NEAS[.]5960a3e8d2b4be128181bd0e9f59ef30[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5960a3e8d2b4be128181bd0e9f59ef30.exe
Size

724KB
MD5

5960a3e8d2b4be128181bd0e9f59ef30
SHA1

c3de581aa0c3eb94c909996ac56bae50ac0234e0
SHA256

ce2de64679e34b3a8145ec8a84cf258d3e5ac657242664c7699a6edd5b8a5394
SHA512

4c491bd8cf0161febe2d85ce79398b37b17fa5ea36133592ccbf55da3a7724eb11b2897600dad1469f1bac6ef5508124a8038e12586a1517b3a39bc3ee1a1fa9
SSDEEP

12288:jZ5zrK5Iyxl+viT+3eKMDhS+KOU5ofBCjSKhNR8:jZ5/K5j+viTeMDhSJoBCLn8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5960a3e8d2b4be128181bd0e9f59ef30.exe

Files

NEAS.5960a3e8d2b4be128181bd0e9f59ef30.exe
.dll regsvr32 windows:4 windows x86

3b3cc7e60a0460b98dd6793f1a84d0dd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord4534
ord4949
ord2541
ord2954
ord6055
ord1776
ord2384
ord6370
ord5290
ord2983
ord3148
ord3260
ord4466
ord3269
ord2986
ord3080
ord4081
ord4624
ord4424
ord5825
ord723
ord648
ord985
ord334
ord423
ord5880
ord4459
ord4299
ord5033
ord2379
ord5805
ord4502
ord1168
ord836
ord823
ord535
ord2814
ord858
ord2811
ord2818
ord922
ord924
ord926
ord939
ord941
ord1601
ord665
ord1979
ord5442
ord3318
ord5186
ord354
ord640
ord2450
ord1641
ord2414
ord1640
ord323
ord3619
ord4396
ord3574
ord609
ord567
ord3663
ord3626
ord4275
ord4284
ord2859
ord3693
ord5788
ord3571
ord5785
ord1146
ord2380
ord5875
ord3874
ord5810
ord5481
ord2031
ord4411
ord4447
ord4335
ord4863
ord4975
ord5796
ord5478
ord1971
ord966
ord3570
ord278
ord605
ord4919
ord5480
ord2884
ord1175
ord1876
ord6571
ord5460
ord2014
ord6395
ord5455
ord3298
ord4483
ord1781
ord2793
ord2955
ord2858
ord5652
ord5019
ord5106
ord4921
ord5003
ord4730
ord4669
ord4490
ord4345
ord4338
ord1729
ord4647
ord5022
ord4493
ord4492
ord4512
ord4962
ord971
ord2058
ord4645
ord2548
ord5508
ord5956
ord4037
ord3268
ord420
ord720
ord4382
ord4388
ord3141
ord5824
ord2614
ord1949
ord809
ord818
ord1200
ord1205
ord1176
ord556
ord1088
ord2122
ord1270
ord1232
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord755
ord2381
ord2754
ord6194
ord470
ord4133
ord4297
ord5787
ord283
ord3573
ord472
ord2864
ord6358
ord3089
ord763
ord483
ord4160
ord2527
ord482
ord4333
ord2820
ord3811
ord6197
ord6605
ord5440
ord6383
ord5450
ord6394
ord3810
ord801
ord541
ord4278
ord4204
ord6283
ord6385
ord6282
ord3408
ord3227
ord3425
ord3054
ord3880
ord6883
ord834
ord5934
ord6143
ord5710
ord5683
ord919
ord1871
ord2740
ord2801
ord1567
ord268
ord4083
ord4317
ord6329
ord879
ord882
ord6170
ord3706
ord6400
ord1264
ord2394
ord2652
ord1265
ord2129
ord1669
ord3223
ord3221
ord4386
ord1093
ord2593
ord777
ord2564
ord2042
ord2563
ord6009
ord353
ord5823
ord3664
ord415
ord715
ord5597
ord1081
ord5605
ord3993
ord2761
ord3976
ord501
ord773
ord1083
ord1992
ord613
ord289
ord5856
ord925
ord551
ord3337
ord4033
ord2860
ord4277
ord4129
ord2763
ord5821
ord3662
ord812
ord2841
ord414
ord559
ord713
ord2809
ord2970
ord6880
ord4287
ord6144
ord5053
ord1706
ord430
ord786
ord2461
ord5572
ord6389
ord2915
ord519
ord6311
ord2784
ord2764
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord2504
ord5903
ord5510
ord1652
ord429
ord1829
ord3754
ord3752
ord520
ord2634
ord6141
ord4667
ord5862
ord4045
ord5610
ord5604
ord5981
ord2107
ord798
ord533
ord2096
ord384
ord3499
ord2515
ord355
ord4544
ord3274
ord3579
ord439
ord736
ord5495
ord5685
ord4226
ord3402
ord6741
ord6508
ord3092
ord6453
ord6766
ord6919
ord2642
ord928
ord3758
ord1656
ord2464
ord5575
ord839
ord433
ord850
ord434
ord465
ord6199
ord6781
ord3610
ord656
ord2089
ord816
ord562
ord1105
ord4224
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord796
ord674
ord1126
ord554
ord529
ord6491
ord366
ord795
ord620
ord807
ord5884
ord2921
ord2012
ord6565
ord6146
ord5885
ord5882
ord5883
ord2453
ord2862
ord6625
ord686
ord6619
ord2086
ord4457
ord5252
ord1768
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord6877
ord5951
ord5953
ord4476
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord2575
ord3721
ord692
ord932
ord5933
ord934
ord837
ord920
ord464
ord2141
ord3097
ord348
ord663
ord765
ord6299
ord3698
ord6734
ord6920
ord6402
ord3521
ord2411
ord2023
ord4218
ord4398
ord3582
ord616
ord3317
ord3095
ord3742
ord2152
ord6379
ord815
ord2724
ord3952
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922

