NEAS[.]5d368f24def2c4dc47c017f7e9772300[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5d368f24def2c4dc47c017f7e9772300.exe
Size

2.0MB
MD5

5d368f24def2c4dc47c017f7e9772300
SHA1

5d0d9edcce0d4a056b5ad9d474d59a17e0e20cca
SHA256

8f0c1ce06939780b74e2daa6317722634d0e63402162f0b505e10341bc8b47d3
SHA512

7906bfad5f3fa441324c15ca89913ab26110830e56173294e584f6e312f62e3d07f39a99b36a3088b3a19c2efec1c7b44a2172475615b8871397c96301f997e1
SSDEEP

24576:isdFa3EjB/N6BKnzcVsLEeX/Kv/SQ7rBq+8sqjnhMgeiCl7G0nehbGZpbDi:igamN6wn0sL/X/ebPBaDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5d368f24def2c4dc47c017f7e9772300.exe

Files

NEAS.5d368f24def2c4dc47c017f7e9772300.exe
.exe windows:10 windows x64

f052b65bb8fcca7add98f7c2391396e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

__wgetmainargs
__set_app_type
memcpy
memmove
__CxxFrameHandler3
memcmp
memset
_vsnprintf
_amsg_exit
_XcptFilter
iswdigit
_CxxThrowException
??0exception@@QEAA@AEBQEBDH@Z
_callnewh
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBD@Z
wcsstr
qsort
_onexit
_errno
_beginthreadex
wcsncmp
_wcsicmp
wcstoul
_wcsnicmp
exit
_exit
wcsrchr
iswspace
_purecall
towupper
wcscat_s
_vsnprintf_s
malloc
realloc
free
??0exception@@QEAA@XZ
memmove_s
memcpy_s
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
_vsnwprintf
__C_specific_handler
__dllonexit
__setusermatherr
_initterm
_wcmdln
_fmode
_commode
_unlock
_lock
?terminate@@YAXXZ
wcstok
??1type_info@@UEAA@XZ
_cexit
_vscwprintf
wcscmp

oleaut32

VariantInit
GetErrorInfo
SysAllocString
SysFreeString
SysAllocStringLen
LoadRegTypeLi
VariantClear
VariantChangeType
VariantCopy
VarUI4FromStr
SysStringLen

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForMultipleObjectsEx
CreateEventW
LeaveCriticalSection
ResetEvent
ReleaseSRWLockExclusive
CreateSemaphoreExW
ReleaseSRWLockShared
ReleaseSemaphore
CreateMutexExW
CreateWaitableTimerExW
SetWaitableTimer
CancelWaitableTimer
SetEvent
OpenSemaphoreW
InitializeCriticalSectionEx
AcquireSRWLockShared
AcquireSRWLockExclusive
WaitForSingleObjectEx
WaitForSingleObject
ReleaseMutex
InitializeCriticalSectionAndSpinCount

api-ms-win-eventing-provider-l1-1-0

EventWriteTransfer
EventSetInformation
EventUnregister
EventRegister

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetErrorMode
RaiseException
GetLastError
SetLastError

api-ms-win-core-synch-l1-2-0

InitOnceBeginInitialize
InitOnceComplete
Sleep

api-ms-win-core-processthreads-l1-1-0

CreateThread
GetCurrentThread
GetCurrentProcessId
OpenThread
TerminateProcess
OpenProcessToken
ResumeThread
OpenThreadToken
GetCurrentThreadId
GetCurrentProcess
GetStartupInfoW
SetThreadPriority

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoTaskMemFree
CoTaskMemRealloc
CoRegisterClassObject
CoRevokeClassObject
CoDisconnectContext
CoCreateInstance
CoGetCallContext
CoUninitialize
CoCreateGuid
CoInitializeEx
CoRevertToSelf
CoImpersonateClient
CoSetProxyBlanket
CoGetObjectContext
CLSIDFromString
CoFreeUnusedLibraries
CoGetClassObject
StringFromCLSID
CoInitializeSecurity

api-ms-win-core-string-l1-1-0

CompareStringW
MultiByteToWideChar

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-memory-l1-1-0

VirtualQuery
VirtualProtect
VirtualAlloc

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemInfo
GetTickCount
GetSystemTimeAsFileTime
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetComputerNameExW
GetVersionExW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
DebugBreak
OutputDebugStringW

api-ms-win-core-heap-l1-1-0

HeapSetInformation
HeapAlloc
HeapFree
GetProcessHeap

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetModuleHandleExW
LoadLibraryExW
GetModuleFileNameA
SizeofResource
LoadResource
LoadStringW
GetModuleHandleW
FindResourceExW
GetProcAddress
FreeLibrary

