NEAS[.]9cf4f61657bfa1329fab891ec5096e60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9cf4f61657bfa1329fab891ec5096e60.exe
Size

879KB
MD5

9cf4f61657bfa1329fab891ec5096e60
SHA1

aa4373927b22b7a6e28f52261c456bf876c9d104
SHA256

a2b1a6a8b14003c609d4893704125726e45e719a5dcd0a491da093d30a2cd4e5
SHA512

97dc99232233e2530623a09c19e2934d1c61a5b717d52ba7a959b6da370c92adb0fdeda52a2fe64d82ae0090d9ab2e1c9c830569ae33e455fc176b3d78a2907d
SSDEEP

12288:sZpN6Kpp9/VTiBK8al575cQOXxBlo5OLRBvm9xWmbXrN7UcbZECSnjessO/bw5:sZ6KxVllhlOBBO5GBvIxWoR7UQw/+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9cf4f61657bfa1329fab891ec5096e60.exe

Files

NEAS.9cf4f61657bfa1329fab891ec5096e60.exe
.dll windows:6 windows x64

322bef04e1e1ac48875036e38fb5c23c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FindFirstFileA
FindNextFileA
OutputDebugStringA
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
Sleep
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
GetLocalTime
GetTickCount
GetModuleFileNameA
LocalAlloc
LocalFree
GetDateFormatA
GetTimeFormatA
GetConsoleMode
ReadConsoleA
SetConsoleMode
ExpandEnvironmentStringsA
CreateDirectoryA
FileTimeToLocalFileTime
FindClose
GetFileSize
CloseHandle
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexA
CreateEventA
CreateEventW
GetProcessWorkingSetSize
SetProcessWorkingSetSize
WaitForMultipleObjects
LoadLibraryA
FileTimeToSystemTime
GetStdHandle
GetFileAttributesA
SetLastError
lstrlenA
DecodePointer
RaiseException
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
ReleaseSemaphore
VirtualProtect
VirtualFree
VirtualAlloc
GetVersionExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameW
FreeLibrary
LoadLibraryExA
MultiByteToWideChar
EncodePointer
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
IsDebuggerPresent
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
CreateThread
ExitThread
ResumeThread
LoadLibraryExW
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
GetCurrentThread
ReadFile
ReadConsoleW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CreateSemaphoreW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetFileType
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW
FreeEnvironmentStringsW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
SetFilePointerEx
GetStringTypeW
OutputDebugStringW
WriteConsoleW
CreateFileW
GetExitCodeProcess
CreateProcessA
SetEndOfFile
SetEnvironmentVariableA
GetFileAttributesExW
DuplicateHandle
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
WaitForSingleObjectEx
LoadLibraryW

user32

wsprintfA

ole32

CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantClear
VariantInit
SafeArrayUnaccessData
SafeArrayAccessData
SysFreeString

netapi32

NetUserGetInfo
NetUserModalsGet
NetGroupGetUsers
NetLocalGroupEnum
DsRoleFreeMemory
DsRoleGetPrimaryDomainInformation
NetApiBufferFree
NetGetDCName
NetQueryDisplayInformation
NetLocalGroupGetMembers

activeds

ord9
ord7
ord15

Exports

Exports

ServiceMain

Sections

.text
Size: 413KB - Virtual size: 412KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 190KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

322bef04e1e1ac48875036e38fb5c23c

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

oleaut32

netapi32

activeds

Exports

Exports

Sections

.text Size: 413KB - Virtual size: 412KB

.rdata Size: 190KB - Virtual size: 189KB

.data Size: 14KB - Virtual size: 56KB

.pdata Size: 21KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 413KB - Virtual size: 412KB

.rdata
Size: 190KB - Virtual size: 189KB

.data
Size: 14KB - Virtual size: 56KB

.pdata
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB