NEAS[.]d7154b6ba32c0222bb113019779c5590[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d7154b6ba32c0222bb113019779c5590.exe
Size

1.0MB
MD5

d7154b6ba32c0222bb113019779c5590
SHA1

fc3e98b831c3af47528a1cf0c742439798d4b4e7
SHA256

96c6f9397e75d98709272413e378d2dc850644aebd37198d1960ee7736e7773d
SHA512

447d060aa1932041b7d7fd519a87d3d6ce571186037cf082d8504c8396bfe0e73af172b208ec721b4a46a011e4287a94083960f91cb56ed7ad9ad3532e41bba1
SSDEEP

24576:eP8P02JzmMms9Mqlv/yXqPY83ytadbAL:iq7qqxyXKYfkbs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d7154b6ba32c0222bb113019779c5590.exe

Files

NEAS.d7154b6ba32c0222bb113019779c5590.exe
.exe windows:4 windows x86

a141f6e9b5cd50390bcc2050c5f7be3a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

gethostname
gethostbyname
WSAGetLastError
inet_addr
getsockopt
accept
__WSAFDIsSet
select
inet_ntoa
setsockopt
WSAIoctl
getsockname
getpeername
listen
bind
shutdown
WSACleanup
WSAStartup
closesocket
recv
send
htons
socket
connect
htonl

winmm

timeKillEvent
PlaySoundA
timeGetTime
timeSetEvent

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

userenv

ExpandEnvironmentStringsForUserA
DestroyEnvironmentBlock
CreateEnvironmentBlock

kernel32

OutputDebugStringA
SetCurrentDirectoryA
SetFileAttributesA
GetEnvironmentVariableA
ResumeThread
ResetEvent
TryEnterCriticalSection
CompareFileTime
GetFileTime
GetFileSize
CreateFileA
MoveFileExA
GetFileAttributesA
GetSystemTime
SetFilePointer
CreateDirectoryA
SetErrorMode
SetFileTime
SystemTimeToFileTime
FlushFileBuffers
SetEndOfFile
MoveFileA
GetDriveTypeA
GetLogicalDriveStringsA
FileTimeToSystemTime
SetThreadPriority
GetCurrentThread
TerminateProcess
CreateProcessA
GetLocalTime
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
TerminateThread
LockResource
LoadResource
SizeofResource
FindResourceA
WriteConsoleA
GetStdHandle
GetExitCodeProcess
AllocConsole
GlobalDeleteAtom
CreateEventA
GlobalAddAtomA
SetProcessShutdownParameters
GetCPInfo
HeapReAlloc
GetTimeZoneInformation
InterlockedDecrement
InterlockedIncrement
GetConsoleMode
GetConsoleCP
ExitThread
GetStartupInfoA
GetCommandLineA
SetStdHandle
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
GetFileType
lstrcatA
lstrcmpiA
lstrcpynA
InterlockedExchange
GetProcessHeap
HeapAlloc
HeapFree
SetVolumeLabelA
DosDateTimeToFileTime
GetLocaleInfoA
GetFullPathNameA
GetVolumeInformationA
FileTimeToLocalFileTime
LocalFileTimeToFileTime
lstrcpyA
TlsAlloc
DuplicateHandle
TlsSetValue
TlsFree
TlsGetValue
CreateSemaphoreA
ReleaseSemaphore
GlobalGetAtomNameA
WaitForMultipleObjects
OpenMutexA
OpenEventA
SetEvent
CreateToolhelp32Snapshot
Process32First
Process32Next
GetVersionExA
GetSystemDirectoryW
lstrcatW
LoadLibraryW
CreateFileW
WaitNamedPipeW
HeapSize
GetACP
GetOEMCP
IsValidCodePage
GetCurrentProcessId
WriteFile
ReadFile
SetLastError
ReleaseMutex
CreateMutexA
WaitForSingleObject
PeekNamedPipe
UnmapViewOfFile
OpenFileMappingA
MapViewOfFile
CreateFileMappingA
WritePrivateProfileSectionA
WritePrivateProfileStructA
GetPrivateProfileStructA
GetPrivateProfileStringA
GetPrivateProfileIntA
WritePrivateProfileStringA
OpenProcess
GetLastError
WinExec
GetComputerNameA
GetVersion
GetSystemInfo
lstrlenA
GetTempPathA
CopyFileA
FreeLibrary
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
EnterCriticalSection
GetSystemTimeAsFileTime
GetCurrentProcess
GetProcessTimes
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetTickCount
MultiByteToWideChar
GlobalAlloc
GlobalFree
GlobalLock
GlobalSize
WideCharToMultiByte
GlobalUnlock
Sleep
CreateThread
CloseHandle
GetCurrentThreadId
LoadLibraryA
GetProcAddress
GetModuleFileNameA
GetModuleHandleA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
VirtualFree
VirtualAlloc
HeapDestroy
HeapCreate
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleOutputCP
WriteConsoleW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetEnvironmentVariableW
GetLocaleInfoW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetFileInformationByHandle
FormatMessageA
RemoveDirectoryA

