NEAS[.]aef4a9d783d9cdbb4ae85efe135f83d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.aef4a9d783d9cdbb4ae85efe135f83d0.exe
Size

345KB
MD5

aef4a9d783d9cdbb4ae85efe135f83d0
SHA1

4a5425bb5c9ae4fcf0a4bb120f93050dbff0006c
SHA256

56e05dc0d5c0175472e1e809bb712627b2af07ef9bce9c8d7ac53e8ccab277a3
SHA512

6127fa4bb03cf0adb47431b5c32340e8f8469794e19ad613c40cf4dc296d365757230336f2e95fe055f083b1ebbc1c833d63258c4b591112657ccf61ddce8a51
SSDEEP

6144:FluRYAFmijEe9ru899t0MhQ9YsxTBlMYDp1yhV3elQv1BE7:sLmijEe9xqMhQ1xT3MQeVWQB6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.aef4a9d783d9cdbb4ae85efe135f83d0.exe

Files

NEAS.aef4a9d783d9cdbb4ae85efe135f83d0.exe
.exe windows:5 windows x86

794fd4634ab6292601eb712ae6d47e39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateToolhelp32Snapshot
DeleteFileA
CreateThread
GetExitCodeThread
CreateFileA
WideCharToMultiByte
DeviceIoControl
GetVersionExA
GetCurrentProcessId
FreeLibrary
GetSystemDirectoryA
SetCurrentDirectoryA
CopyFileA
LoadLibraryA
GetCurrentDirectoryA
OpenProcess
VirtualAllocEx
WriteProcessMemory
MapViewOfFile
UnmapViewOfFile
IsBadReadPtr
CreateFileMappingA
GetFileSize
SetFileTime
WriteFile
ReadFile
GetFileTime
SystemTimeToFileTime
GetLocalTime
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
OpenEventA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapReAlloc
VirtualAlloc
WritePrivateProfileStringA
Process32Next
GetPrivateProfileStringA
GetProcAddress
CreateEventA
Sleep
GetTickCount
WaitForSingleObject
Process32First
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
QueryPerformanceCounter
VirtualFree
HeapCreate
DeleteCriticalSection
GetFileType
SetHandleCount
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
GetModuleFileNameA
LCMapStringW
MultiByteToWideChar
LCMapStringA
SetProcessAffinityMask
CloseHandle
CreateMutexA
WriteConsoleA
GetLastError
ExitProcess
HeapSize
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement

user32

GetKeyboardLayoutList
GetDesktopWindow
UnloadKeyboardLayout
GetWindowThreadProcessId
PostMessageA
SystemParametersInfoA
DialogBoxParamA
MessageBoxA
RegisterHotKey
FindWindowA
UnregisterHotKey
CallWindowProcA
EnableWindow
SetWindowTextA
EndDialog
GetDlgItem
SetWindowLongA
GetWindowTextA
GetForegroundWindow
SetFocus
SetForegroundWindow
SendDlgItemMessageA
GetWindow

advapi32

OpenProcessToken
RegOpenKeyExA
RegCloseKey
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA

ws2_32

send
gethostbyname
closesocket
socket
recv
WSACleanup
sendto
setsockopt
htons
select
recvfrom
WSAStartup
connect
ioctlsocket
getsockopt
inet_addr

iphlpapi

GetAdaptersInfo

shlwapi

PathFileExistsA
PathFindFileNameA

imm32

ImmIsIME
ImmGetDescriptionA
ImmGetIMEFileNameA
ImmInstallIMEA

wininet

InternetOpenUrlA
InternetReadFile
InternetSetOptionA
InternetOpenA
InternetCloseHandle
HttpQueryInfoA

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

794fd4634ab6292601eb712ae6d47e39

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

iphlpapi

shlwapi

imm32

wininet

Sections

.text Size: 164KB - Virtual size: 164KB

.rdata Size: 29KB - Virtual size: 29KB

.data Size: 5KB - Virtual size: 12KB

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 164KB - Virtual size: 164KB

.rdata
Size: 29KB - Virtual size: 29KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 9KB - Virtual size: 9KB