
HeapSize
HeapReAlloc
LocalFileTimeToFileTime
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrcpynW
OutputDebugStringW
lstrcpyW
OpenEventA
SetEvent
WaitForSingleObject
CreateDirectoryA
GetModuleFileNameW
ReadFile
InterlockedExchange
GetVersionExA
GetACP
SetStdHandle
GetLocaleInfoW
SetEnvironmentVariableA
GetLocaleInfoA
GetCommandLineA
ExitProcess
FatalAppExitA
TlsAlloc
GetTimeFormatA
TlsFree
TlsSetValue
TlsGetValue
SetLastError
TerminateProcess
HeapCreate
GetDateFormatA
VirtualFree
SetConsoleCtrlHandler
SetUnhandledExceptionFilter
GetTimeZoneInformation
SetFilePointer
FlushFileBuffers
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
IsBadCodePtr
IsValidLocale
IsValidCodePage
EnumSystemLocalesA
DeleteFileA
GetUserDefaultLCID
GetStartupInfoA

user32

LoadBitmapA
SetWindowTextA
DestroyCursor
SetRectEmpty
DrawTextA
LoadCursorA
SetCursor
MoveWindow
IsRectEmpty
ShowWindow
GetDlgCtrlID
InvalidateRect
GetCapture
ReleaseCapture
PtInRect
EndPaint
GetSubMenu
UpdateWindow
TrackPopupMenu
DestroyMenu
SetCapture
SetFocus
ScreenToClient
OffsetRect
GetDC
ReleaseDC
SetForegroundWindow
GetCursorPos
IsMenu
CheckMenuItem
RegisterWindowMessageA
EndDialog
DialogBoxParamA
MessageBoxA
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
DispatchMessageW
PostQuitMessage
GetForegroundWindow
GetSystemMetrics
CreateCursor
GetClassNameA
GetWindowTextA
InvalidateRgn
CreateAcceleratorTableA
GetDesktopWindow
RedrawWindow
IsChild
DestroyAcceleratorTable
SetDlgItemInt
GetDlgItemInt
MessageBeep
wvsprintfA
GetDlgItem
wsprintfA
GetClassInfoExA
CallWindowProcA
DrawFocusRect
FillRect
IsWindowEnabled
GetWindowTextLengthA
LoadMenuA
LoadImageA
GetWindow
GetWindowRect
SystemParametersInfoA
GetClientRect
MapWindowPoints
SetWindowPos
GetParent
SetDlgItemTextA
SetTimer
IsWindow
KillTimer
GetActiveWindow
CharNextA
CreateDialogParamA
FindWindowExA
EnumChildWindows
FindWindowA
SendMessageA
LoadStringA
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharUpperA
CharUpperW
CharLowerA
CharLowerW
UnregisterClassA
PostMessageA
DestroyWindow
GetWindowLongA
DefWindowProcA
RegisterClassExA
CreateWindowExA
SetWindowLongA
GetFocus
BeginPaint
GetSysColor

gdi32

CreateSolidBrush
GetStockObject
GetDeviceCaps
DPtoLP
CreateCompatibleBitmap
GetObjectA
CreateFontIndirectA
DeleteObject
SetBkColor
ExtTextOutA
GetTextMetricsA
BitBlt
SetTextColor
SetBkMode
GetObjectType
SelectObject
DeleteDC
CreateCompatibleDC

advapi32

RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptGetHashParam
CryptCreateHash
OpenThreadToken
CryptAcquireContextA
SetThreadToken
RevertToSelf
RegEnumValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA

shell32

SHGetMalloc
SHGetSpecialFolderLocation
Shell_NotifyIconA
SHBrowseForFolderA
ShellExecuteA
SHGetPathFromIDListA

ole32

OleLockRunning
StringFromGUID2
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CreateStreamOnHGlobal
OleUninitialize
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoInitialize
OleInitialize
CoUninitialize
CoRevokeClassObject
CoUnmarshalInterface
CoCreateGuid
CoReleaseMarshalData
CoMarshalInterface
CoRegisterClassObject

oleaut32

SafeArrayUnaccessData
VarUI4FromStr
DispCallFunc
VariantInit
VariantChangeType
SafeArrayCreate
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString

shlwapi

PathIsDirectoryA
PathFileExistsA
StrChrA

comctl32

_TrackMouseEvent
InitCommonControlsEx

Sections

.textbss
Size: - Virtual size: 428KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 912KB - Virtual size: 909KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 156KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ff2830aa4806a253616b74642e6ea704

Headers

File Characteristics

Imports

ws2_32

pluginnetwork

wininet

ivgdi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

Sections

.textbss Size: - Virtual size: 428KB

.text Size: 912KB - Virtual size: 909KB

.rdata Size: 104KB - Virtual size: 101KB

.data Size: 16KB - Virtual size: 25KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 156KB - Virtual size: 154KB

.textbss
Size: - Virtual size: 428KB

.text
Size: 912KB - Virtual size: 909KB

.rdata
Size: 104KB - Virtual size: 101KB

.data
Size: 16KB - Virtual size: 25KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 156KB - Virtual size: 154KB