NEAS[.]50f273f4e9bd9a5a044fa2dd3b5e1450[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.50f273f4e9bd9a5a044fa2dd3b5e1450.exe
Size

2.2MB
MD5

50f273f4e9bd9a5a044fa2dd3b5e1450
SHA1

1302280027ebe21b8add90febc11811d66037060
SHA256

2433df50ef76109361dff3249790f644548c5ade9d7394718d2dd4f1f78f596f
SHA512

3f7011c2c1041919ad521343784e011376f6f283e940bc31efd1c1eb6c2f138e94f1fd45a6ebf1b71030f9d429984afc2eafa62032287a7bebc4b3394151938f
SSDEEP

24576:KLBdIWl0iWXFovBej8EueKKBAIxnSdrOYmYeaUzv3ENpyxaf1dcr4bvtG:EIWiKZejmgAIKOcIsNpoQcIt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.50f273f4e9bd9a5a044fa2dd3b5e1450.exe

Files

NEAS.50f273f4e9bd9a5a044fa2dd3b5e1450.exe
.dll windows:6 windows x64

c8f3a4d6df57defa2ec281b77f6fe862

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
sendto
freeaddrinfo
htons
WSAEnumNetworkEvents
htonl
recv
WSAWaitForMultipleEvents
connect
socket
send
WSAEventSelect
WSAStartup
getaddrinfo
WSACreateEvent
select
WSAGetLastError
closesocket
WSACleanup

libssl-1_1-x64

SSL_read
SSL_CIPHER_get_name
SSL_connect
OPENSSL_init_ssl
SSL_free
SSL_get_peer_certificate
SSL_new
SSL_CTX_free
TLS_client_method
SSL_set_fd
SSL_CTX_new
SSL_write
SSL_get_current_cipher
SSL_get_error

libcrypto-1_1-x64

X509_get_subject_name
X509_get_signature_type
X509_get_issuer_name
OPENSSL_init_crypto
X509_get_version
ERR_load_ERR_strings
X509_NAME_cmp
X509_NAME_oneline
X509_get_extension_flags

libzstd

ZSTD_freeCCtx
ZSTD_compressBound
ZSTD_compressCCtx
ZSTD_createCCtx

kernel32

IsValidCodePage
FindFirstFileExW
CreatePipe
GetExitCodeProcess
SetStdHandle
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
ExitProcess
ExitThread
CreateProcessW
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
VirtualProtect
GetVersionExW
LoadLibraryExW
GetModuleHandleA
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeviceIoControl
FindClose
CreateFileW
GetLastError
GetFileAttributesA
CreateFileA
CloseHandle
WritePrivateProfileStringA
CreateDirectoryA
GetPrivateProfileIntA
GetPrivateProfileStringA
GetCurrentProcess
GetDiskFreeSpaceW
GetCurrentThreadId
GetPrivateProfileSectionA
Sleep
GetTempPathA
LoadLibraryA
GetLocalTime
GetProcAddress
GetCurrentProcessId
SetUnhandledExceptionFilter
FlushFileBuffers
CancelIo
VirtualFree
VirtualAlloc
ReadFileEx
GetOverlappedResult
SleepEx
CreateEventA
ReadFile
GetFileSizeEx
WriteFile
SetEndOfFile
GetTempPathW
SetFilePointerEx
FindFirstFileW
GetACP
CopyFileA
SetLastError
SetThreadPriority
GetVolumePathNameW
GetFileAttributesW
GetFileInformationByHandle
FormatMessageW
GetFileAttributesExW
GetDiskFreeSpaceExW
GetCurrentThread
DeleteFileW
LocalFree
RaiseException
CreateThread
GetModuleHandleW
GetTickCount
CreateMutexA
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
UnlockFileEx
CreateMutexW
WaitForSingleObject
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetDiskFreeSpaceA
OutputDebugStringW
FlushViewOfFile
WaitForSingleObjectEx
DeleteFileA
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetFileSize
DeleteCriticalSection
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetVolumeInformationW
GetVolumePathNameA
QueryDosDeviceW
FindFirstVolumeW
GetWindowsDirectoryW
FindVolumeClose
GetVolumePathNamesForVolumeNameW
FindNextVolumeW
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FindNextFileW
LockFileEx
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ResetEvent
SetEvent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
DuplicateHandle
GetExitCodeThread
RtlPcToFileHeader
EncodePointer
DecodePointer
GetStringTypeW
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc

user32

CharLowerBuffW
CharUpperBuffW

advapi32

GetTokenInformation
RegQueryValueExW
RegOpenKeyExW
OpenProcessToken

shell32

SHGetFolderPathA
SHGetFolderPathW

ole32

CoInitialize
CoSetProxyBlanket
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysStringLen
SysFreeString
SysAllocString

vssapi

CreateVssBackupComponentsInternal
VssFreeSnapshotPropertiesInternal

shlwapi

PathFileExistsA

Exports

Exports

DoBackup
StopBackup

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8f3a4d6df57defa2ec281b77f6fe862

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

libssl-1_1-x64

libcrypto-1_1-x64

libzstd

kernel32

user32

advapi32

shell32

ole32

oleaut32

vssapi

shlwapi

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 335KB - Virtual size: 334KB

.data Size: 52KB - Virtual size: 73KB

.pdata Size: 90KB - Virtual size: 89KB

.gfids Size: 3KB - Virtual size: 3KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 335KB - Virtual size: 334KB

.data
Size: 52KB - Virtual size: 73KB

.pdata
Size: 90KB - Virtual size: 89KB

.gfids
Size: 3KB - Virtual size: 3KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 8KB - Virtual size: 8KB