NEAS[.]9c2c0294ac426b31a70fe76ad206e690[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.9c2c0294ac426b31a70fe76ad206e690.exe
Size

2.4MB
MD5

9c2c0294ac426b31a70fe76ad206e690
SHA1

de4d1f1bfb65ef7fff07aa961124fe3f820ddb28
SHA256

52df819b0ef2122186943b57e9395817b95bac297db4fba619c9c8fbfc4ea64c
SHA512

387c6a22b67d696ac0423fceb9e59f969e364b18ced4096ac264753db7196248a13428ce5e983ca68777093531c564d1f8784f5290443d60fc87cc62b2f19045
SSDEEP

49152:9b/q59e9JQTjFcXfMcTmX5QqSy+M/PfuhibI:9b/q5U9iTjFcXPMnSy+sPfu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9c2c0294ac426b31a70fe76ad206e690.exe

Files

NEAS.9c2c0294ac426b31a70fe76ad206e690.exe
.exe windows:6 windows x86

2d39749df30d2b715e11720b91372f0c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord413
ImageList_Destroy
ord17
ImageList_Add
ImageList_Create
ord412
ord410

winmm

timeEndPeriod
timeBeginPeriod

shlwapi

StrCmpLogicalW
SHAutoComplete
ord12

uxtheme

EnableThemeDialogTexture
DrawThemeText
CloseThemeData
OpenThemeData
SetWindowTheme
IsThemePartDefined
DrawThemeBackground
GetThemePartSize

kernel32

FindResourceW
CancelIo
ReadDirectoryChangesW
GetFileInformationByHandle
GetOverlappedResult
LoadLibraryW
GetCurrentProcessId
SetErrorMode
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
GetModuleHandleW
CreateMutexW
TryEnterCriticalSection
SetThreadPriority
GetCurrentThread
GlobalFree
SystemTimeToFileTime
LocalFileTimeToFileTime
GetVersion
SetThreadExecutionState
ResumeThread
GetLocaleInfoW
GetNumberFormatW
DecodePointer
GlobalSize
FindResourceExW
DuplicateHandle
LoadResource
LockResource
SizeofResource
SetEndOfFile
DeleteCriticalSection
RaiseException
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetFileTime
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetThreadPriority
GetFileSize
SetFilePointer
SetFileTime
FileTimeToLocalFileTime
DosDateTimeToFileTime
InitOnceComplete
InitOnceBeginInitialize
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
FlushFileBuffers
FindFirstFileW
DeleteFileW
RemoveDirectoryW
GetFileAttributesW
MoveFileExW
GetFileAttributesExW
FindNextFileW
FindClose
lstrlenW
GetCommandLineW
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualAlloc
VirtualFree
LoadLibraryExA
WakeAllConditionVariable
SleepConditionVariableSRW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
WriteFile
CopyFileW
Sleep
GetTickCount64
FreeLibrary
IsDebuggerPresent
GetProcAddress
SetDllDirectoryW
OutputDebugStringW
WideCharToMultiByte
CloseHandle
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
SetEvent
ResetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
MulDiv
GetTickCount
InitializeCriticalSection
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
InitializeCriticalSectionEx
FormatMessageW
MultiByteToWideChar
GetLastError
ReadFile
VirtualQuery
VirtualProtect
GetSystemInfo
GetVersionExW

