NEAS[.]9649099c8313ca9cbeccf68c0ed60480[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9649099c8313ca9cbeccf68c0ed60480.exe
Size

864KB
MD5

9649099c8313ca9cbeccf68c0ed60480
SHA1

ab1477303acee93916d646b626ce632f21203626
SHA256

c68631ee0fce50706d2a5c2d0ca671fcad7461e2c1a55251d2bccd5f90cbd961
SHA512

e03e173c0a96e03a5478893d4a8d66e74d5a52161e55c0a3c4a59dc2b1da7f47760c2c805df2d704bf75f797038c5987092e80a75bb529d7a7215ea5b5e79675
SSDEEP

12288:ptqyN5yUjJWEtkgTQe9mi+QLf2gJLXSFtGin:DqyLy8wEtkgkm+Qz2gden

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9649099c8313ca9cbeccf68c0ed60480.exe

Files

NEAS.9649099c8313ca9cbeccf68c0ed60480.exe
.exe windows:4 windows x86

3b95b80e170130cd0d9c40b668d04fc9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord1088
ord2122
ord5785
ord1640
ord323
ord2859
ord6197
ord2393
ord690
ord1988
ord2763
ord5353
ord5356
ord5808
ord1075
ord5204
ord3229
ord1228
ord389
ord6385
ord665
ord5186
ord354
ord3702
ord1146
ord501
ord773
ord5600
ord3521
ord6402
ord1105
ord640
ord2450
ord5875
ord6172
ord1979
ord5201
ord3319
ord369
ord1980
ord5922
ord3215
ord5311
ord5440
ord6383
ord5450
ord6394
ord4673
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord4622
ord3738
ord815
ord561
ord6215
ord4627
ord2864
ord6117
ord2621
ord1134
ord2725
ord3610
ord656
ord2302
ord801
ord541
ord2135
ord818
ord1200
ord6379
ord6880
ord3092
ord2642
ord6453
ord5981
ord1175
ord6380
ord4299
ord6119
ord283
ord6358
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord3337
ord2915
ord2820
ord3811
ord5873
ord2688
ord939
ord3721
ord795
ord2971
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord755
ord2566
ord2753
ord6194
ord470
ord3584
ord543
ord803
ord941
ord1949
ord4034
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5277
ord2124
ord2446
ord5261
ord1727
ord5065
ord3749
ord6376
ord2055
ord2648
ord4441
ord4837
ord3798
ord4353
ord6374
ord1576
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord5265
ord2764
ord4129
ord858
ord4277
ord540
ord2818
ord537
ord535
ord3663
ord2414
ord3626
ord800
ord825
ord1793
ord809
ord556
ord609
ord3571
ord3574
ord4396
ord2575
ord3572
ord2574
ord1168
ord6199
ord3874
ord4275
ord567
ord4424
ord3402
ord5290
ord1776
ord6055
ord539
ord6663
ord6662
ord4278
ord4202
ord823
ord3441
ord3435
ord5628
ord5634
ord4191
ord702
ord400
ord696
ord394
ord2379
ord5280
ord4710
ord1768
ord6334
ord4853
ord4376
ord4234
ord2370
ord324
ord860
ord641
ord3597
ord4220
ord4425
ord1641
ord2086
ord3619

msvcrt

_setmbcp
__CxxFrameHandler
_lseeki64
_itoa
atoi
atol
_mbscmp
_ftol
_except_handler3
strncmp
strncpy
sprintf
memmove
_CxxThrowException
_close
_read
_lseek
time
_open
fclose
fopen
memchr
printf
isalpha
strchr
_strlwr
free
malloc
rand
srand
fflush
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
getenv
sscanf
fwrite
memcpy
memset

kernel32

WaitForMultipleObjects
ResetEvent
GetTickCount
FindFirstFileA
CompareFileTime
GlobalAlloc
GlobalReAlloc
GlobalFree
WaitForSingleObject
lstrlenA
TerminateProcess
CreateThread
lstrcpynA
LocalAlloc
LocalFree
CreateEventA
SetEvent
CreateMutexA
GetModuleFileNameA
CreateProcessA
Sleep
GetSystemDirectoryA
GetCurrentDirectoryA
GetComputerNameA
SetCurrentDirectoryA
SetEndOfFile
GetWindowsDirectoryA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
SetFilePointer
WriteFile
GetVersionExA
GetCurrentProcessId
Process32First
Process32Next
GetModuleHandleA
LoadLibraryA
OpenProcess
FreeLibrary
CreateToolhelp32Snapshot
GetLastError
CreateFileA
ReadFile
CloseHandle
OutputDebugStringA
GlobalMemoryStatus
GetCurrentThread
GetCurrentProcess
GetPriorityClass
GetThreadPriority
SetPriorityClass
SetThreadPriority
SleepEx
lstrcpyA
lstrcmpiA
GetProcAddress
GetCurrentThreadId
GetStartupInfoA

user32

LoadBitmapA
DestroyIcon
FindWindowA
IsWindowVisible
GetDesktopWindow
GetWindowThreadProcessId
SetForegroundWindow
SystemParametersInfoA
DrawTextA
PostMessageA
LoadIconA
CharLowerBuffA
GetAsyncKeyState
GetForegroundWindow
MessageBoxA
InvalidateRect
LoadImageA
FillRect
GetSubMenu
LoadMenuA
EqualRect
TabbedTextOutA
GrayStringA
GetActiveWindow
EnableWindow
ExitWindowsEx
GetWindowRect
GetClientRect
SendMessageA
GetDC
GetSysColor
SetWindowLongA
ReleaseDC
OffsetRect
GetCursorPos
SetTimer
KillTimer
UnhookWindowsHookEx

gdi32

Escape
TextOutA
RectVisible
PtVisible
CreateDCA
GetDeviceCaps
CreateCompatibleBitmap
DeleteDC
GetStockObject
SelectPalette
RealizePalette
GetDIBits
CreateCompatibleDC
BitBlt
ExtTextOutA
SelectObject
DeleteObject
CreateFontIndirectA
GetObjectA

advapi32

OpenProcessToken
LookupPrivilegeValueA
RegEnumKeyA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
FreeSid
RegOpenKeyExA
RegDeleteValueA
AdjustTokenPrivileges
RegCloseKey

shell32

Shell_NotifyIconA
ShellExecuteExA

comctl32

_TrackMouseEvent

ole32

CoInitialize
CoCreateInstance
OleRun
CoUninitialize

oleaut32

SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocString
SysFreeString
VariantClear
GetErrorInfo
VariantInit

msvcp60

??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
?_Xlen@std@@YAXXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z

wsock32

recvfrom
WSAGetLastError
ioctlsocket
ntohs
WSACleanup
htons
socket
connect
closesocket
sendto
bind
inet_addr
gethostname
send
recv
gethostbyname
gethostbyaddr
WSAStartup

iphlpapi

GetIfTable
GetAdaptersInfo

winmm

timeKillEvent
timeSetEvent
timeGetTime

ws2_32

WSAWaitForMultipleEvents
WSAResetEvent
WSAEnumNetworkEvents
WSACloseEvent
WSASetEvent
WSACreateEvent
WSAEventSelect

Sections

.text
Size: 176KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 640KB - Virtual size: 636KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3b95b80e170130cd0d9c40b668d04fc9

Headers

File Characteristics

Imports

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

wsock32

iphlpapi

winmm

ws2_32

Sections

.text Size: 176KB - Virtual size: 172KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 16KB

.rsrc Size: 640KB - Virtual size: 636KB

.text
Size: 176KB - Virtual size: 172KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 16KB

.rsrc
Size: 640KB - Virtual size: 636KB