NEAS[.]e64dbff3e0fd07b72efc836a2567d1f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e64dbff3e0fd07b72efc836a2567d1f0.exe
Size

856KB
MD5

e64dbff3e0fd07b72efc836a2567d1f0
SHA1

4dc1dfa0638c95c1f36575303bacf9a2de1b7c0d
SHA256

51d4c4d12672fa90fbde6faff1b2e4ff49b329ea710b0c55e8fb7764390e9c05
SHA512

e988adedf5388faac88d286cde7f67c1479e2d346dd1a5488c592e34150aeaa29269042f3014cee14240ea1bd448700ba6b7604a5af6467ab5eff979e1e2c6e8
SSDEEP

6144:W+djLFPQu8YedOVKxYjEdLZjBWcoo2V3WVlMvcxyLYZbRK03P+KH/XbDU:WwjLFG/mcL2AikZb7+KHDDU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e64dbff3e0fd07b72efc836a2567d1f0.exe

Files

NEAS.e64dbff3e0fd07b72efc836a2567d1f0.exe
.exe windows:4 windows x86

74f2b208de9874d07ff1db7b566f284b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

cgpib

?EnumGpibResource@CGpib@@SAKXZ
SetResourceName
?GetVIAddrValue@CGpib@@SAPAUVI_Addr_Info@@H@Z

sysutility

IsValidLine
WriteSystemParams
GetMainBinPath
ReadSystemParams
SetMainBinPath
SetSNbufferWindows
ConverTokenString2StringArray
SetSplashWindows