user32

IsClipboardFormatAvailable
LoadImageW
CharLowerW
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EmptyClipboard
GetDlgCtrlID
DestroyAcceleratorTable
LoadAcceleratorsW
MoveWindow
IsChild
SetForegroundWindow
GetFocus
GetWindowPlacement
IsIconic
EnumThreadWindows
IsWindowVisible
CopyRect
MonitorFromRect
DrawTextExW
GetWindow
MonitorFromWindow
LoadIconW
TranslateAcceleratorW
RegisterClipboardFormatW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
SetActiveWindow
CheckMenuRadioItem
GetMenuItemCount
RegisterShellHookWindow
DeregisterShellHookWindow
RegisterWindowMessageW
RegisterClassW
GetActiveWindow
DispatchMessageW
TranslateMessage
PostQuitMessage
GetMessageW
MsgWaitForMultipleObjects
PeekMessageW
IsDialogMessageW
GetWindowThreadProcessId
CharUpperW
GetComboBoxInfo
AdjustWindowRect
DrawEdge
SetClipboardData
CloseClipboard
OpenClipboard
NotifyWinEvent
RedrawWindow
IsRectEmpty
InflateRect
FrameRect
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
GetNextDlgTabItem
InvalidateRgn
SystemParametersInfoW
ScrollWindowEx
SetScrollPos
UpdateWindow
GetClipboardData
SetRectEmpty
SetGestureConfig
CloseGestureInfoHandle
GetGestureInfo
MapDialogRect
IsZoomed
DrawTextW
FillRect
TrackMouseEvent
SetMenuItemInfoW
GetMenuItemInfoW
WindowFromPoint
GetDC
DialogBoxParamW
EndDialog
MapVirtualKeyW
SendDlgItemMessageW
SetDlgItemTextW
GetSystemMetrics
OffsetRect
UnregisterHotKey
RegisterHotKey
TrackPopupMenuEx
SetMenuDefaultItem
PtInRect
IntersectRect
MapWindowPoints
EnumChildWindows
MessageBeep
InvalidateRect
MessageBoxW
GetMenu
AdjustWindowRectEx
GetWindowRect
GetScrollInfo
SetCursor
SetCapture
GetCursorPos
DestroyMenu
GetMonitorInfoW
MonitorFromPoint
CreatePopupMenu
TrackPopupMenu
AppendMenuW
GetMessagePos
LoadCursorW
GetClassInfoExW
RegisterClassExW
CreateWindowExW
CallWindowProcW
ClientToScreen
ScreenToClient
SetFocus
SetWindowTextW
KillTimer
SetTimer
GetKeyState
EnableWindow
SetWindowPos
DefWindowProcW
GetWindowLongW
GetWindowTextLengthW
GetWindowTextW
PostMessageW
IsWindowEnabled
GetParent
DrawFrameControl
GetSysColor
ReleaseDC
GetWindowDC
EndPaint
BeginPaint
SetLayeredWindowAttributes
SetWindowLongW
CreateDialogParamW
UnregisterClassW
DestroyWindow
ShowWindow
GetDlgItem
SendMessageW
IsCharAlphaW
SetScrollInfo
GetClientRect

gdi32

OffsetRgn
CreatePen
GetCurrentObject
GetBkColor
GetTextColor
IntersectClipRect
MoveToEx
LineTo
SetDCPenColor
CreateRectRgn
CreateRectRgnIndirect
CombineRgn
RestoreDC
SaveDC
BitBlt
SetViewportOrgEx
GetTextExtentPoint32W
SetBkMode
FillRgn
FrameRgn
CreatePolygonRgn
SetWindowOrgEx
OffsetWindowOrgEx
LPtoDP
GetTextMetricsW
GetDeviceCaps
DeleteDC
CreateFontIndirectW
GetObjectW
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetBkColor
ExtTextOutW
SetDCBrushColor
SetTextColor
DeleteObject
GetStockObject

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegCreateKeyExW

shell32

SHGetDesktopFolder
ord74
SHGetFolderPathW
SHOpenFolderAndSelectItems
DragFinish
DragAcceptFiles

ole32

OleSetClipboard
CoTaskMemAlloc
CoCreateGuid
ReleaseStgMedium
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
RegisterDragDrop
RevokeDragDrop
DoDragDrop
PropVariantClear
OleGetClipboard

oleaut32

VariantInit
SysAllocString
VariantClear

zlib1

crc32
inflateInit2_
inflate
inflateEnd

pp-uwp-interop

PP_UVC_Init_v2

shared

?scale@audio_math@@YGXPBMIPAMM@Z
_uGetCurrentDirectory@4
_uGetCommandLine@4
_LoadSystemLibrary@4
_uAddStringUpper@12
_uBrowseForFolder@12
_uGetOpenFileNameMulti@24
_uGetMenuItemType@8
_uGetModuleHandle@4
_uSetCurrentDirectory@4
_uGetEnvironmentVariable@8
_uGetModuleFileName@8
_uBrowseForFolderEx@12
_uEvalKnownFolder@4
_uGetOpenFileName@32
_uGetKeyNameText@8
_uAddStringLower@12
_stricmp_utf8_ex@16
_uRemovePanicHandler@4
_uAddPanicHandler@4
_uCreateFile@28
_uSearchPath@16
_uFixPathCaps@8
_uGetTempFileName@16
_uGetTempPath@4
_uCreateDirectory@8
_uGetFileAttributes@4
_uSendDlgItemMessageText@20
_uSendMessageText@16
_FindOwningPopup@4
_uAppendMenu@16
_ModalDialog_Switch@4
_uSetClipboardString@4
_uPrintCrashInfo_OnEvent@8
_uLoadLibrary@4
_stricmp_utf8@8
_stricmp_utf8_partial@12
_uCharLower@4
_GetInfiniteWaitEvent@0
_uGetDlgItemText@12
?convert_to_int32@audio_math@@YGXPBMIPAHM@Z
?convert_to_int16@audio_math@@YGXPBMIPAFM@Z
_uMessageBox@16
_ModalDialog_PokeExisting@0
_ModalDialog_CanCreateNew@0
_uFindFirstFile@4
_uGetWindowText@8
_uSetWindowText@8
_uStringCompare@8
_uExceptFilterProc@4
_uBugCheck@0
_PokeWindow@4
_uSetDlgItemText@12
_LoadResourceEx@16
_uFileExists@4
_uShellExecute@24
_uSetWindowTextEx@12
_uDragQueryFileCount@4
_uDragQueryFile@12
_uGetClipboardString@4
?popup_dialog@t_font_description@@QAG_NPAUHWND__@@@Z
_uFixAmpersandChars_v2@8
_uOutputDebugString@4
_uCharUpper@4
?g_from_system@t_font_description@@SG?AU1@H@Z
_uReplaceCharAdd@24
_uFormatSystemErrorMessage@8
_stricmp_utf8_max@12
?create@t_font_description@@QBGPAUHFONT__@@XZ

