NEAS[.]b1d0ab6258a6a619509f6dc1d01241b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b1d0ab6258a6a619509f6dc1d01241b0.exe
Size

144KB
MD5

b1d0ab6258a6a619509f6dc1d01241b0
SHA1

249bae1d3c79d0acc19c9ea17cee1a280fb89336
SHA256

25b3886a6c3c26fa1dfb6aefb57af675ccf9529178a76704411a84c3153b4ddd
SHA512

bae822aad33748aa46a61c9040ec2ff74d5f21a3d7c3229703b7ed4b0b7bea4819b5dfff9a5c8ba40b6b68515dd1c9454554afdca794fcaa26614da6b41ae261
SSDEEP

3072:wPamdu4mWXjv0BdcqKThZ6U29ikb7P0jbokytuLXUaVG:wPamSCv0bIThsUJoQjc9MLXUa0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b1d0ab6258a6a619509f6dc1d01241b0.exe

Files

NEAS.b1d0ab6258a6a619509f6dc1d01241b0.exe
.exe windows:4 windows x86

745f40ca1f7b7ff1c6271bcb76982928

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventA
GetLocalTime
MoveFileA
ExitProcess
CreateProcessA
GetModuleHandleA
GetLastError
SetFilePointer
ReadFile
Sleep
WriteFile
RemoveDirectoryA
LocalAlloc
LocalFree
GetDriveTypeA
CreateDirectoryA
GetVersionExA
GetProcAddress
lstrcmpA
GetStartupInfoA
InterlockedExchange
RaiseException
SetErrorMode
ReleaseMutex
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
lstrcatA
GetPrivateProfileSectionNamesA
lstrlenA
SetEvent
lstrcpyA
VirtualAlloc
VirtualFree
CloseHandle
LoadLibraryA
GlobalFree

user32

GetKeyState
SetCapture
WindowFromPoint
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetSystemMetrics
GetAsyncKeyState
GetForegroundWindow
GetWindowTextA
ReleaseDC
SetRect
GetWindowThreadProcessId
IsWindowVisible
CloseDesktop
GetThreadDesktop
OpenDesktopA
PostMessageA
CreateWindowExA
CloseWindow
SendMessageA
TranslateMessage
DispatchMessageA
IsWindow
LoadCursorA
GetCursorPos
GetMessageA
CharNextA

gdi32

DeleteDC
CreateDIBSection
SelectObject
BitBlt
CreateCompatibleBitmap
GetDIBits
DeleteObject

advapi32

RegQueryValueA
RegCloseKey
LsaOpenPolicy
LsaRetrievePrivateData
LsaClose
LookupAccountNameA
IsValidSid
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
LookupAccountSidA
GetTokenInformation

shell32

SHGetSpecialFolderPathA
SHGetFileInfoA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

msvcrt

atoi
_strnicmp
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncat
??2@YAPAXI@Z
??3@YAXPAX@Z
__CxxFrameHandler
memmove
_CxxThrowException
ceil
_ftol
strstr
strchr
malloc
free
_except_handler3
strrchr
rename
strncmp
_errno

msvcp60

?_Refcnt@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEAAEPBD@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvfw32

ICSeqCompressFrameEnd
ICSendMessage

psapi

EnumProcessModules

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

Sections

.data
Size: 124KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

745f40ca1f7b7ff1c6271bcb76982928

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcrt

msvcp60

msvfw32

psapi

wtsapi32

Sections

.data Size: 124KB - Virtual size: 121KB

.rsrc Size: 16KB - Virtual size: 12KB

.data
Size: 124KB - Virtual size: 121KB

.rsrc
Size: 16KB - Virtual size: 12KB