NEAS[.]99c0ac03caee3e100e03861ccaa3afe0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.99c0ac03caee3e100e03861ccaa3afe0.exe
Size

2.8MB
MD5

99c0ac03caee3e100e03861ccaa3afe0
SHA1

37871f5077bb2196076666505ee564027bea638b
SHA256

d5015fdd12c5d8b4de3abf50cd005d9f93130bbc481461a14db83db4c5bb063f
SHA512

ff28cf6f84a9e6fed304d03542215e8656dc1abe93ce14a263cc79727b1bd1ec023b3d3b3ebef04127b642e5bc172f4fc3a907616f572238ea7e214861161e77
SSDEEP

49152:a7VwASOhGtlqIjIU6iuGMJyJJVx5TP2U1sCIhWCFJ4pXT+7ezbqw0/pdPTFIKG3:Ds+uPVg4Kmw0xBFI5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.99c0ac03caee3e100e03861ccaa3afe0.exe

Files

NEAS.99c0ac03caee3e100e03861ccaa3afe0.exe
.exe windows:5 windows x64

62886c44064a12f08bcaf972d32a66cd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ws2_32

closesocket
connect
ioctlsocket
getsockopt
htonl
bind
htons
WSACleanup
WSAGetLastError
WSASetLastError
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
shutdown
setsockopt
send
select
recv
ntohs
inet_ntoa
inet_addr
__WSAFDIsSet

psapi

GetModuleFileNameExW

advapi32

RegisterEventSourceW
DeregisterEventSource
ReportEventW

shlwapi

PathIsRelativeW

dbghelp

StackWalk64
SymInitialize
SymCleanup
SymGetOptions
SymSetOptions

bcrypt

BCryptGenRandom

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetFileSizeEx
MoveFileExW
DeleteFileW
FlushFileBuffers
SetFilePointerEx
SetEndOfFile
GetConsoleCP
SetEnvironmentVariableW
GetFullPathNameW
GetCurrentDirectoryW
LCMapStringW
CompareStringW
HeapReAlloc
HeapFree
HeapAlloc
GetStringTypeW
GetProcessHeap
HeapSize
SetStdHandle
DeleteFiber
OutputDebugStringW
GetCommandLineW
GetCommandLineA
ReadFile
SetConsoleCtrlHandler
FreeLibraryAndExitThread
ExitThread
CreateThread
DuplicateHandle
QueryPerformanceCounter
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetSystemDirectoryA
FreeLibrary
GetProcAddress
LoadLibraryA
FormatMessageW
FindClose
FindFirstFileW
FindNextFileW
lstrcmpiA
GetModuleHandleW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
WaitForMultipleObjectsEx
GetCurrentThreadId
GetExitCodeThread
GetCurrentProcess
GetCurrentThread
SetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetEnvironmentVariableW
GetFileType
WriteFile
SwitchToFiber
CreateFiber
GetSystemTimeAsFileTime
ConvertFiberToThread
ConvertThreadToFiber
RtlVirtualUnwind
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetSystemTime
SystemTimeToFileTime
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetTimeZoneInformation
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
ExitProcess
WriteConsoleW
RtlUnwindEx
LoadLibraryExW
RaiseException
GetModuleFileNameW
GetModuleHandleExW

user32

MessageBoxW
GetProcessWindowStation
GetUserObjectInformationW

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

62886c44064a12f08bcaf972d32a66cd

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

psapi

advapi32

shlwapi

dbghelp

bcrypt

kernel32

user32

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 678KB - Virtual size: 678KB

.data Size: 27KB - Virtual size: 66KB

.pdata Size: 72KB - Virtual size: 71KB

_RDATA Size: 512B - Virtual size: 148B

.rsrc Size: 1KB - Virtual size: 1KB

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 678KB - Virtual size: 678KB

.data
Size: 27KB - Virtual size: 66KB

.pdata
Size: 72KB - Virtual size: 71KB

_RDATA
Size: 512B - Virtual size: 148B

.rsrc
Size: 1KB - Virtual size: 1KB