NEAS[.]2664722211f4deb85dfc174a066293e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2664722211f4deb85dfc174a066293e0.exe
Size

1.5MB
MD5

2664722211f4deb85dfc174a066293e0
SHA1

3519cb589780ccf8e96c3ee90abb2bcd703ec247
SHA256

2482610ac7b7d03c550380e77161413fca72ad22751eeb7e7c46ea124836fe02
SHA512

976d1175b054d749892a6b70864d120b11df1be0b36a0510e84dc20c5bebc93915939db2e2a9425878629cd3039bdb46710cae6064c87ba418253fa74eb29eac
SSDEEP

49152:lTxl1yBuooUhHI3raWChtR+eHTVwHO2WN:mYkhwaWChtR3HTaOdN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2664722211f4deb85dfc174a066293e0.exe

Files

NEAS.2664722211f4deb85dfc174a066293e0.exe
.exe windows:4 windows x86

2a03ee7a84ac89f2bea81216ef091733

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

crypt32

CertGetIntendedKeyUsage
CertNameToStrA
CryptImportPublicKeyInfo
CertGetNameStringA
CertDuplicateCertificateContext
CertFreeCertificateContext
CertOpenSystemStoreA
CertOpenStore
CryptVerifyCertificateSignature
CertEnumCertificatesInStore
CertSetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CryptHashPublicKeyInfo
CertGetCertificateContextProperty
CertCloseStore

kernel32

GetVersionExA
GetLocaleInfoW
GetLocaleInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDateFormatW
GetDateFormatA
GetNumberFormatW
GetNumberFormatA
CreateEventA
ResetEvent
SetEvent
WaitForSingleObject
SetThreadPriority
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemTimeAsFileTime
LocalFileTimeToFileTime
GetFullPathNameW
GetFullPathNameA
GetTempFileNameW
GetDriveTypeW
MoveFileExA
MoveFileExW
CreateDirectoryW
SetFileTime
GetDriveTypeA
GetVolumeInformationA
Sleep
GetFileAttributesA
GetFileAttributesW
CreateFileW
GetTempPathW
GetShortPathNameA
CreateDirectoryA
GetCurrentDirectoryW
MoveFileW
SetFileAttributesA
GetTempFileNameA
GetDiskFreeSpaceW
MoveFileA
GetDiskFreeSpaceA
DeviceIoControl
GetCurrentDirectoryA
GetShortPathNameW
DeleteFileW
GetTempPathA
SetFileAttributesW
DeleteFileA
GetVolumeInformationW
SetFilePointer
SetEndOfFile
ReadFile
FlushFileBuffers
DeleteCriticalSection
GetFileInformationByHandle
FindFirstFileW
FindFirstFileA
FindClose
GetStringTypeExA
CompareFileTime
LoadLibraryA
GetStringTypeA
InterlockedExchange
RtlUnwind
GetConsoleMode
GetConsoleCP
LCMapStringW
LCMapStringA
GetTimeZoneInformation
CompareStringW
CompareStringA
GetOEMCP
GetACP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoA
GetProcessHeap
GetCommandLineA
CreateThread
ExitThread
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
HeapAlloc
HeapFree
GetLastError
GetModuleHandleA
LoadLibraryExA
SizeofResource
lstrcmpiA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
SetEnvironmentVariableA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
FreeLibrary
InterlockedDecrement
GetStringTypeW
GetProcAddress
InterlockedIncrement
InitializeCriticalSection
GetModuleFileNameA
SetCurrentDirectoryA
GetTickCount
WriteFile
RaiseException
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
LockResource
LoadResource
FindResourceA
lstrcpynA
IsDBCSLeadByte
SetLastError
lstrcatA
lstrcpyA
MultiByteToWideChar
MulDiv
lstrlenA
CloseHandle
CreateFileA
WideCharToMultiByte
lstrlenW
GetFileType

user32

DdeClientTransaction
DdeFreeStringHandle
DdeDisconnect
DdeConnect
DdeCreateStringHandleA
DdeInitializeA
wsprintfA
DispatchMessageA
TranslateMessage
IsDialogMessageA
DdeGetLastError
DdeUninitialize
PeekMessageA
MsgWaitForMultipleObjects
CallWindowProcA
ReleaseCapture
SetCapture
ClientToScreen
ScreenToClient
GetCursorPos
GetActiveWindow
DefWindowProcA
GetSystemMetrics
ReleaseDC
DestroyMenu
TrackPopupMenu
CreatePopupMenu
SetWindowLongA
SetWindowPos
InvalidateRect
RedrawWindow
MapWindowPoints
GetWindowRect
CreateWindowExA
IsWindow
DestroyWindow
GetWindowLongA
EndDialog
SendDlgItemMessageA
MapDialogRect
ShowWindow
SetCursor
IsWindowVisible
GetDlgItemTextA
GetWindowTextLengthA
GetClientRect
GetDC
InsertMenuA
GetSystemMenu
CheckDlgButton
EnableWindow
SetWindowTextA
LoadCursorA
CharNextA
SendMessageA
DestroyIcon
LoadImageA
LoadStringA
GetWindowTextA
IsDlgButtonChecked
MessageBoxA
SetFocus
GetParent
GetWindow
SystemParametersInfoA
SetDlgItemTextA
GetDlgItem
PostMessageA
DialogBoxParamA
UnregisterClassA

gdi32

GetTextExtentPoint32A

advapi32

CryptHashData
CryptGetUserKey
RegDeleteKeyA
RegCloseKey
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegCreateKeyA
RegSetValueA
CryptGetProvParam
CryptDeriveKey
CryptSetKeyParam
CryptGetKeyParam
CryptGetHashParam
CryptSetHashParam
CryptAcquireContextW
CryptCreateHash
CryptDestroyHash
CryptVerifySignatureA
CryptDestroyKey
CryptReleaseContext
CryptGenRandom
CryptAcquireContextA
CryptDecrypt
CryptGenKey
CryptImportKey

shell32

SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc
SHGetFileInfoA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoCreateInstance
CoUninitialize
OleUninitialize
OleInitialize
CoInitialize
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

ImageList_ReplaceIcon
ImageList_Create
ImageList_Destroy
InitCommonControlsEx

Sections

.text
Size: - Virtual size: 409KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pklstb
Size: 248KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.relo2
Size: 4KB - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2a03ee7a84ac89f2bea81216ef091733

Headers

File Characteristics

Imports

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: - Virtual size: 409KB

.rdata Size: 84KB - Virtual size: 82KB

.data Size: - Virtual size: 57KB

.data1 Size: - Virtual size: 256B

.rsrc Size: 16KB - Virtual size: 26KB

.pklstb Size: 248KB - Virtual size: 264KB

.relo2 Size: 4KB - Virtual size: 60B

.text
Size: - Virtual size: 409KB

.rdata
Size: 84KB - Virtual size: 82KB

.data
Size: - Virtual size: 57KB

.data1
Size: - Virtual size: 256B

.rsrc
Size: 16KB - Virtual size: 26KB

.pklstb
Size: 248KB - Virtual size: 264KB

.relo2
Size: 4KB - Virtual size: 60B