NEAS[.]426841e76b780033b2b409b37d257a90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.426841e76b780033b2b409b37d257a90.exe
Size

8.8MB
MD5

426841e76b780033b2b409b37d257a90
SHA1

c6ad592c5d7ffab702faea7941cf0a2ec1b5717a
SHA256

d8919a8742494d39c5fc651fb296b2583c60e96a5fd11614403f603fb0fc25da
SHA512

cfddf4ad6164fbd1f75146b22d2c71576f5cc8144396a9a9d52bdb5254df4600c09cd88bdd7eabcda16f239d739bd6087f6a9cacb70dc3169d532f7cb65528fe
SSDEEP

196608:96cXlOv4ukrK8OmZ+49COxkQ3Nz1z8Oq/eYx:VXO4ub837zSWYx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.426841e76b780033b2b409b37d257a90.exe

Files

NEAS.426841e76b780033b2b409b37d257a90.exe
.dll windows:6 windows x86

bedacc438b20a40896a38dff2df38229

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapFree
HeapAlloc
MultiByteToWideChar
lstrlenA
lstrcatA
LoadLibraryW
LoadLibraryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryA
DeleteCriticalSection
EnumSystemLocalesA
VerSetConditionMask
DebugBreak
FreeResource
LoadResource
LockResource
LoadLibraryExA
GetProcessHeap
VirtualProtect
SizeofResource
GetSystemInfo
lstrcpyA
VirtualFree
VirtualAlloc
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
EncodePointer
OutputDebugStringW
InitializeSListHead
GetCurrentProcessId
VerifyVersionInfoW
FindResourceA
VirtualQuery
InitializeCriticalSectionEx
SetLastError
RaiseException
DecodePointer
OutputDebugStringA
FindAtomW
DisableThreadLibraryCalls
FormatMessageA
LocalFree
GetTickCount
GetLastError
FileTimeToSystemTime
GetModuleFileNameA
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
CloseHandle
GetUserDefaultLCID
GetFileTime
CreateFileA
WaitForSingleObjectEx
ResetEvent
SetEvent
ExitThread
CreateThread
CreateMutexA
WaitForSingleObject
ReleaseMutex
GetLogicalDriveStringsA
SetErrorMode
GetVolumeInformationA
GetDriveTypeA
GetEnvironmentVariableA
IsDBCSLeadByte
WideCharToMultiByte
lstrcmpiA
lstrcmpA
MulDiv
GlobalFree
GlobalHandle
GlobalLock
GlobalUnlock
GlobalAlloc
FindResourceW
GetCurrentThreadId
LeaveCriticalSection
EnterCriticalSection
Sleep
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
SystemTimeToFileTime

user32

UnhookWindowsHookEx
CallNextHookEx
GetAncestor
RegisterWindowMessageA
GetWindowLongA
SetWindowLongA
GetDesktopWindow
GetParent
IsDialogMessageA
ScreenToClient
SetCursor
GetForegroundWindow
GetMessageA
IsIconic
SetWindowsHookExA
PostMessageA
SetPropW
SetForegroundWindow
GetSystemMetrics
MoveWindow
SetFocus
GetFocus
GetPropW
DefWindowProcA
GetWindowRect
FindWindowA
UnregisterClassA
GetSysColor
FillRect
LoadBitmapA
LoadCursorA
CallWindowProcA
wsprintfA
SetWindowPos
TranslateMessage
DispatchMessageA
PeekMessageA
SendMessageA
ShowWindow
EnableWindow
GetDC
ReleaseDC
SetWindowTextA
RegisterClassExA
GetClassInfoExA
GetWindowTextA
MessageBoxA
GetAsyncKeyState
GetMonitorInfoA
MonitorFromWindow
MapDialogRect
GetWindow
GetClassNameA
MapWindowPoints
ClientToScreen
SetWindowContextHelpId
GetClientRect
GetWindowTextLengthA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
CharNextA
SendDlgItemMessageA
CreateWindowExA
GetDlgItem
EndDialog
CreateDialogIndirectParamA
DestroyWindow
IsChild
IsWindow

gdi32

GetDeviceCaps
SelectObject
DeleteObject
CreateSolidBrush
BitBlt
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
GetBkColor
GetMapMode
GetStockObject
GetTextExtentPoint32A
SetBkColor
SetMapMode
GetTextMetricsA
GetObjectA
DPtoLP
DeleteDC

advapi32

CryptSignHashA
RegSetValueExA
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
RegCreateKeyExA
RegCloseKey
CryptDestroyKey
CryptImportKey
CryptSetProvParam
CryptAcquireContextW
CryptSetKeyParam
CryptGetProvParam
CryptGetUserKey
CryptCreateHash
CryptSetHashParam
CryptDestroyHash
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegOpenKeyExA
RegQueryInfoKeyW
CryptDecrypt

