NEAS[.]bf8adfade4fe49ee2e47061194c57b50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.bf8adfade4fe49ee2e47061194c57b50.exe
Size

724KB
MD5

bf8adfade4fe49ee2e47061194c57b50
SHA1

7dadd14347ade1e81db9b311de147864d0c81c83
SHA256

ec4ee39a60e35f0898d17b5d7e23f3adc77a7c3e624e4d100ac0ce15512149f6
SHA512

542f0de5de84181b3cef7a3d9c133cf276eff8974a92b8e1e0d948e68dd34eeb865dc921512f7a7849ad3aaa682864dbabc1074d403cf0567f4060ff827d0f6b
SSDEEP

12288:bSVWEU9WOM3z8jaTGpxQ3D8l8uioeCglYZq3BY2VP:bSVWLW3qNe8yho0Cqn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.bf8adfade4fe49ee2e47061194c57b50.exe

Files

NEAS.bf8adfade4fe49ee2e47061194c57b50.exe
.exe windows:5 windows x86

ac06196c44dc110ce7d688a3e7283df0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

psapi

GetProcessMemoryInfo

kernel32

GlobalAddAtomW
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
WritePrivateProfileStringW
GetModuleHandleA
GlobalFlags
GetFileSizeEx
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationW
GetFullPathNameW
ExitProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapReAlloc
HeapAlloc
GetCPInfo
GetSystemTimeAsFileTime
RaiseException
RtlUnwind
GlobalFindAtomW
HeapSize
SetStdHandle
GetFileType
SetHandleCount
GetStdHandle
GetStartupInfoA
GetFileAttributesA
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetTimeZoneInformation
CreateProcessA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FreeEnvironmentStringsA
GetEnvironmentStrings
SetEnvironmentVariableA
CreateFileA
CompareStringW
LoadLibraryA
GetProcessHeap
InterlockedCompareExchange
LocalAlloc
FileTimeToLocalFileTime
SetErrorMode
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
CompareStringA
InterlockedExchange
lstrcmpW
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
TerminateProcess
SystemTimeToFileTime
FileTimeToSystemTime
GetFileTime
WriteFile
lstrlenA
SetFilePointer
GetFileSize
CreateFileW
InterlockedDecrement
VerifyVersionInfoW
VerSetConditionMask
GetVersionExA
GetModuleFileNameA
SetLastError
GetFileAttributesW
GetCurrentThread
FindResourceExW
GetExitCodeProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetProcessWorkingSetSize
OpenProcess
SetProcessWorkingSetSize
GetVersionExW
WaitForSingleObject
GetCurrentProcessId
GetCurrentThreadId
CopyFileW
GetCompressedFileSizeW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetConsoleWindow
GetCommandLineW
CreateMutexW
GetLocalTime
GetTimeFormatW
GetDateFormatW
SetCurrentDirectoryW
LocalFree
FormatMessageW
CreateDirectoryW
GetCurrentDirectoryW
DuplicateHandle
CreateProcessW
ReadFile
CloseHandle
GetCurrentProcess
WideCharToMultiByte
FreeLibrary
LoadLibraryW
FindClose
FindFirstFileW
DeleteFileW
GetSystemDirectoryW
GetModuleFileNameW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteFileA
MultiByteToWideChar
GetProcAddress
GetModuleHandleW
Sleep
GetLastError
lstrlenW

user32

DestroyMenu
CharUpperW
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
SetCursor
GetMessageW
TranslateMessage
GetActiveWindow
ValidateRect
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
IsWindowEnabled
SetWindowTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
RegisterWindowMessageW
WinHelpW
GetCapture
SetWindowsHookExW
CallNextHookEx
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetFocus
IsWindow
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
GetKeyState
SetMenu
MessageBoxA
MessageBoxW
ShowWindow
LoadIconW
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetParent
EnableMenuItem
ExitWindowsEx
SendInput
GetCursorPos
SetForegroundWindow
EnableWindow
GetWindowTextW
GetClassNameW
IsWindowVisible
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageW
UnhookWindowsHookEx
GetDlgCtrlID
SendMessageW
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
GetWindowLongW
SetWindowLongW
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindow
GetWindowThreadProcessId

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
SetViewportOrgEx

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegQueryValueW
RegOpenKeyW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW

shell32

SHGetFolderPathW
Shell_NotifyIconW
CommandLineToArgvW

shlwapi

PathStripToRootW
PathIsUNCW
PathFindFileNameW
PathFindExtensionW

oleaut32

SysFreeString
VariantClear
VariantChangeType
VariantInit

urlmon

URLDownloadToFileW

ws2_32

WSAStartup
WSACleanup
inet_ntoa
WSAGetLastError
gethostbyname
send
closesocket
connect
inet_addr
htons
socket

wininet

HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle
InternetQueryDataAvailable
InternetSetOptionExW

Sections

.text
Size: 412KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ac06196c44dc110ce7d688a3e7283df0

Headers

DLL Characteristics

File Characteristics

Imports

psapi

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

urlmon

ws2_32

wininet

Sections

.text Size: 412KB - Virtual size: 412KB

.rdata Size: 85KB - Virtual size: 85KB

.data Size: 12KB - Virtual size: 27KB

.rsrc Size: 168KB - Virtual size: 168KB

.reloc Size: 45KB - Virtual size: 44KB

.text
Size: 412KB - Virtual size: 412KB

.rdata
Size: 85KB - Virtual size: 85KB

.data
Size: 12KB - Virtual size: 27KB

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 45KB - Virtual size: 44KB