msvcrt

strtoul
atoi
_beginthreadex
wcsncpy
wcslen
_splitpath
ceil
memmove
_mbscmp
atof
_ftol
_strlwr
atol
_purecall
__CxxFrameHandler
__dllonexit
_onexit
??1type_info@@UAE@XZ
free
_initterm
malloc
_adjust_fdiv
_CxxThrowException

kernel32

WriteFile
GetCurrentThreadId
CreateFileA
CreateDirectoryA
Beep
SetCurrentDirectoryA
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
TerminateThread
SetEvent
ResetEvent
WaitForSingleObject
FindResourceA
LoadResource
SizeofResource
LockResource
ResumeThread
CloseHandle
CreateEventA
GetLocalTime
GlobalSize
GetVersionExA
GlobalReAlloc
GlobalLock
GlobalAlloc
GlobalHandle
GlobalUnlock
GlobalFree
MulDiv
LocalFree
lstrlenA
MultiByteToWideChar
GetLastError
InterlockedDecrement
GetFileAttributesA
WideCharToMultiByte
LocalAlloc

user32

GetParent
ReleaseCapture
SetCursor
SetCapture
GetCursorPos
ScreenToClient
PtInRect
SetRect
GrayStringA
DrawTextA
TabbedTextOutA
GetClientRect
GetClassInfoA
DefWindowProcA
IsWindow
EqualRect
SendMessageA
SetWindowPos
IsWindowVisible
DrawFocusRect
LoadBitmapA
GetSystemMetrics
InvalidateRect
GetDC
ReleaseDC
MessageBoxA
SetTimer
EnableWindow
ClipCursor
InvertRect
LoadIconA
FindWindowA
SetWindowRgn
GetSubMenu
LoadMenuA
GetComboBoxInfo
GetClassNameA
GetWindow
GetKeyState
SetRectEmpty
GetCapture
DrawMenuBar
DeleteMenu
GetSystemMenu
SetWindowLongA
CopyRect
GetWindowRect
FillRect
SystemParametersInfoA
InflateRect
DrawEdge
FrameRect
GetSysColor
IntersectRect
KillTimer
IsClipboardFormatAvailable
GetMessagePos
GetFocus
OffsetRect
PostMessageA
GetWindowLongA
GetDesktopWindow
SetWindowsHookExA
GetUpdateRect
UnhookWindowsHookEx
CallNextHookEx
MoveWindow
ClientToScreen
WindowFromPoint
IsRectEmpty
LoadCursorA
GetDoubleClickTime

gdi32

RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
GetTextColor
GetTextExtentPoint32A
Rectangle
Ellipse
CreateSolidBrush
DeleteObject
AbortDoc
EndDoc
StartPage
EndPage
GetDeviceCaps
StartDocA
GetDIBits
PtVisible
StretchDIBits
PatBlt
CreatePenIndirect
CreateBrushIndirect
CreatePolygonRgn
CreateEllipticRgn
CreateRoundRectRgn
PtInRegion
CreateRectRgnIndirect
Polygon
LPtoDP
Arc
ExtCreatePen
GetCurrentObject
DeleteDC
GetTextMetricsA
SetBrushOrgEx
SetPixel
DPtoLP
RealizePalette
SelectPalette
GetStockObject
CreateDCA
CreateCompatibleBitmap
GetBkColor
BitBlt
CreateFontIndirectA
CreateCompatibleDC
GetObjectA
StretchBlt
CreatePen
RoundRect
CreateFontA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

_TrackMouseEvent
ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Draw
ImageList_GetImageInfo
ImageList_SetBkColor

ole32

CoInitialize
CoUninitialize
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
CreateStreamOnHGlobal

olepro32

ord251

oleaut32

SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SysAllocString
VariantInit
VariantChangeType
VariantClear
SysFreeString
GetErrorInfo
LoadRegTypeLi

wsock32

ioctlsocket
htons
gethostname

winmm

PlaySoundA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 368KB - Virtual size: 367KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 437KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b3cc7e60a0460b98dd6793f1a84d0dd

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

olepro32

oleaut32

wsock32

winmm

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 367KB

.rdata Size: 72KB - Virtual size: 70KB

.data Size: 12KB - Virtual size: 437KB

.rsrc Size: 220KB - Virtual size: 219KB

.reloc Size: 48KB - Virtual size: 46KB

.text
Size: 368KB - Virtual size: 367KB

.rdata
Size: 72KB - Virtual size: 70KB

.data
Size: 12KB - Virtual size: 437KB

.rsrc
Size: 220KB - Virtual size: 219KB

.reloc
Size: 48KB - Virtual size: 46KB