NEAS[.]9b3e439a92dcd7dc77281304ccba5890[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9b3e439a92dcd7dc77281304ccba5890.exe
Size

1.7MB
MD5

9b3e439a92dcd7dc77281304ccba5890
SHA1

e4d48af7189fc79358d97f49b3e9e7eaf4628c4b
SHA256

e62c6bb71b606f9a727cdfd49df77e9fa6d018afbe82dfe285ba9430235c8b4b
SHA512

f48c18ee53ec0938daaa7be63ac1560ecb9f63ef3055be1e89cdd0d5deb92fcacb50ef6d703f282f971c136f7b064a1ec23370777916339308a67865a502bfff
SSDEEP

24576:lX37s6qT155GAD8iSxerPP30lNLqoG7rkVB/M0HifjBVB/M0Hifjp:R7Y8/xLbGnGE0CftE0CfF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9b3e439a92dcd7dc77281304ccba5890.exe

Files

NEAS.9b3e439a92dcd7dc77281304ccba5890.exe
.exe windows:5 windows x86

d4969acb85c783833add07ef87b76b64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

joyGetPos
joyGetNumDevs
joySetCapture
joyReleaseCapture

d3d8

Direct3DCreate8

dsound

ord11

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

kernel32

LCMapStringW
WriteConsoleW
FlushFileBuffers
CloseHandle
OpenProcess
GetCurrentProcessId
GetCurrentProcess
CreateDirectoryW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
QueryPerformanceCounter
Sleep
GetModuleHandleW
QueryPerformanceFrequency
SetThreadAffinityMask
GetCurrentThread
DeleteFileW
CreateProcessW
IsProcessorFeaturePresent
GetVersionExA
GetProcAddress
WriteFile
GetLastError
CreateFileW
SetStdHandle
HeapSize
GetTickCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
ReadFile
SetFilePointer
GetFileType
SetHandleCount
GetStdHandle
LoadLibraryW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedDecrement
GetCurrentThreadId
CompareStringW
HeapReAlloc
SetEnvironmentVariableA
SetEndOfFile
GetProcessHeap
SetLastError
InterlockedIncrement
TlsFree
RtlUnwind
ExitProcess
DecodePointer
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
HeapSetInformation
GetStartupInfoW
EnterCriticalSection
LeaveCriticalSection
EncodePointer
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue

user32

LoadIconW
LoadCursorW
RegisterClassW
DefWindowProcW
PostQuitMessage
ShowWindow
SetWindowLongW
EnumDisplaySettingsW
GetWindowLongW
AdjustWindowRectEx
SetWindowPos
MonitorFromWindow
GetMonitorInfoW
ReleaseDC
DispatchMessageW
DestroyWindow
UnregisterClassW
MessageBoxW
FindWindowW
SwitchToThisWindow
SetFocus
SendMessageW
GetClientRect
MapWindowPoints
GetCursorPos
PtInRect
ShowCursor
ClientToScreen
SetCursorPos
GetKeyboardState
ToUnicode
TranslateMessage
PeekMessageW
GetWindowPlacement
CreateWindowExW

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

SHGetFolderPathW
ShellExecuteA

Sections

.text
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 809KB - Virtual size: 809KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4969acb85c783833add07ef87b76b64

Headers

DLL Characteristics

File Characteristics

Imports

winmm

d3d8

dsound

psapi

kernel32

user32

advapi32

shell32

Sections

.text Size: 655KB - Virtual size: 655KB

.rdata Size: 218KB - Virtual size: 217KB

.data Size: 46KB - Virtual size: 80KB

.data1 Size: 2KB - Virtual size: 2KB

.rsrc Size: 809KB - Virtual size: 809KB

.text
Size: 655KB - Virtual size: 655KB

.rdata
Size: 218KB - Virtual size: 217KB

.data
Size: 46KB - Virtual size: 80KB

.data1
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 809KB - Virtual size: 809KB