NEAS[.]b2aa8dae7d68e5ab6c96621154ad0220[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b2aa8dae7d68e5ab6c96621154ad0220.exe
Size

8.6MB
MD5

b2aa8dae7d68e5ab6c96621154ad0220
SHA1

93f04b4ab7f3a29c68b4dddbf7d0829eb79aecda
SHA256

6f24dd793757aa236da7b4211361da13912d0889bbb706b25934de036d613fc3
SHA512

26ec986f52d4656d8656e4f89a470accc6c8655b4868cd8b9f3bf4f849a11bd6257f37e4a4d2ec6f67719e07172956a43e3a2a992e86e27c63a19dc05d147edc
SSDEEP

98304:h1cyIrSn4ne2bIFW/YColMLSM409agDw4IwQFs7s:h1cybn4ne2EF0YColMLTagDw4RQ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b2aa8dae7d68e5ab6c96621154ad0220.exe

Files

NEAS.b2aa8dae7d68e5ab6c96621154ad0220.exe
.exe windows:6 windows x64

2b855c6ec3e171600e3c7a70601a5849

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

PathRemoveFileSpecW
PathFindFileNameW
SHCreateStreamOnFileW
PathCanonicalizeW
PathGetArgsW
PathCompactPathW
PathIsDirectoryEmptyW
PathIsUNCW
PathStripToRootW
SHDeleteKeyW
PathGetDriveNumberW
PathIsRootW
StrStrIW
PathCompactPathExW
StrRetToBufW
PathIsDirectoryW
PathRelativePathToW
SHAutoComplete
PathIsUNCServerShareW
AssocQueryStringW
PathFindExtensionW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
CM_Request_Device_EjectW
SetupDiEnumDeviceInterfaces
CM_Get_Parent
CM_Query_And_Remove_SubTreeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

lstrcatW
GlobalReAlloc
SystemTimeToTzSpecificLocalTime
SuspendThread
CompareStringEx
GetLongPathNameW
DisableThreadLibraryCalls
GetCPInfo
lstrcmpiW
GetVersionExW
GetShortPathNameW
SetFilePointerEx
MoveFileExW
FindFirstFileExW
GetVolumeInformationW
GetLogicalDrives
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
PostQueuedCompletionStatus
GetQueuedCompletionStatus
ReadDirectoryChangesW
VirtualFree
VirtualAlloc
GetDiskFreeSpaceExW
GetVersion
GlobalMemoryStatus
GetNativeSystemInfo
LCMapStringW
LocalAlloc
LocalLock
LocalUnlock
GetVolumePathNameW
SetCurrentDirectoryW
GetUserDefaultLangID
GetFileType
VirtualQuery
IsDebuggerPresent
TerminateProcess
GetModuleHandleExW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
EncodePointer
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
CopyFileW
lstrcmpA
GetProfileIntW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GlobalFlags
SetErrorMode
GetUserDefaultLCID
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
lstrcpynW
GetEnvironmentStringsW
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
PeekNamedPipe
GetTimeZoneInformation
GetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
RtlUnwind
RtlUnwindEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetLocaleInfoEx
RtlPcToFileHeader
CloseThreadpoolWork
SubmitThreadpoolWork
CreateThreadpoolWork
FreeLibraryWhenCallbackReturns
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
InitializeConditionVariable
InitOnceBeginInitialize
InitOnceComplete
TryAcquireSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
InitializeSRWLock
GetStringTypeW
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
GetTempFileNameW
WaitForMultipleObjects
CreateThread
GetExitCodeThread
LoadLibraryExA
DecodePointer
InitializeCriticalSectionEx
lstrcpyW
GetModuleHandleA
GetModuleFileNameW
SetUnhandledExceptionFilter
SetProcessPriorityBoost
RaiseFailFastException
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
WriteProcessMemory
SetPriorityClass
GetPriorityClass
SetThreadPriority
GetThreadPriority
ExitProcess
ExpandEnvironmentStringsW
OpenEventW
OpenMutexW
ReleaseMutex
IsBadReadPtr
IsBadWritePtr
OpenFileMappingW
DebugBreak
LCMapStringEx
QueryPerformanceFrequency
ResetEvent
FlushFileBuffers
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
LockFileEx
LocalFree
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
HeapReAlloc
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
LockFile
GetDiskFreeSpaceW
GetFullPathNameW
EnterCriticalSection
HeapFree
HeapCreate
AreFileApisANSI
GetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
QueryPerformanceCounter
GetSystemTime
FindClose
RemoveDirectoryW
DeviceIoControl
FindNextFileW
FindFirstFileW
SetThreadExecutionState
SetFileTime
CreateDirectoryW
IsValidCodePage
MoveFileW
SetFileAttributesW
DosDateTimeToFileTime
FileTimeToDosDateTime
GetACP
GetOEMCP
SetLastError
GetLocalTime
FileTimeToLocalFileTime
DeleteFileW
GlobalSize
GlobalFree
FileTimeToSystemTime
LocalFileTimeToFileTime
SystemTimeToFileTime
GetFileInformationByHandle
GetFileTime
CompareFileTime
LoadLibraryExW
VirtualProtect
RaiseException
GetTickCount
GetLocaleInfoW
GetExitCodeProcess
CreateProcessW
GetDriveTypeW
GetSystemDefaultUILanguage
IsValidLocale
GetUserDefaultUILanguage
GetSystemTimes
GetSystemInfo
VerifyVersionInfoW
VerSetConditionMask
CompareStringW
GetModuleHandleW
ResumeThread
Sleep
GetFileAttributesW
lstrlenA
WinExec
GlobalUnlock
GlobalLock
GlobalAlloc
MulDiv
OutputDebugStringA
WideCharToMultiByte
lstrlenW
SetEvent
GetFileSizeEx
GetFileSize
LeaveCriticalSection
TryEnterCriticalSection
SwitchToThread
GetTickCount64
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
WriteFile
ReadFile
SetFilePointer
CreateFileW
MultiByteToWideChar
GetWindowsDirectoryW
GetSystemDirectoryW
QueryDosDeviceW
TerminateThread
WaitForSingleObject
GetCurrentProcessId
OpenProcess
DuplicateHandle
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
GetCurrentThread
GetCurrentProcess
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessId
WriteConsoleW