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetFolderLocation

ole32

CoUninitialize
OleLockRunning
OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
CreateStreamOnHGlobal
CoCreateInstance
CoInitialize

oleaut32

SysStringLen
SysFreeString
SysAllocString
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
DispCallFunc
OleCreateFontIndirect
SysAllocStringLen

bib

ord11
ord5
ord4

msvcp140

?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAG3AAPAG@Z
?out@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBG1AAPBGPAD3AAPAD@Z
?unshift@?$codecvt@GDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@GDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?_Gndec@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
?_Init@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??1?$basic_ostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?put@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@G@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?id@?$codecvt@GDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?eof@ios_base@std@@QBE_NXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_K@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_K@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@J@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AA_J@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
??0_Lockit@std@@QAE@H@Z
?uncaught_exception@std@@YA_NXZ
?_Xlength_error@std@@YAXPBD@Z
??Bid@locale@std@@QAEIXZ
??1_Lockit@std@@QAE@XZ
?empty@locale@std@@SA?AV12@XZ
?tolower@?$ctype@D@std@@QBEDD@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?id@?$ctype@D@std@@2V0locale@2@A
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ

wsock32

gethostbyname
accept
bind
closesocket
connect
inet_ntoa
getsockopt
htons
ioctlsocket
ntohl
recv
recvfrom
select
send
sendto
setsockopt
shutdown
WSAGetLastError
WSAStartup
socket
__WSAFDIsSet

vcruntime140

_purecall
__std_terminate
_CxxThrowException
__std_type_info_destroy_list
memcmp
_except_handler4_common
strstr
strchr
__std_exception_destroy
__CxxFrameHandler3
__RTDynamicCast
__std_exception_copy
strrchr
memset
memchr
memmove
memcpy

api-ms-win-crt-runtime-l1-1-0

_resetstkoflw
_initialize_narrow_environment
_initialize_onexit_table
_errno
_seh_filter_dll
_register_onexit_function
_execute_onexit_table
_crt_atexit
_configure_narrow_argv
terminate
_invalid_parameter_noinfo_noreturn
_cexit
_set_invalid_parameter_handler
_initterm_e
_invalid_parameter_noinfo
_initterm

api-ms-win-crt-string-l1-1-0

isdigit
wcsncpy
wcslen
strpbrk
_stricmp
strncat
isalnum
strncmp
isalpha
tolower
strtok
islower
toupper
strncpy
strncpy_s
strncat_s
wcscmp
strlen
_strdup
wcsncmp
_strnicmp
isupper
isspace
strcmp
strcat
strcpy
wcscpy_s

api-ms-win-crt-convert-l1-1-0

strtol
strtoul
mbtowc
wctomb
wctomb_s
_strtoui64
_strtoi64
_itoa_s
_itoa
atol
_i64toa_s
_ultoa_s
_ltoa_s
_wtoi
atoi
atof
strtod

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfwprintf
ungetwc
fputwc
fgetwc
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
_read
fflush
__stdio_common_vsprintf
fgetpos
fsetpos
_fseeki64
setvbuf
__stdio_common_vfprintf
ungetc
_get_stream_buffer_pointers
fclose
_write
fopen
fputc
__stdio_common_vsscanf
fgetc
_setmode
fwrite

api-ms-win-crt-heap-l1-1-0

calloc
_recalloc
free
malloc
_callnewh

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsnbcpy_s

api-ms-win-crt-math-l1-1-0

floor
_except1
sin
cos
_isnan
pow
acos
sqrt

api-ms-win-crt-time-l1-1-0

strftime
_localtime64
_difftime64
_time64
_mktime64
_ftime64
_gmtime64

api-ms-win-crt-locale-l1-1-0

_free_locale
setlocale
___mb_cur_max_func

api-ms-win-crt-utility-l1-1-0

rand
abs
_lrotl
qsort
_lrotr

Exports

Exports

?iEDCSetTestPerms@@YAPAXPAU_t_PDDoc@@PAU_t_ASCabinet@@@Z
PlugInMain

Sections

.text
Size: 4.4MB - Virtual size: 4.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 214KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 985KB - Virtual size: 984KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bedacc438b20a40896a38dff2df38229

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

bib

msvcp140

wsock32

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 4.4MB - Virtual size: 4.4MB

.rdata Size: 1.3MB - Virtual size: 1.3MB

.data Size: 214KB - Virtual size: 224KB

.didat Size: 512B - Virtual size: 320B

.rsrc Size: 985KB - Virtual size: 984KB

.reloc Size: 1.9MB - Virtual size: 1.9MB

.text
Size: 4.4MB - Virtual size: 4.4MB

.rdata
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 214KB - Virtual size: 224KB

.didat
Size: 512B - Virtual size: 320B

.rsrc
Size: 985KB - Virtual size: 984KB

.reloc
Size: 1.9MB - Virtual size: 1.9MB