NEAS[.]9b00ac508f741b2e664e5a86ca7a6b60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9b00ac508f741b2e664e5a86ca7a6b60.exe
Size

208KB
MD5

9b00ac508f741b2e664e5a86ca7a6b60
SHA1

7381b62a4fcc0503ea4744d3829ea20f97634dec
SHA256

6267e76acf68ed96d65268abe7add401310df295520530af131e21e87d19b69f
SHA512

3e8d1c4d5e984d6b35d9366fdd4e41f643b320ce7b5b64aafd45ed645d4e6b5e661090b76e9b86fd4b9fe9fef6060e3256c58f93332c4f850dd0ed62ddc46419
SSDEEP

3072:3spAtOdmXwCGjtYNKbYO2gjpcm8rRuqpjCLf2loHUvULyGxr5lXM2a8:BtOdiRQYpgjpjew5GAyGxjXo8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9b00ac508f741b2e664e5a86ca7a6b60.exe

Files

NEAS.9b00ac508f741b2e664e5a86ca7a6b60.exe
.dll windows:5 windows x86

cecea4d0d0f83dee27488cc1d7b92810

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

msi

ord160
ord159
ord32
ord49
ord103
ord125
ord17
ord8
ord145
ord74
ord120

kernel32

LoadResource
LockResource
SizeofResource
FindResourceW
FindResourceExW
GetLastError
CloseHandle
WaitForSingleObject
Sleep
FindFirstFileW
FindNextFileW
FindClose
GetExitCodeProcess
CreateFileW
GetFileSize
ReadFile
WriteFile
GetModuleHandleW
GetTempPathW
MultiByteToWideChar
VerifyVersionInfoW
GetCurrentProcess
GetProcAddress
GetCurrentThreadId
LoadLibraryA
InterlockedExchange
LCMapStringW
LCMapStringA
CreateProcessW
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
GetStringTypeW
GetStringTypeA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetLocaleInfoW
CreateFileA
FlushFileBuffers
InitializeCriticalSection
GetProcessHeap
VerSetConditionMask
UnhandledExceptionFilter
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
HeapFree
TerminateProcess
GetModuleHandleA
SetUnhandledExceptionFilter
IsDebuggerPresent
DeleteFileW
RemoveDirectoryW
CreateDirectoryW
GetCommandLineA
HeapCreate
HeapDestroy
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
VirtualAlloc
HeapReAlloc
InterlockedIncrement
InterlockedDecrement
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
GetFileAttributesW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId

user32

AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
IsWindow
BringWindowToTop
UpdateWindow
ShowWindow
SystemParametersInfoW
RegisterClassExW
DefWindowProcW
SetForegroundWindow
AllowSetForegroundWindow
CreateWindowExW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
GetTokenInformation
OpenProcessToken
GetUserNameW
CryptGetHashParam
CryptHashData
CryptCreateHash
CryptAcquireContextW
CryptReleaseContext
CryptDestroyHash
RegSetValueExW

shell32

SHGetFolderPathW
ShellExecuteExW
ord680

shlwapi

PathFindExtensionW
PathAppendW
PathFileExistsW

Exports

Exports

_CheckReboot@4
_InstallFinish1@4
_InstallFinish2@4
_InstallMain@4
_InstallPrepare@4
_InstallRollback@4
_SubstWrappedArguments@4
_UninstallFinish1@4
_UninstallFinish2@4
_UninstallPrepare@4

Sections

.text
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cecea4d0d0f83dee27488cc1d7b92810

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

msi

kernel32

user32

advapi32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 154KB - Virtual size: 153KB

.rdata Size: 36KB - Virtual size: 35KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 10KB - Virtual size: 10KB

.text
Size: 154KB - Virtual size: 153KB

.rdata
Size: 36KB - Virtual size: 35KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 10KB - Virtual size: 10KB