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-string-l2-1-0

CharPrevW
CharNextW

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegDeleteTreeW
RegQueryValueExW
RegEnumValueW
RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteValueW

api-ms-win-core-string-obsolete-l1-1-0

lstrcpynW
lstrcmpiW

ntdll

RtlNtStatusToDosError
RtlAdjustPrivilege
EtwTraceMessage
NtThawRegistry
NtFreezeRegistry
NtQueryInformationProcess
NtClose
NtCreateSymbolicLinkObject
RtlInitUnicodeString
NtThawTransactions
NtFreezeTransactions
NtQuerySystemInformation
RtlNtStatusToDosErrorNoTeb
NtQueryVolumeInformationFile
EtwUnregisterTraceGuids
EtwRegisterTraceGuidsW
EtwGetTraceEnableFlags
EtwGetTraceEnableLevel
EtwGetTraceLoggerHandle

api-ms-win-service-core-l1-1-0

SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW
ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-core-file-l1-1-0

FlushFileBuffers
DefineDosDeviceW
DeleteVolumeMountPointW
FindFirstVolumeW
GetFileAttributesW
GetVolumePathNameW
QueryDosDeviceW
CreateDirectoryW
SetFileAttributesW
GetDriveTypeW
ReadFile
FindNextVolumeW
DeleteFileW
FindFirstFileW
FindNextFileW
FindClose
WriteFile
CreateFileW
GetVolumeInformationW
FindVolumeClose
GetDiskFreeSpaceW

api-ms-win-core-io-l1-1-0

GetOverlappedResult
DeviceIoControl

api-ms-win-core-file-l1-2-0

GetVolumePathNamesForVolumeNameW
GetVolumeNameForVolumeMountPointW

api-ms-win-security-base-l1-1-0

DuplicateToken
AllocateAndInitializeSid
CheckTokenMembership
PrivilegeCheck
InitializeAcl
GetTokenInformation
FreeSid
AdjustTokenPrivileges
CreateWellKnownSid
EqualSid
SetSecurityDescriptorDacl
CopySid
SetSecurityDescriptorGroup
GetAclInformation
GetAce
AddAce
AddAccessDeniedAceEx
AddAccessAllowedAceEx
IsValidSid
AccessCheck
GetSidSubAuthorityCount
EqualDomainSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
AddAccessAllowedAce
GetLengthSid

api-ms-win-core-kernel32-legacy-l1-1-1

SetVolumeMountPointW

rpcrt4

I_RpcBindingInqLocalClientPID
RpcStringFreeW
UuidToStringW

devobj

DevObjEnumDeviceInterfaces
DevObjCreateDeviceInfoList
DevObjGetDeviceRegistryProperty
DevObjGetDeviceInterfaceDetail
DevObjEnumDeviceInfo
DevObjGetClassDevs
DevObjUninstallDevice
DevObjDestroyDeviceInfoList

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-service-private-l1-1-0

I_ScRegisterDeviceNotification
I_ScUnregisterDeviceNotification

api-ms-win-core-kernel32-legacy-l1-1-0

GetComputerNameW

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlCaptureContext
RtlVirtualUnwind

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

vssapi

LoadVssSnapshotSetDescription
CreateWriterEx
CreateWriter
VssFreeSnapshotPropertiesInternal
CreateVssSnapshotSetDescription

vsstrace

ord2
ord4
ord5
ord3
ord6
ord10
ord8
ord7
ord1
ord11
ord9

api-ms-win-eventlog-legacy-l1-1-0

DeregisterEventSource
ReportEventW
RegisterEventSourceW

authz

AuthzRegisterSecurityEventSource
AuthzReportSecurityEventFromParams
AuthzUnregisterSecurityEventSource

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-psapi-l1-1-0

QueryFullProcessImageNameW

api-ms-win-core-timezone-l1-1-0

GetTimeZoneInformation

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

virtdisk

GetStorageDependencyInformation

bcd

BcdOpenSystemStore
BcdCloseStore
BcdForciblyUnloadStore
BcdCloseObject
BcdGetElementData
BcdOpenObject

api-ms-win-core-util-l1-1-0

EncodePointer

Sections

.text
Size: 997KB - Virtual size: 997KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 416KB - Virtual size: 416KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f052b65bb8fcca7add98f7c2391396e7

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

oleaut32

api-ms-win-core-localization-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

ntdll

api-ms-win-service-core-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-file-l1-2-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-1

rpcrt4

devobj

api-ms-win-core-file-l2-1-0

api-ms-win-service-private-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

vssapi

vsstrace

api-ms-win-eventlog-legacy-l1-1-0

authz

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

virtdisk

bcd

api-ms-win-core-util-l1-1-0

Sections

.text Size: 997KB - Virtual size: 997KB

.rdata Size: 416KB - Virtual size: 416KB

.data Size: 1KB - Virtual size: 5KB

.pdata Size: 31KB - Virtual size: 30KB

.didat Size: 512B - Virtual size: 336B

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 997KB - Virtual size: 997KB

.rdata
Size: 416KB - Virtual size: 416KB

.data
Size: 1KB - Virtual size: 5KB

.pdata
Size: 31KB - Virtual size: 30KB

.didat
Size: 512B - Virtual size: 336B

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 568KB - Virtual size: 572KB