user32

RealChildWindowFromPoint
NotifyWinEvent
IsZoomed
CharUpperW
IsClipboardFormatAvailable
ReuseDDElParam
UnpackDDElParam
TranslateAcceleratorW
LoadAcceleratorsW
GetMessageW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetDlgItemTextW
SetDlgItemInt
GetScrollInfo
SetScrollInfo
GetTopWindow
GetScrollRange
SetScrollRange
GetScrollPos
ValidateRect
SetMenu
GetMenu
DeferWindowPos
SetWindowPlacement
LoadMenuW
TabbedTextOutA
GetTabbedTextExtentA
InvalidateRect
DrawTextW
GetWindowPlacement
GetClassInfoExW
GetMessageTime
GetMenuStringW
SendDlgItemMessageA
ShowOwnedPopups
PrintWindow
LockWindowUpdate
FindWindowExW
wvsprintfW
RemovePropW
GetPropW
WaitMessage
IsDialogMessageW
CreateDialogIndirectParamW
WinHelpW
GetLastActivePopup
MsgWaitForMultipleObjects
PostQuitMessage
CreateAcceleratorTableW
DestroyAcceleratorTable
CreateCursor
EndDialog
EnableMenuItem
DialogBoxIndirectParamW
GetDialogBaseUnits
ShowWindow
GetWindowTextLengthW
SetWindowTextW
LoadStringW
MonitorFromPoint
EnumDisplayMonitors
IsWindowEnabled
GetSystemMenu
GetDCEx
GetClassLongPtrW
CharPrevW
CharNextW
UnionRect
GetNextDlgTabItem
IsMenu
RegisterClassExW
DeleteMenu
GetMenuState
ModifyMenuW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
InsertMenuItemW
CloseWindow
GetComboBoxInfo
GetForegroundWindow
IntersectRect
GetDoubleClickTime
ClipCursor
GetClipCursor
InvertRect
SetWindowRgn
RegisterClipboardFormatA
SetClassLongW
GetClassLongW
ShowScrollBar
EnableScrollBar
SetScrollPos
CreateMenu
GetKeyNameTextW
MapVirtualKeyW
LoadBitmapW
SetMenuItemInfoW
RegisterClipboardFormatW
EndDeferWindowPos
BeginDeferWindowPos
EndPaint
BeginPaint
CreateWindowExW
DestroyWindow
DrawAnimatedRects
FindWindowW
UnregisterClassW
SetCursorPos
WindowFromDC
DestroyCursor
TrackPopupMenu
SetWindowLongPtrW
GetWindowLongPtrW
CallWindowProcW
ToUnicodeEx
ToAsciiEx
GetKeyboardState
VkKeyScanExW
AllowSetForegroundWindow
EnumWindows
GetClassNameW
wsprintfW
SetMenuDefaultItem
SetActiveWindow
RealGetWindowClassW
SetForegroundWindow
GetWindowThreadProcessId
RegisterClassW
GetClientRect
ShowCaret
SetCaretPos
HideCaret
PtInRect
SetRectEmpty
SystemParametersInfoW
RegisterWindowMessageW
LoadCursorW
CopyIcon
GetClassInfoW
DefWindowProcW
IsWindowVisible
PostMessageW
DestroyCaret
CreateCaret
GetKeyState
GetSystemMetrics
SetCapture
ReleaseCapture
GetParent
IsWindow
SendMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetFocus
SetCursor
CreatePopupMenu
AppendMenuW
ScreenToClient
SetRect
EnableWindow
UpdateWindow
TabbedTextOutW
DrawTextExW
GrayStringW
GetSysColor
GetTabbedTextExtentW
TranslateMessage
DispatchMessageW
FillRect
GetCursor
InflateRect
FrameRect
DrawFocusRect
GetDC
ReleaseDC
CopyRect
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
IsRectEmpty
DrawIconEx
EqualRect
PeekMessageW
DrawMenuBar
AdjustWindowRectEx
SetClassLongPtrW
DrawIcon
GetIconInfo
MoveWindow
EnumChildWindows
GetWindow
ClientToScreen
InsertMenuW
DestroyMenu
TrackPopupMenuEx
MapDialogRect
DrawStateW
SetFocus
GetActiveWindow
GetAsyncKeyState
IsIconic
MapVirtualKeyExW
GetKeyboardLayout
GetSysColorBrush
DrawEdge
SetWindowPos
GetWindowLongW
GetNextDlgGroupItem
RedrawWindow
CreateIconIndirect
SetWindowLongW
LoadIconW
PostThreadMessageW
CopyImage
MessageBeep
GetClipboardData
LoadImageW
SetPropW
GetMenuItemInfoW
GetWindowDC
MapWindowPoints
GetMenuBarInfo
GetDlgCtrlID
GetWindowTextW
GetDlgItem
WindowFromPoint
GetMenuItemCount
GetMenuItemID
GetSubMenu
DestroyIcon
SetParent
KillTimer
SetTimer
GetCursorPos
ChildWindowFromPoint
DrawFrameControl
OffsetRect
GetCapture
MessageBoxW
GetMessagePos
EnumDisplayDevicesW
EnumDisplaySettingsW
IsChild
GetDesktopWindow
BringWindowToTop
SetDlgItemTextW
CheckDlgButton
IsDlgButtonChecked