user32

LoadMenuA
GetSubMenu
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
EnableMenuItem
RemoveMenu
EnableWindow
VkKeyScanA
ToAscii
GetAsyncKeyState
MapVirtualKeyA
IsIconic
SetClipboardViewer
PeekMessageA
WaitMessage
ChangeClipboardChain
DestroyWindow
GetClipboardOwner
SendNotifyMessageA
PostThreadMessageA
RegisterWindowMessageA
FindWindowExA
WindowFromPoint
GetIconInfo
SetRect
FillRect
DrawTextA
EnumWindows
IsWindowVisible
IsWindow
GetWindowTextA
OpenDesktopA
EnumDesktopWindows
GetClassNameA
GetUpdateRect
DestroyMenu
IntersectRect
DrawIconEx
EndPaint
DestroyIcon
PtInRect
GetKeyboardState
SetActiveWindow
MessageBeep
FlashWindow
ChangeDisplaySettingsExA
keybd_event
GetKeyState
EnumDisplaySettingsA
DialogBoxParamA
SetWindowTextA
LoadStringA
GetWindowRect
InvalidateRect
GetDlgItemTextA
SetFocus
GetCursorPos
SetDlgItemInt
CheckDlgButton
IsDlgButtonChecked
GetDlgItemInt
MessageBoxA
GetProcessWindowStation
ScreenToClient
MoveWindow
GetClientRect
SetDlgItemTextA
GetScrollInfo
GetDlgItem
SendDlgItemMessageA
SetForegroundWindow
ExitWindowsEx
BeginPaint
GetDesktopWindow
wsprintfA
GetWindowThreadProcessId
SystemParametersInfoA
GetForegroundWindow
RegisterClipboardFormatA
EmptyClipboard
SetClipboardData
IsClipboardFormatAvailable
GetClipboardData
CloseClipboard
OpenClipboard
SendMessageA
FindWindowA
PostMessageA
mouse_event
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationA
SetThreadDesktop
GetMessageA
TranslateMessage
DispatchMessageA
CloseDesktop
LoadIconA
LoadCursorA
RegisterClassExA
GetSystemMetrics
AdjustWindowRect
CreateWindowExA
GetWindowLongA
SetWindowLongA
ShowWindow
KillTimer
PostQuitMessage
SetTimer
DefWindowProcA
SetWindowPos
IsRectEmpty
LoadImageA
GetDC
ReleaseDC
OemToCharA
CharToOemA
wvsprintfA
EndDialog

gdi32

GetBitmapBits
SetTextColor
SetBkColor
CreatePalette
SelectPalette
RealizePalette
SetDIBColorTable
GdiFlush
GetObjectA
CreateFontIndirectA
ExtEscape
GetSystemPaletteEntries
GetRegionData
GetRgnBox
OffsetRgn
SetRectRgn
PtInRegion
CombineRgn
CreateRectRgn
SetBkMode
DeleteDC
GetPixel
BitBlt
SelectObject
DeleteObject
CreateDIBSection
GetDeviceCaps
GetDIBits
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
StretchBlt
PatBlt
CreateSolidBrush
GetStockObject
GetClipBox

advapi32

GetUserNameA
GetSecurityDescriptorLength
GetSecurityDescriptorControl
GetKernelObjectSecurity
SetKernelObjectSecurity
IsValidSecurityDescriptor
GetSecurityDescriptorDacl
IsValidAcl
GetSecurityDescriptorOwner
IsValidSid
GetSecurityDescriptorGroup
EqualSid
FreeSid
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
CreateProcessAsUserA
RegSetValueExA
OpenSCManagerA
EnumServicesStatusA
OpenServiceA
QueryServiceConfigA
LookupAccountSidA
RegCreateKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
StartServiceCtrlDispatcherA
RegisterServiceCtrlHandlerA
CreateServiceA
RegDeleteValueA
RegDeleteKeyA
QueryServiceStatus
DeleteService
SetServiceStatus
RegCreateKeyExA
LockServiceDatabase
UnlockServiceDatabase
ChangeServiceConfigA
ChangeServiceConfig2A
DuplicateTokenEx
SetTokenInformation
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CloseServiceHandle
AllocateAndInitializeSid

shell32

Shell_NotifyIconA
SHAppBarMessage
SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHFileOperationA
ShellExecuteExA
ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

avifil32

AVIStreamRelease
AVIFileRelease
AVIFileExit
AVIStreamWrite
AVIFileInit
AVIFileOpenA
AVIFileCreateStreamA
AVISaveOptions
AVISaveOptionsFree
AVIMakeCompressedStream
AVIStreamSetFormat

msvfw32

ord2

imm32

ImmGetDefaultIMEWnd

Sections

.text
Size: 696KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a141f6e9b5cd50390bcc2050c5f7be3a

Headers

File Characteristics

Imports

ws2_32

winmm

version

userenv

kernel32

user32

gdi32

advapi32

shell32

ole32

avifil32

msvfw32

imm32

Sections

.text Size: 696KB - Virtual size: 694KB

.rdata Size: 128KB - Virtual size: 125KB

.data Size: 16KB - Virtual size: 520KB

.rsrc Size: 200KB - Virtual size: 196KB

.text
Size: 696KB - Virtual size: 694KB

.rdata
Size: 128KB - Virtual size: 125KB

.data
Size: 16KB - Virtual size: 520KB

.rsrc
Size: 200KB - Virtual size: 196KB