NEAS[.]cde40426c1175613c15934615ed5a5c0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.cde40426c1175613c15934615ed5a5c0.exe
Size

459KB
MD5

cde40426c1175613c15934615ed5a5c0
SHA1

511fd6a4465e17f1cfd7b76e2e5491d78a85434d
SHA256

3a1a77afe9339fb6735b7aa459dc3fbf3589c705951458c40b16f4d5ab97cefe
SHA512

2e84cf869f4013397e78827457fa40cf8e537c001860a5466d62f9cfb577c3643336d1d27eac1c22dfb4f410258e2b23b92e92ea51d44a96264a6db70bfb136c
SSDEEP

12288:sUE03qxFqJC1cwgysc/2gIsJFBhlyAjoSYgqx:sUE06qCSwgbW2gpD3sAkSYgqx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cde40426c1175613c15934615ed5a5c0.exe

Files

NEAS.cde40426c1175613c15934615ed5a5c0.exe
.exe windows:6 windows x86

fc799c0f8a0c16c28c597e4fc70b806c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

WSASetLastError
getpeername
getsockname
socket
ntohs
connect
getsockopt
htons
setsockopt
ioctlsocket
gethostname
WSAGetLastError
WSACleanup
WSAStartup
WSACloseEvent
WSACreateEvent
WSAEventSelect
WSAResetEvent
send
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
inet_pton
htonl
getaddrinfo
freeaddrinfo
accept
closesocket
listen
recvfrom
sendto
__WSAFDIsSet
select
bind
recv
WSAIoctl

advapi32

CryptReleaseContext
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam

crypt32

CertGetCertificateChain
CryptDecodeObjectEx
CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertEnumCertificatesInStore
CertFreeCertificateContext
PFXImportCertStore
CertFreeCertificateChainEngine
CryptQueryObject
CertFreeCertificateChain
CertGetNameStringA
CertFindExtension
CertCreateCertificateChainEngine
CertFindCertificateInStore
CryptStringToBinaryA

api-ms-win-core-console-l2-1-0

GetConsoleScreenBufferInfo

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentVariableA

api-ms-win-core-file-l1-1-0

SetEndOfFile
GetFileTime
CreateFileA
GetFileType
SetFileTime
GetFileSizeEx
ReadFile

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-console-l1-1-0

GetConsoleMode
SetConsoleCtrlHandler
SetConsoleMode
WriteConsoleW

api-ms-win-core-kernel32-legacy-l1-1-2

Module32First
Module32Next

api-ms-win-core-toolhelp-l1-1-0

CreateToolhelp32Snapshot

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-processenvironment-l1-2-0

SearchPathA

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleA
GetProcAddress
FreeLibrary
LoadLibraryExW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-sysinfo-l1-1-0

GetSystemDirectoryA
GetTickCount

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-synch-l1-1-0

SleepEx
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
LeaveCriticalSection

api-ms-win-core-kernel32-legacy-l1-1-0

MoveFileExA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-namedpipe-l1-1-0

PeekNamedPipe

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc
_set_new_mode
realloc

api-ms-win-crt-stdio-l1-1-0

_fileno
fclose
ftell
fseek
getc
fread
__stdio_common_vsscanf
fputs
_isatty
puts
_close
fgets
feof
fwrite
fopen
_get_osfhandle
_open
__stdio_common_vsprintf
fflush
_read
_write
_set_fmode
_setmode
__acrt_iob_func
fputc
_lseeki64
ferror
__p__commode

api-ms-win-crt-time-l1-1-0

_localtime64
_time64
_gmtime64
strftime

api-ms-win-crt-convert-l1-1-0

strtol
strtod
atoi
strtoll
wcstombs
strtoul

api-ms-win-crt-runtime-l1-1-0

_c_exit
abort
__p___argc
__p___argv
_beginthreadex
_register_thread_local_exe_atexit_callback
__sys_nerr
__sys_errlist
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_set_app_type
_seh_filter_exe
_cexit
_initialize_onexit_table
_crt_atexit
_register_onexit_function
_initialize_narrow_environment
_configure_narrow_argv
strerror
_errno
terminate
_controlfp_s

api-ms-win-crt-string-l1-1-0

strpbrk
strncpy
strncmp
strcspn
isupper
_strdup
wcsncmp
isprint
strtok
tolower
strspn

api-ms-win-crt-filesystem-l1-1-0

_unlink
_mkdir
_access
_stat64
_fstat64

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-multibyte-l1-1-0

_mbschr
_mbscmp
_mbspbrk
_mbsnbcpy
_mbsnbcmp

api-ms-win-crt-locale-l1-1-0

_configthreadlocale
setlocale

kernel32

UnhandledExceptionFilter
GetSystemTimeAsFileTime
InitializeSListHead
GetModuleHandleW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
SetUnhandledExceptionFilter

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-processthreads-l1-1-0

TlsAlloc
TlsSetValue
TlsFree
TlsGetValue

api-ms-win-crt-math-l1-1-0

__setusermatherr
_fdopen

api-ms-win-crt-conio-l1-1-0

_getch

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc799c0f8a0c16c28c597e4fc70b806c

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

crypt32

api-ms-win-core-console-l2-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-console-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-2

api-ms-win-core-toolhelp-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-sysinfo-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

api-ms-win-core-localization-l1-2-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-synch-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-namedpipe-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

kernel32

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-conio-l1-1-0

Sections

.text Size: 333KB - Virtual size: 332KB

.rdata Size: 102KB - Virtual size: 102KB

.data Size: 512B - Virtual size: 2KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 20KB - Virtual size: 20KB

.text
Size: 333KB - Virtual size: 332KB

.rdata
Size: 102KB - Virtual size: 102KB

.data
Size: 512B - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 20KB - Virtual size: 20KB