mfc42d

ord2123
ord877
ord413
ord736
ord1660
ord721
ord3573
ord3170
ord2435
ord3201
ord5072
ord4433
ord2936
ord410
ord1041
ord643
ord1042
ord4264
ord5093
ord3382
ord2419
ord797
ord803
ord1996
ord1122
ord1264
ord714
ord4256
ord5084
ord4195
ord3629
ord3948
ord4017
ord1862
ord4753
ord1364
ord4208
ord3658
ord1952
ord1228
ord2875
ord317
ord574
ord1757
ord3524
ord3281
ord4645
ord3831
ord683
ord592
ord1523
ord3517
ord4720
ord3286
ord684
ord880
ord3403
ord4273
ord4125
ord344
ord484
ord1788
ord4403
ord2168
ord1790
ord487
ord492
ord2619
ord901
ord903
ord734
ord2170
ord3110
ord5103
ord1917
ord3646
ord2915
ord619
ord382
ord3531
ord2033
ord4985
ord4934
ord4984
ord4475
ord3067
ord3960
ord562
ord5066
ord296
ord302
ord4231
ord422
ord5047
ord1934
ord1902
ord3093
ord813
ord3097
ord2208
ord3563
ord2513
ord2790
ord3848
ord4113
ord1942
ord1242
ord2860
ord293
ord556
ord590
ord4258
ord2636
ord4123
ord342
ord573
ord4303
ord1295
ord1834
ord865
ord2122
ord4457
ord1638
ord2423
ord1639
ord2409
ord2422
ord316
ord485
ord944
ord945
ord2044
ord943
ord4525
ord850
ord3481
ord1179
ord1766
ord5056
ord2979
ord374
ord612
ord3547
ord4685
ord2570
ord993
ord1023
ord2678
ord979
ord2675
ord1602
ord4555
ord470
ord2673
ord2994
ord3308
ord1505
ord2614
ord4202
ord3068
ord2776
ord4170
ord3218
ord4432
ord2127
ord3840
ord1438
ord1993
ord1261
ord596
ord632
ord1661
ord349
ord398
ord1809
ord707
ord450
ord529
ord1832
ord1775
ord453
ord5005
ord1900
ord2327
ord449
ord1294
ord4459
ord4283
ord4997
ord1316
ord1904
ord908
ord418
ord2659
ord3369
ord4458
ord4152
ord1632
ord853
ord702
ord3043
ord987
ord874
ord523
ord4405
ord2674
ord1212
ord723
ord717
ord2716
ord533
ord709
ord1494
ord3317
ord4556
ord4275
ord4978
ord2271
ord2993
ord2991
ord565
ord306
ord1772
ord1754
ord4615
ord2965
ord680
ord478
ord1510
ord1787
ord1411
ord282
ord1183
ord1105
ord4932
ord3717
ord711
ord824
ord559
ord3432
ord1087
ord299
ord1136
ord486
ord593
ord899
ord3338
ord2489
ord3343
ord2142
ord2133
ord4381
ord345
ord4302
ord2295
ord2068
ord4676
ord2434
ord3697
ord1906
ord3365
ord1511
ord5019
ord5016
ord3555
ord2147
ord685
ord4330
ord1019
ord4462
ord1497
ord3042
ord493
ord3554
ord985
ord3355
ord2130
ord1383
ord1912
ord3640
ord519
ord699
ord5064
ord2995
ord4451
ord3171
ord4933
ord2217
ord1774
ord3889
ord5065
ord4896
ord4653
ord2517
ord3174
ord419
ord668
ord1651
ord459
ord1032
ord4738
ord4627
ord1629
ord3427
ord4297
ord4061
ord3400
ord474
ord1717
ord879
ord1535
ord2216
ord1725
ord2098
ord3165
ord451
ord1837
ord5011
ord1298
ord730
ord719
ord1789
ord2661
ord4227
ord4230
ord3366
ord3827
ord4239
ord4215
ord4409
ord3784
ord2023
ord1287
ord531
ord708
ord1493
ord4951
ord1590
ord2105
ord3519
ord4655
ord4551
ord1096
ord3312
ord3598
ord1110
ord1983
ord1251
ord2917
ord384
ord621
ord4514
ord4361
ord3465
ord1748
ord2316
ord2383
ord2150
ord2129
ord4390
ord4589
ord3287
ord4558
ord4885
ord4888
ord4677
ord4682
ord2747
ord2593
ord3655
ord1098
ord1209
ord812
ord3268
ord4526
ord1577
ord4536
ord986
ord5100
ord290
ord341
ord554
ord4269
ord1546
ord2255
ord3483
ord5079
ord4388
ord4548
ord1627
ord5042
ord3464
ord4036
ord2799
ord1863
ord343
ord4126
ord2097
ord1504
ord3436
ord3404
ord4837
ord4726
ord5086
ord900
ord3892
ord3008
ord3010
ord2945
ord654
ord429
ord2094
ord3180
ord4993
ord2110
ord4998
ord4286
ord4235
ord4430
ord4927
ord4427
ord4916
ord3603
ord4921
ord4731
ord4467
ord4398
ord4417
ord4305
ord4301
ord4766
ord4540
ord1951
ord1227
ord2874
ord4929
ord3375
ord4291
ord2613
ord4861
ord1869
ord3625
ord3341
ord4278
ord3391
ord1783
ord4073
ord1326
ord1332
ord4172
ord5074
ord4207
ord4063
ord4180
ord1828
ord2018
ord1282
ord2978
ord516
ord697
ord3546
ord4856
ord4952
ord3589
ord4583
ord2296
ord2297
ord3118
ord3065
ord3450
ord517
ord698
ord648
ord4460
ord415
ord3491
ord2206
ord2273
ord3552
ord5077
ord3702
ord1880
ord1860
ord4415
ord3231
ord1033
ord4130
ord4229
ord2104
ord3826
ord4408
ord2021
ord1285
ord2986
ord706
ord528
ord660
ord2052
ord1044
ord644

msvcrtd

fread
fwrite
fclose
exit
fopen
_ftol
_setmbcp
_mkdir
_gcvt
abs
strcat
memmove
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_mbstok
__CxxFrameHandler
_chkesp
memcpy
memset
sprintf
strstr
strlen
toupper
strcpy
free
malloc
memcmp
_beginthreadex
atof
_itoa
strcmp
strchr
sqrt
atoi
_mbsnbcpy
_controlfp

