NEAS[.]c10f8f786d5ed57932e2ad5a3a6880b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c10f8f786d5ed57932e2ad5a3a6880b0.exe
Size

2.2MB
MD5

c10f8f786d5ed57932e2ad5a3a6880b0
SHA1

585842960fc47d5cea69ad3fb88aa26b11772a28
SHA256

028e2f09c8e5c3664c8805901583ed1b927a828e9a5dae5f3e9f92eb18ad69e7
SHA512

7bf66aeb5990c39ecce6a5dad382d563fece65d114470a17e0291140b02a4d9353d43196ff23c9860513d22fe38b72f8c88d3bf7021f4a540fcc947a36e912e3
SSDEEP

24576:KDW/up796oxIVEbMtozi5uUNFbqc03BHkaDOfpK9aN3E2cxwnvAhws2d7p:KDW/upPxI2M6Qbqc03hKhK9aa2cxw9p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c10f8f786d5ed57932e2ad5a3a6880b0.exe

Files

NEAS.c10f8f786d5ed57932e2ad5a3a6880b0.exe
.dll windows:5 windows x64

3778dbe5a197b19a010729b2d044705d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FlushInstructionCache
GetUserDefaultUILanguage
FindFirstFileA
ExitThread
CreateSemaphoreW
ReleaseSemaphore
GetComputerNameExW
LoadLibraryW
GetModuleFileNameW
LoadLibraryExW
GetNamedPipeHandleStateW
SetNamedPipeHandleState
DisconnectNamedPipe
PeekNamedPipe
GetSystemTime
MapViewOfFileEx
TerminateThread
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
lstrcmpiW
LocalAlloc
LockResource
GetEnvironmentVariableW
SetEnvironmentVariableW
GetEnvironmentVariableA
RemoveVectoredExceptionHandler
AddVectoredExceptionHandler
SwitchToThread
SetThreadPriority
VirtualProtect
GetModuleHandleW
CloseHandle
ConnectNamedPipe
CancelIo
LocalFree
GetCurrentProcess
GetCurrentProcessId
CreateFileW
CreateNamedPipeW
ReadFile
WriteFile
GetSystemPowerStatus
ExpandEnvironmentStringsW
CreateEventW
WaitForSingleObject
GetCommandLineW
GetTickCount
ReleaseMutex
SetLastError
DeleteFileW
CreateProcessW
CreateMutexW
SetFilePointer
OutputDebugStringA
FormatMessageA
GetModuleHandleA
SetUnhandledExceptionFilter
GetStdHandle
AllocConsole
AttachConsole
OpenProcess
GetExitCodeProcess
CreateToolhelp32Snapshot
GetSystemInfo
GetProcessIoCounters
VirtualQueryEx
HeapSetInformation
SetPriorityClass
Process32NextW
Process32FirstW
GetProcessHeaps
GetProcessId
DuplicateHandle
GetProcessTimes
GetSystemTimeAsFileTime
TerminateProcess
SetHandleInformation
CreatePipe
TlsGetValue
TlsFree
TlsSetValue
TlsAlloc
QueryPerformanceCounter
QueryPerformanceFrequency
LocalFileTimeToFileTime
SystemTimeToFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
ResetEvent
SetEvent
WaitForMultipleObjects
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
GetProcAddress
UnmapViewOfFile
CompareFileTime
MoveFileExW
ReplaceFileW
CopyFileW
GetFileAttributesW
GetFileAttributesExW
SetCurrentDirectoryW
RemoveDirectoryW
FindClose
CreateDirectoryW
FindNextFileW
FindFirstFileW
GetTempPathW
GetCurrentDirectoryW
QueryDosDeviceW
GetLogicalDriveStringsW
GetLongPathNameW
GetTempFileNameW
MapViewOfFile
CreateFileMappingW
GetFileSize
VirtualFree
VirtualAlloc
OpenFileMappingW
CreateThread
Sleep
IsDebuggerPresent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
GetSystemDirectoryW
GetWindowsDirectoryW
RtlCaptureStackBackTrace
GetCurrentThread
GetVersionExW
GetNativeSystemInfo
RegisterWaitForSingleObject
UnregisterWaitEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
SetFileTime
GetFileInformationByHandle
WideCharToMultiByte
SetErrorMode
AssignProcessToJobObject
SetInformationJobObject
CreateJobObjectW
GetShortPathNameW
ResumeThread
RtlUnwindEx
ExitProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
GetConsoleCP
GetConsoleMode
SetStdHandle
GetFileType
HeapReAlloc
GetFullPathNameW
GetProcessHeap
LoadLibraryA
LCMapStringA
LCMapStringW
GetCPInfo
RtlPcToFileHeader
GetStringTypeW
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetModuleFileNameA
FatalAppExitA
SetConsoleCtrlHandler
HeapCreate
HeapDestroy
HeapSize
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
CreateFileA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLastError
lstrlenW
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFileTime
RaiseException
DeleteFileA

user32

wsprintfW
RegisterClassExW
CharUpperW
WaitForInputIdle
PostMessageW
KillTimer
CharNextW
DispatchMessageW
CreateWindowExW
UnregisterClassW
MsgWaitForMultipleObjectsEx
DestroyWindow
PeekMessageW
PostThreadMessageW
GetQueueStatus
MessageBoxW
TranslateMessage
CallMsgFilterW
PostQuitMessage
SystemParametersInfoW
WaitMessage
DefWindowProcW
SetTimer
GetKeyState

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
GetTokenInformation
OpenProcessToken
RegQueryValueExW
RegEnumValueW
RegNotifyChangeKeyValue
CreateProcessAsUserW
GetSidSubAuthority
ConvertSidToStringSidW
GetSidSubAuthorityCount
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
TraceEvent
GetUserNameW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

ShellExecuteW
SHFileOperationW
SHGetFolderPathW
SHGetSpecialFolderPathW
CommandLineToArgvW

ole32

CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree
PropVariantClear
CoTaskMemAlloc

oleaut32

VarUI4FromStr
SysFreeString

shlwapi

SHStrDupW
SHDeleteKeyW
UrlCanonicalizeW

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

winmm

timeBeginPeriod
timeGetDevCaps
timeGetTime
timeEndPeriod

psapi

GetProcessMemoryInfo
QueryWorkingSet
GetMappedFileNameW

Exports

Exports

ChromeMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 471KB - Virtual size: 470KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 51KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 239KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3778dbe5a197b19a010729b2d044705d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

winmm

psapi

Exports

Exports

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 471KB - Virtual size: 470KB

.data Size: 51KB - Virtual size: 292KB

.pdata Size: 101KB - Virtual size: 100KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 239KB - Virtual size: 238KB

.reloc Size: 23KB - Virtual size: 23KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 471KB - Virtual size: 470KB

.data
Size: 51KB - Virtual size: 292KB

.pdata
Size: 101KB - Virtual size: 100KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 239KB - Virtual size: 238KB

.reloc
Size: 23KB - Virtual size: 23KB