NEAS[.]787e1c59de461a02b1d917cc7ad895f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.787e1c59de461a02b1d917cc7ad895f0.exe
Size

2.7MB
MD5

787e1c59de461a02b1d917cc7ad895f0
SHA1

4b138fd0e4ee253685c7c7b65ffabe3ad704f09c
SHA256

64551ef35ecf4af8641c89241a623e0fe02d53f8edb89171adf7597e65570276
SHA512

1d9c51bf566082565f03d32dde2226ba71e4cc746598a8857706718d1c5986304a16dd70d753e582e952be470e03d144c5c30209eb86904e325223d8a39b3e4a
SSDEEP

49152:eF5Y3vF36p9e0CxRgs85R9uNaTQBVbjFFiVpDa9qhTwpxVLBFZ9wJNxajCWQC01g:UY3vF36p9e0CxRgs85R9uNaTQBVbjFFu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.787e1c59de461a02b1d917cc7ad895f0.exe

Files

NEAS.787e1c59de461a02b1d917cc7ad895f0.exe
.dll windows:6 windows x64

d07d8af88d5a1c20576ad87a3885f744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

FindClose
GetModuleHandleA
HeapSize
Sleep
GetCurrentThread
LockResource
QueryPerformanceFrequency
HeapReAlloc
RaiseException
WritePrivateProfileStringA
CreateThread
FindResourceExW
LoadResource
FindResourceW
HeapAlloc
HeapDestroy
Beep
GetProcAddress
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
CreateDirectoryA
QueryPerformanceCounter
GetPrivateProfileStringA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
VirtualFree
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapCreate
VirtualProtect
GetCurrentProcess
Thread32Next
Thread32First
SuspendThread
ResumeThread
CreateToolhelp32Snapshot
GetThreadContext
GetModuleHandleW
FlushInstructionCache
SetThreadContext
OpenThread
OutputDebugStringW
GetFileInformationByHandleEx
AreFileApisANSI
GetFileAttributesExW
FindNextFileW
FindFirstFileExW
FindFirstFileW
CreateDirectoryW
GetLocaleInfoEx
FormatMessageA
LocalFree
InitializeSListHead
GetSystemTimeAsFileTime
IsDebuggerPresent
HeapFree
SizeofResource
MultiByteToWideChar
GetModuleFileNameW
lstrlenW
WaitNamedPipeW
GetCurrentProcessId
CloseHandle
GetLastError
SetLastError
CreateFileW
PeekNamedPipe
InitializeCriticalSectionEx
WriteFile
ReadFile
GetCurrentThreadId
CreateFileA
GetFileSizeEx
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent

user32

GetKeyState
ScreenToClient
GetCapture
ClientToScreen
TrackMouseEvent
GetForegroundWindow
LoadCursorW
SetCapture
SetCursor
GetClientRect
IsWindowUnicode
ReleaseCapture
SetCursorPos
OpenClipboard
CloseClipboard
EmptyClipboard
GetClipboardData
SetClipboardData
GetWindowThreadProcessId
CallWindowProcW
MessageBoxW
SetWindowLongPtrW
GetSystemMetrics
GetAsyncKeyState
EnumWindows
GetCursorPos

advapi32

RegCreateKeyExW
RegSetValueExW
RegCloseKey

msvcp140

?_Winerror_map@std@@YAHH@Z
?_Random_device@std@@YAIXZ
?_Syserror_map@std@@YAPEBDH@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@M@Z
?uncaught_exception@std@@YA_NXZ
_Cnd_broadcast
_Mtx_unlock
_Thrd_join
_Xtime_get_ticks
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
_Cnd_timedwait
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_init_in_situ
_Mtx_current_owns
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
_Cnd_destroy_in_situ

d3d11

D3D11CreateDeviceAndSwapChain

d3dx11_43

D3DX11CreateShaderResourceViewFromMemory

urlmon

URLDownloadToFileA

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

winmm

PlaySoundA

imm32

ImmReleaseContext
ImmSetCandidateWindow
ImmGetContext
ImmSetCompositionWindow

d3dcompiler_43

D3DCompile

vcruntime140

memchr
longjmp
memcmp
__C_specific_handler
__intrinsic_setjmp
strrchr
memset
memcpy
strstr
memmove
_CxxThrowException
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_invalid_parameter_noinfo_noreturn
_beginthreadex
terminate
_errno
_invalid_parameter_noinfo
_initialize_narrow_environment

api-ms-win-crt-time-l1-1-0

_time64

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vswprintf
fflush
fclose
__stdio_common_vsprintf_s
fwrite
fread
__stdio_common_vsprintf
ftell
fseek
_wfopen
__stdio_common_vsscanf

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

strncpy
toupper
strncmp
strcmp
strcpy_s

api-ms-win-crt-math-l1-1-0

atan2f
atan2
fmodf
cos
acosf
asinf

api-ms-win-crt-convert-l1-1-0

strtol
atof
atoi

api-ms-win-crt-filesystem-l1-1-0

remove

api-ms-win-crt-utility-l1-1-0

qsort
rand

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func

Sections

.jfvhj
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.jifd
Size: 484KB - Virtual size: 484KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.9dl1tv
Size: 546KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.26xzp
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uvan
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vonw
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hq1lh
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.yzp7zc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d07d8af88d5a1c20576ad87a3885f744

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

msvcp140

d3d11

d3dx11_43

urlmon

ntdll

winmm

imm32

d3dcompiler_43

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.jfvhj Size: 1.6MB - Virtual size: 1.6MB

.jifd Size: 484KB - Virtual size: 484KB

.9dl1tv Size: 546KB - Virtual size: 768KB

.26xzp Size: 46KB - Virtual size: 46KB

.uvan Size: 9KB - Virtual size: 8KB

.vonw Size: 512B - Virtual size: 24B

.hq1lh Size: 77KB - Virtual size: 76KB

.yzp7zc Size: 5KB - Virtual size: 5KB

.jfvhj
Size: 1.6MB - Virtual size: 1.6MB

.jifd
Size: 484KB - Virtual size: 484KB

.9dl1tv
Size: 546KB - Virtual size: 768KB

.26xzp
Size: 46KB - Virtual size: 46KB

.uvan
Size: 9KB - Virtual size: 8KB

.vonw
Size: 512B - Virtual size: 24B

.hq1lh
Size: 77KB - Virtual size: 76KB

.yzp7zc
Size: 5KB - Virtual size: 5KB