NEAS[.]d29a689d9785d4e7ee7cc39b6e8c7790[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.d29a689d9785d4e7ee7cc39b6e8c7790.exe
Size

2.0MB
MD5

d29a689d9785d4e7ee7cc39b6e8c7790
SHA1

4095b3fae821c14fa6b546aaf5be8cfede44c3cc
SHA256

d01a54e680058a399d9acb0b5503cd85c5cb186c74e9dd8219ee88ceddbdce78
SHA512

fc0a46b4d631bea991b744ecdd6b05e07e82de19288504f0710c6d761b7115ba9f45540565624003e17114fefaf8ba7c9e9f89e5f2e7aa00302e9cb81ee5533f
SSDEEP

49152:r8SdaGa3MlvVry/Ge/N0ShYK0BUpIms+Uvn3HZYyn9WEIQodcc:flvVUlqn9WEfnc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d29a689d9785d4e7ee7cc39b6e8c7790.exe

Files

NEAS.d29a689d9785d4e7ee7cc39b6e8c7790.exe
.dll windows:6 windows x86

6b8053c03cfd8d1542f2e36481b19ff0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
GetLastError
LoadLibraryW
HeapAlloc
GetProcAddress
GetProcessHeap
GetModuleHandleW
GetCurrentProcess
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
CloseHandle
LoadLibraryExW
FindResourceW
SizeofResource
LoadResource
GetCurrentProcessId
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
InitializeCriticalSectionEx
GetCurrentThread
FormatMessageA
FindFirstFileW
FindFirstFileA
FindNextFileW
FindNextFileA
FindClose
InitializeCriticalSection
LoadLibraryExA
SearchPathA
CreateFileMappingA
MapViewOfFile
CreateEventA
CreateMutexA
DuplicateHandle
CreateProcessA
WaitForSingleObject
ReleaseMutex
SetEvent
UnmapViewOfFile
GetFileType
CreateFileW
GetFileAttributesA
GetTempPathA
GetVolumeInformationA
GetUserDefaultLCID
GetPrivateProfileStringA
WritePrivateProfileStringA
GetSystemTime
Sleep
GetFileSize
ReadFile
SetFilePointerEx
SetFilePointer
GetStdHandle
WriteConsoleW
WriteFile
WaitForMultipleObjects
GetSystemInfo
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
DebugBreak
HeapWalk
HeapCreate
HeapSetInformation
HeapDestroy
GetModuleFileNameW
HeapValidate
HeapReAlloc
HeapLock
HeapCompact
HeapUnlock
CreateMemoryResourceNotification
QueryMemoryResourceNotification
GlobalMemoryStatusEx
InterlockedPopEntrySList
InterlockedPushEntrySList
InitializeSListHead
LoadLibraryA
GetFileAttributesW
SetFileAttributesW
SetFileAttributesA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
DeleteFileA
GetDriveTypeW
RemoveDirectoryW
RemoveDirectoryA
GetSystemDirectoryW
GetSystemDirectoryA
GetVolumeInformationW
MoveFileExW
MoveFileA
SetFileTime
GetVersionExA
GetComputerNameExW
GetEnvironmentVariableW
GetTempFileNameW
GetTempFileNameA
LocalFree
GetLocalTime
GetDateFormatW
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
SwitchToThread
TryEnterCriticalSection
DisableThreadLibraryCalls
MulDiv
WritePrivateProfileStringW
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
GetWindowsDirectoryA
TerminateThread
FileTimeToSystemTime
GetTimeFormatW
GetFileTime
SetEndOfFile
lstrlenW
RtlCaptureContext
QueryPerformanceFrequency
QueryPerformanceCounter
LocalAlloc
MultiByteToWideChar
GetACP
IsValidCodePage
EnumSystemCodePagesA
WideCharToMultiByte
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
VirtualProtect
GlobalMemoryStatus
OutputDebugStringA
SetLastError
HeapFree
MoveFileW
FreeLibrary
DeleteFileW
GetUserDefaultLangID
GetStringTypeExW
HeapSize
GetTickCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
VirtualQuery
RaiseException

cabinet

ord22
ord21
ord23
ord20
ord12
ord13
ord11
ord10
ord14

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
strrchr
memset
wcsrchr
memmove
memcpy
__std_terminate
memcmp
memchr
_CxxThrowException
_set_se_translator
_purecall
__CxxFrameHandler3
wcschr

msvcp140

?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ

api-ms-win-crt-heap-l1-1-0

free
malloc
_aligned_malloc
_heapmin
realloc
_aligned_free

api-ms-win-crt-utility-l1-1-0

rand
bsearch
qsort
srand

api-ms-win-crt-string-l1-1-0

wcspbrk
wcsncat_s
wcscspn
mblen
_strnicmp
strcpy_s
wcscmp
strtok_s
iswalnum
isdigit
strncat_s
_wcsicmp
iswdigit
iswxdigit
wcsncpy_s
strncpy_s
wcscpy_s
_stricmp
towlower
wcsspn

api-ms-win-crt-stdio-l1-1-0

fseek
__stdio_common_vswprintf_s
ftell
__stdio_common_vfprintf
ferror
fflush
_wfopen_s
_fileno
fwrite
feof
__acrt_iob_func
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vsnprintf_s
fclose
__stdio_common_vswscanf
fread
fgetc
fopen_s
__stdio_common_vsnwprintf_s

api-ms-win-crt-convert-l1-1-0

atoi
_wtoi

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_cexit
_crt_atexit
strerror_s
_errno
_execute_onexit_table
_set_error_mode
exit
_beginthreadex
_endthreadex
_register_onexit_function
__doserrno
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-environment-l1-1-0

_dupenv_s
_putenv

api-ms-win-crt-filesystem-l1-1-0

_waccess
_wunlink
_wfullpath
_chmod
_wchmod
_getdrive
_fstat64i32

api-ms-win-crt-time-l1-1-0

_tzset
_get_tzname
_get_timezone
_get_daylight
_mktime64

api-ms-win-crt-multibyte-l1-1-0

_mbsrchr

api-ms-win-crt-locale-l1-1-0

___mb_cur_max_func
__initialize_lconv_for_unsigned_char

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

?compareTo@RWCString@@QBEHABV1@W4caseCompare@1@@Z
?compareTo@RWCString@@QBEHPBDW4caseCompare@1@@Z
?index@RWCString@@QBEIPBDIIW4caseCompare@1@@Z

Sections

.text
Size: 931KB - Virtual size: 931KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 376KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 210KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 562KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b8053c03cfd8d1542f2e36481b19ff0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

cabinet

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 931KB - Virtual size: 931KB

.rdata Size: 376KB - Virtual size: 375KB

.data Size: 210KB - Virtual size: 215KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 562KB - Virtual size: 564KB

.text
Size: 931KB - Virtual size: 931KB

.rdata
Size: 376KB - Virtual size: 375KB

.data
Size: 210KB - Virtual size: 215KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 562KB - Virtual size: 564KB