kernel32

FindResourceA
LoadResource
LockResource
SizeofResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
GetVersion
CreateFileA
GetLastError
ExitProcess
CreateProcessA
GetStartupInfoA
MulDiv
SetCurrentDirectoryA
GetProcAddress
LoadLibraryA
GlobalSize
GetFileAttributesA
FreeLibrary
CreateMutexA
OpenMutexA
FindClose
FindFirstFileA
WinExec
CopyFileA
GetSystemDirectoryA
WritePrivateProfileStringA
GetTickCount
GetWindowsDirectoryA
RemoveDirectoryA
GetModuleHandleA
GetCurrentThreadId
CreateEventA
CloseHandle
GlobalFree
ResumeThread
WaitForSingleObject
ResetEvent
SetEvent
Sleep
DeleteFileA
GetPrivateProfileStringA
GetModuleHandleW
LocalFree
LocalUnlock
LocalLock
LocalAlloc
MoveFileExA
GetFileSize
GetPrivateProfileIntA
GetCommandLineA
GetTempPathA

user32

GetSystemMenu
ShowWindow
GetWindowRect
MoveWindow
PtInRect
SetWindowRgn
CopyImage
IsWindow
SetWindowPos
GetSubMenu
GetMenuItemID
GetClientRect
InvalidateRect
UpdateWindow
SetWindowLongA
SetCursor
ReleaseCapture
GetWindowLongA
AttachThreadInput
LoadCursorA
GetClipboardData
CallWindowProcA
SetClipboardData
LoadIconA
LoadImageA
CopyRect
FillRect
GetDC
ReleaseDC
SetRect
MessageBoxA
wsprintfA
CloseClipboard
RegisterClipboardFormatA
DestroyIcon
GetMenuItemInfoA
DrawIconEx
GetSystemMetrics
SystemParametersInfoA
SetWindowsHookExA
TrackPopupMenuEx
UnhookWindowsHookEx
CallNextHookEx
GetKeyboardLayout
MapVirtualKeyExA
IsCharLowerA
MapVirtualKeyA
GetKeyNameTextA
GetCursorPos
GetSysColor
MapWindowPoints
PeekMessageA
TranslateMessage
DispatchMessageA
EnumChildWindows
SendMessageA
GetClassNameA
EmptyClipboard

gdi32

GetBitmapBits
GetStockObject
PtInRegion
CreateRectRgn
SelectClipRgn
CreateSolidBrush
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
GetObjectA
CreateICA
GetDIBits
DeleteDC
ExtCreateRegion
SelectPalette
CreateDIBitmap
SelectObject
DeleteObject
SetDIBitsToDevice

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetPathFromIDListA

mfco42d

ord339
ord1054
ord3018
ord798
ord1818

ole32

CreateStreamOnHGlobal
CoTaskMemFree

olepro32

ord251

mfcd42d

ord830
ord547
ord280
ord829
ord745
ord273
ord298
ord435
ord305
ord436
ord796
ord632

Sections

.text
Size: 592KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

74f2b208de9874d07ff1db7b566f284b

Headers

File Characteristics

Imports

cgpib

sysutility

mfc42d

msvcrtd

kernel32

user32

gdi32

shell32

mfco42d

ole32

olepro32

mfcd42d

Sections

.text Size: 592KB - Virtual size: 589KB

.rdata Size: 52KB - Virtual size: 50KB

.data Size: 8KB - Virtual size: 246KB

.idata Size: 16KB - Virtual size: 12KB

.rsrc Size: 160KB - Virtual size: 156KB

.reloc Size: 24KB - Virtual size: 20KB

.text
Size: 592KB - Virtual size: 589KB

.rdata
Size: 52KB - Virtual size: 50KB

.data
Size: 8KB - Virtual size: 246KB

.idata
Size: 16KB - Virtual size: 12KB

.rsrc
Size: 160KB - Virtual size: 156KB

.reloc
Size: 24KB - Virtual size: 20KB