gdi32

GetCharWidthW
CopyMetaFileW
DPtoLP
SetRectRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
GetTextExtentPoint32A
GetTextExtentPoint32W
CreatePen
GetTextMetricsW
TextOutA
CreateCompatibleDC
CreateCompatibleBitmap
GetBkColor
ExcludeClipRect
GetClipBox
IntersectClipRect
OffsetClipRgn
RestoreDC
SaveDC
ExtSelectClipRgn
SelectPalette
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetTextAlign
BitBlt
GetDeviceCaps
GetObjectW
CreateFontIndirectW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateSolidBrush
DeleteObject
Rectangle
GetTextColor
Polygon
CreateRoundRectRgn
SelectObject
SelectClipRgn
CreateDIBSection
DeleteDC
FrameRgn
CreateFontW
GetStockObject
CreatePalette
RealizePalette
CreatePatternBrush
GetCharABCWidthsW
StretchBlt
SetBkColor
RoundRect
GetPixel
SetPixelV
CreateDCW
GetDIBits
SetDIBits
PatBlt
Ellipse
CreateBitmap
CreateRectRgnIndirect
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
SetTextColor
GetCurrentObject
CreatePolygonRgn
CreateRectRgn
CombineRgn
GetViewportOrgEx
SetViewportOrgEx
StretchDIBits
SetPixel
GetBkMode
GetDIBColorTable
GetWindowOrgEx
GetBrushOrgEx
SetBrushOrgEx
OffsetRgn
FillRgn
SetViewportExtEx
MoveToEx
LineTo
SetBkMode
SetTextJustification

msimg32

GradientFill
AlphaBlend

comdlg32

CommDlgExtendedError

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

RegFlushKey
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
EnumDependentServicesW
QueryServiceStatus
ControlService
EnumServicesStatusExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
IsTextUnicode
RegSetValueExW
CryptDestroyKey
CryptDuplicateHash
CryptAcquireContextW
CryptEncrypt
CryptGenRandom
CryptCreateHash
CryptHashData
CryptSetHashParam
CryptDestroyHash
RegEnumKeyW
GetUserNameW
FreeSid
EqualSid
AllocateAndInitializeSid
RegEnumValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
PrivilegeCheck
OpenProcessToken
OpenThreadToken
RegOpenKeyExW
RegQueryValueW
RegCloseKey
GetTokenInformation
RegQueryValueExW
CryptReleaseContext
CryptGetHashParam
CryptImportKey
CryptSetKeyParam
RegEnumKeyExW

