NEAS[.]294d239f2f175dc9ed0c21fb7bc06970[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.294d239f2f175dc9ed0c21fb7bc06970.exe
Size

427KB
MD5

294d239f2f175dc9ed0c21fb7bc06970
SHA1

da3b21cd151b7a8b8a271ce5f615949c03147223
SHA256

277e09c8c41dc8f10993e3514b993a3830db54cdd85365a01eb7f2ad0361d342
SHA512

c4a2ca8ad9687b691ca940bf9bf44c30408b4fbbe3e5dbfceff5717dcfe009fdbdb34197958d04dc5c486eb3816d3d16f9c91c8752f28b24220d5c190db62734
SSDEEP

6144:Rg9NhUNKy1IAfXJGrkzUXNZ5hReEpOZqPO1fhuCovt9FS+:Rk4IcAIabwZqPO1puCo7FS+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.294d239f2f175dc9ed0c21fb7bc06970.exe

Files

NEAS.294d239f2f175dc9ed0c21fb7bc06970.exe
.exe windows:6 windows x86

6ddb8e7a631d71f8bb746edf1f7aa0be

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_lock
_onexit
_controlfp
memset
??_U@YAPAXI@Z
wcsncpy
malloc
??2@YAPAXI@Z
free
memmove
memcpy
??_V@YAXPAX@Z
__dllonexit
_unlock
realloc
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_CxxThrowException
_cexit
__wgetmainargs
_errno
calloc
__CxxFrameHandler
_purecall
??3@YAXPAX@Z

advapi32

RegQueryInfoKeyW
RegSetValueExW
ConvertSidToStringSidW
LookupAccountNameW
GetSecurityInfo
ConvertStringSidToSidW
EqualSid
GetAclInformation
GetAce
SetSecurityInfo
InitializeAcl
AddAce
CopySid
IsValidSid
GetLengthSid
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
UnregisterTraceGuids
RegEnumKeyExW
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage

kernel32

GetProcessHeap
LoadLibraryA
VirtualFree
Sleep
InterlockedCompareExchange
GetStartupInfoW
OutputDebugStringA
RtlUnwind
SetLastError
VirtualAlloc
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CloseHandle
lstrlenW
FlushInstructionCache
GetCurrentProcess
GetCurrentThreadId
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
WaitForSingleObject
SetEvent
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
OpenEventW
LocalFree
CreateThread
FormatMessageW
WaitForMultipleObjects
ExpandEnvironmentStringsW
CreateEventW
GetVersionExW
lstrcpynA
lstrcpynW
CompareStringW
GetProcAddress
InterlockedExchange
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize

user32

SystemParametersInfoW
GetWindowRect
GetWindow
GetParent
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
CharNextW
DestroyWindow
CreateWindowExW
RegisterClassExW
LoadImageW
wsprintfW
LoadCursorW
GetClassInfoExW
GetClientRect
LoadMenuW
LoadStringW
PostMessageW
SetTimer
KillTimer
MapWindowPoints
TrackPopupMenu
EnableMenuItem
SetMenuDefaultItem
DestroyMenu
GetSubMenu
DefWindowProcW
PostQuitMessage
SendMessageW
CallWindowProcW
TrackPopupMenuEx
IsWindow
CreatePopupMenu
AppendMenuW
GetMenuItemCount
RemoveMenu
GetMenuItemInfoW
SetFocus
LoadStringA
MessageBeep
PtInRect
SetForegroundWindow
GetCursorPos
GetSystemMetrics
UnregisterClassA
SetWindowPos
ShowWindow
GetWindowLongW
SetWindowLongW
RegisterWindowMessageW
LoadAcceleratorsW

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
SysFreeString
VarUI4FromStr

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

shell32

Shell_NotifyIconW
ShellExecuteW

gdiplus

GdipDeleteGraphics
GdipCloneImage
GdipDrawImageRectI
GdipSetSmoothingMode
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateHICONFromBitmap
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipSetPropertyItem
GdipGetAllPropertyItems
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertySize

shlwapi

SHCreateStreamOnFileW

secur32

GetUserNameExW

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 364KB - Virtual size: 364KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6ddb8e7a631d71f8bb746edf1f7aa0be

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

oleaut32

ole32

shell32

gdiplus

shlwapi

secur32

Sections

.text Size: 62KB - Virtual size: 61KB

.data Size: 512B - Virtual size: 1KB

.rsrc Size: 364KB - Virtual size: 364KB

.text
Size: 62KB - Virtual size: 61KB

.data
Size: 512B - Virtual size: 1KB

.rsrc
Size: 364KB - Virtual size: 364KB