NEAS[.]79babb48bdab26ceafa2fc01c3345d00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.79babb48bdab26ceafa2fc01c3345d00.exe
Size

236KB
MD5

79babb48bdab26ceafa2fc01c3345d00
SHA1

67cb8290211134e4b139d64f9dccacb255bc03c8
SHA256

b3ad2877c0729c369aea300e14dbcc161cfbd5978003bc473ca52ebf7bc577e1
SHA512

6aca1b8d677fc9e3763ea7e39db5b773980228070bc8c8165a69c752b0e7b6a167250b9fabd93ddcf16664659a441049abe3d150ac0ae233a95993abb9702da7
SSDEEP

3072:tVi7QUcUD33IY9vRgniqFi1ZiCtI5h3+uSQoOYVotEITp8Ot36Zf9aBYwbQVGQgx:DE3FvGn9FwZiC2XqadADaBxMNzlgT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.79babb48bdab26ceafa2fc01c3345d00.exe

Files

NEAS.79babb48bdab26ceafa2fc01c3345d00.exe
.exe windows:4 windows x86

f43454f6101297b447892f27f152f3c6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

upgradefileutil

?O000OO@CUpgradeFileUtil@@QAEHHPAE0@Z
??0CUpgradeFileUtil@@QAE@XZ

kernel32

MoveFileA
DeleteFileA
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetStringTypeExA
GetThreadLocale
GetShortPathNameA
GetFileAttributesA
GetFileSize
GetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileTime
SetFileAttributesA
RtlUnwind
CreateDirectoryA
RaiseException
GetStartupInfoA
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapReAlloc
HeapSize
CreateThread
ExitThread
GetACP
TerminateProcess
SetEndOfFile
SetHandleCount
GetStdHandle
GetFileType
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
GetLocaleInfoW
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetCurrentDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetOEMCP
GetCPInfo
GetCurrentThread
LoadLibraryA
FreeLibrary
FindResourceA
LoadResource
LockResource
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
GetModuleHandleA
GetProcAddress
GetProcessVersion
CreateEventA
SuspendThread
GetCurrentThreadId
SetThreadPriority
ResumeThread
SetEvent
WaitForSingleObject
CloseHandle
GetVersion
GlobalFlags
lstrcmpA
MulDiv
CopyFileA
GlobalSize
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalAlloc
GlobalReAlloc
TlsFree
GlobalHandle
GlobalFree
TlsAlloc
LocalAlloc
GetModuleFileNameA
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalLock
GlobalUnlock
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
lstrcpynA
lstrlenW
lstrcmpiA
FormatMessageA
LocalFree
WideCharToMultiByte
InterlockedIncrement
GetComputerNameA
InterlockedDecrement
lstrlenA
MultiByteToWideChar
FatalAppExitA

user32

GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
LoadBitmapA
GetMenuCheckMarkDimensions
PostQuitMessage
DestroyMenu
ShowOwnedPopups
SetCursor
DeleteMenu
CharUpperA
MapWindowPoints
SetActiveWindow
IsWindow
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
TrackPopupMenu
SetWindowPlacement
DefWindowProcA
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
LoadIconA
SetForegroundWindow
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ScreenToClient
ShowWindow
SetWindowPos
MoveWindow
SetWindowLongA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
SendDlgItemMessageA
GetDlgItemTextA
GetDlgItemInt
GetDlgItem
CheckRadioButton
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorA
GetSystemMetrics
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
wsprintfA
GetScrollPos
SetScrollPos
wvsprintfA
PostMessageA
GetForegroundWindow
UpdateWindow
SetFocus
GetFocus
GetDesktopWindow
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
RemoveMenu
GetMenuItemCount
GetSubMenu
GetMenuState
GetMenuStringA
AppendMenuA
GetMenuItemID
InsertMenuA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
EnableWindow
UnhookWindowsHookEx
GetWindowTextLengthA
GetWindowTextA
LoadStringA
OemToCharA
CharToOemA
MessageBoxA
CheckDlgButton

gdi32

GetObjectType
EnumMetaFile
PlayMetaFile
GetViewportExtEx
GetWindowExtEx
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
PlayMetaFileRecord
ExtTextOutA
ArcTo
Escape
GetDCOrgEx
GetObjectA
CreateBitmap
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
GetDeviceCaps
CreateDCA
TextOutA
CopyMetaFileA
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
DeleteObject
SetArcDirection

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegSetValueA

shell32

DragAcceptFiles
SHGetFileInfoA

comctl32

ord17

ole32

SetConvertStg
CreateBindCtx
OleDuplicateData
CoTaskMemAlloc
WriteFmtUserTypeStg
CoDisconnectObject
CoInitialize
CoCreateInstance
CoUninitialize
WriteClassStg
OleRegGetUserType
ReadFmtUserTypeStg
ReadClassStg
CoTreatAsClass
StringFromCLSID
ReleaseStgMedium
CoTaskMemFree

oleaut32

SafeArrayGetUBound
SetErrorInfo
GetErrorInfo
LoadTypeLi
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCopy
VarBstrFromDate
VarDateFromStr
VarBstrFromCy
VarCyFromStr
SysStringByteLen
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SysFreeString
VariantCopy
VariantClear
VariantChangeType
SysAllocStringLen
SysReAllocStringLen
SysAllocString
SysStringLen
SysAllocStringByteLen
SafeArrayUnaccessData
SafeArrayAccessData
CreateErrorInfo
VariantInit

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f43454f6101297b447892f27f152f3c6

Headers

File Characteristics

Imports

upgradefileutil

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

oleaut32

Sections

.text Size: 172KB - Virtual size: 171KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 20KB - Virtual size: 32KB

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 20KB - Virtual size: 32KB