shell32

SHGetSpecialFolderPathW
SHGetMalloc
SHGetSpecialFolderLocation
SHBindToParent
SHGetDesktopFolder
Shell_NotifyIconW
ord2
ord4
ExtractIconW
ExtractIconExW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
DragFinish
SHAppBarMessage
ord727
SHFileOperationW
SHBrowseForFolderW
DuplicateIcon
DragQueryFileW
DragAcceptFiles
SHGetFolderPathW
SHGetPropertyStoreFromParsingName
ord155
SHGetPathFromIDListW

comctl32

ImageList_GetImageInfo
ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_Draw
ord17
ImageList_GetIcon
ImageList_Add
InitCommonControlsEx
ImageList_GetImageCount
ImageList_GetIconSize
ImageList_SetBkColor
_TrackMouseEvent
ImageList_Remove
ImageList_BeginDrag
ImageList_DragEnter
ImageList_DragShowNolock
ImageList_DragMove
ImageList_SetDragCursorImage
ImageList_Destroy
ImageList_EndDrag
ImageList_DragLeave
ImageList_AddMasked

uxtheme

DrawThemeParentBackground
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeBackground
EnableThemeDialogTexture
CloseThemeData
DrawThemeTextEx
OpenThemeData
SetWindowTheme

ole32

OleDuplicateData
PropVariantClear
CoInitialize
ReleaseStgMedium
CreateStreamOnHGlobal
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
OleUninitialize
OleInitialize
CoUninitialize
CoInitializeEx
GetHGlobalFromILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CLSIDFromString
StringFromGUID2
CoCreateInstance
OleGetClipboard
CoFreeUnusedLibraries
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
CoRevokeClassObject
CoRegisterMessageFilter

oleaut32

VarDateFromStr
VariantTimeToSystemTime
SysAllocString
SysFreeString
SystemTimeToVariantTime
SysAllocStringLen
VariantInit
VariantClear
VariantChangeType

oledlg

OleUIBusyW

ws2_32

WSAStartup
WSACleanup
WSASetLastError

userenv

UnloadUserProfile

dbghelp

MiniDumpWriteDump

wininet

HttpAddRequestHeadersA
InternetWriteFile
HttpQueryInfoW
HttpOpenRequestW
InternetOpenW
InternetConnectW
HttpEndRequestW
InternetCloseHandle
HttpSendRequestExW

psapi

GetModuleFileNameExW

wtsapi32

WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

netapi32

NetShareEnum
NetUseGetInfo
NetApiBufferFree
NetServerGetInfo

winmm

PlaySoundW

mpr

WNetGetLastErrorW
WNetGetConnectionW
WNetOpenEnumW
WNetEnumResourceW
WNetAddConnection3W
WNetCloseEnum
WNetGetProviderNameW

gdiplus

GdipGetImageEncoders
GdipCreateHBITMAPFromBitmap
GdipSaveImageToFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreatePen1
GdipDeletePen
GdipCreateFromHDC
GdipDeleteGraphics
GdipSetSmoothingMode
GdipDrawLineI
GdipFree
GdipAlloc
GdipDisposeImage
GdipDrawImageI
GdipCloneImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipGetImageEncodersSize

oleacc

LresultFromObject
CreateStdAccessibleObject

propsys

PSGetPropertyKeyFromName

Sections

.text
Size: 6.2MB - Virtual size: 6.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 134KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 250KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 428KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b855c6ec3e171600e3c7a70601a5849

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

setupapi

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

uxtheme

ole32

oleaut32

oledlg

ws2_32

userenv

dbghelp

wininet

psapi

wtsapi32

netapi32

winmm

mpr

gdiplus

oleacc

propsys

Sections

.text Size: 6.2MB - Virtual size: 6.2MB

.rdata Size: 1.5MB - Virtual size: 1.5MB

.data Size: 134KB - Virtual size: 209KB

.pdata Size: 250KB - Virtual size: 250KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 428KB - Virtual size: 428KB

.reloc Size: 89KB - Virtual size: 89KB

.text
Size: 6.2MB - Virtual size: 6.2MB

.rdata
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 134KB - Virtual size: 209KB

.pdata
Size: 250KB - Virtual size: 250KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 428KB - Virtual size: 428KB

.reloc
Size: 89KB - Virtual size: 89KB