msvcp140

_Thrd_hardware_concurrency
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_Xbad_function_call@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrAssign@@YAXPAXPBX@Z

msimg32

GradientFill

gdiplus

GdipAlloc
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipGraphicsClear
GdipGetImageGraphicsContext
GdipDrawImageRect
GdipSetSmoothingMode
GdipSetCompositingMode
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageHeight
GdipGetImageWidth
GdipLoadImageFromStream
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipSetCompositingQuality
GdipDeleteGraphics
GdipCreateFromHDC
GdipDisposeImage
GdipFree

crypt32

CertFreeCertificateContext
CertFreeCertificateChain
CertCloseStore
CertVerifyTimeValidity
CertGetCertificateChain
CertVerifyCertificateChainPolicy
CertVerifyRevocation

oleacc

AccessibleObjectFromWindow
LresultFromObject

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpCloseHandle
WinHttpOpen

secur32

InitializeSecurityContextW
AcquireCredentialsHandleW
FreeContextBuffer
AcceptSecurityContext
QueryContextAttributesW
DeleteSecurityContext
DecryptMessage
FreeCredentialsHandle
EncryptMessage

vcruntime140

memcpy
__CxxFrameHandler3
__std_terminate
__std_exception_copy
__std_exception_destroy
_purecall
strchr
strstr
wcschr
_set_purecall_handler
strrchr
wcsstr
memcmp
memmove
memset
memchr
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_except_handler3

api-ms-win-crt-heap-l1-1-0

_callnewh
_aligned_free
malloc
_set_new_mode
_aligned_realloc
_expand
free
_aligned_malloc
realloc
_recalloc

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
_set_fmode
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vsprintf_s

api-ms-win-crt-runtime-l1-1-0

_controlfp_s
_resetstkoflw
_invalid_parameter_noinfo
_errno
abort
_set_invalid_parameter_handler
_set_abort_behavior
_beginthreadex
signal
_register_thread_local_exe_atexit_callback
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
terminate
_seh_filter_exe
_set_app_type
_c_exit
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_initterm
_initterm_e
exit
_exit
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

_strdup
wcsncmp
wcsnlen
wcstok_s
wcscpy_s
wcsncpy_s
wcscat_s
strlen
wcslen
wmemcpy_s
strcmp
strncmp
isalpha

api-ms-win-crt-convert-l1-1-0

atoi
_atoi64
_i64toa
_wtoi

api-ms-win-crt-math-l1-1-0

__libm_sse2_sin
__libm_sse2_pow
__libm_sse2_log10
__setusermatherr
__libm_sse2_log
__libm_sse2_exp
_fpclass
floor
llround
lround

api-ms-win-crt-utility-l1-1-0

srand
_byteswap_ushort
rand
_byteswap_ulong

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 311KB - Virtual size: 310KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 139KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d39749df30d2b715e11720b91372f0c

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

winmm

shlwapi

uxtheme

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

zlib1

pp-uwp-interop

shared

msvcp140

msimg32

gdiplus

crypt32

oleacc

winhttp

secur32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 311KB - Virtual size: 310KB

.data Size: 37KB - Virtual size: 63KB

_RDATA Size: 139KB - Virtual size: 138KB

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 125KB - Virtual size: 125KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 311KB - Virtual size: 310KB

.data
Size: 37KB - Virtual size: 63KB

_RDATA
Size: 139KB - Virtual size: 138KB

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 125KB - Virtual size: 125KB