NEAS[.]fa652702435994b1cf9d1eac047c08a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fa652702435994b1cf9d1eac047c08a0.exe
Size

431KB
MD5

fa652702435994b1cf9d1eac047c08a0
SHA1

bcf91a50c966ca2b90437c441f29fa4fa8e02ca3
SHA256

e24cc2b5721e520b6d8a06c64adeafbf01d5e027147a578caa98d068a4577ce0
SHA512

5ec6feedfff68dfca9f9360f8b7d9801adfb7169daff98cc551e3d536618c9d019ee5604750e95fe02ad02ff0d743242e6b38324a28ba08a41aba3bffa760317
SSDEEP

12288:YTEII9CmSbZXLWTDBIlqBQKHGaZIToQYl:YTq9KTQaKmaZIc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fa652702435994b1cf9d1eac047c08a0.exe

Files

NEAS.fa652702435994b1cf9d1eac047c08a0.exe
.exe windows:5 windows x86

f2c4f6ff03adeb904c0c6eb6c4784691

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord6332
ord2502
ord2534
ord5239
ord5736
ord1739
ord5573
ord3167
ord5649
ord4947
ord4817
ord3449
ord3193
ord6171
ord4617
ord4420
ord652
ord2634
ord6211
ord6325
ord2391
ord2615
ord338
ord3516
ord4215
ord2576
ord3649
ord1637
ord1085
ord5597
ord2430
ord922
ord2567
ord4390
ord3569
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord3605
ord656
ord2809
ord2729
ord5706
ord2756
ord6921
ord6919
ord5977
ord6266
ord6451
ord941
ord4124
ord2357
ord2291
ord542
ord5214
ord296
ord6466
ord3084
ord3792
ord2574
ord4396
ord3365
ord3635
ord693
ord6003
ord3993
ord3281
ord2857
ord6898
ord3991
ord1824
ord715
ord1081
ord5819
ord3659
ord415
ord2447
ord793
ord5947
ord3714
ord3867
ord3871
ord6896
ord1841
ord4239
ord4717
ord813
ord2575
ord4583
ord4582
ord4893
ord4364
ord4886
ord4526
ord5070
ord4335
ord4884
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4604
ord4955
ord4103
ord4397
ord5236
ord3743
ord1719
ord5249
ord4426
ord3905
ord3288
ord4343
ord4502
ord2140
ord3366
ord3636
ord303
ord1851
ord4241
ord674
ord3398
ord2371
ord4158
ord3864
ord2119
ord2715
ord2383
ord3054
ord5096
ord5099
ord4462
ord4298
ord3345
ord5006
ord975
ord5468
ord3053
ord2873
ord4148
ord4072
ord5233
ord2375
ord5280
ord2641
ord1658
ord4431
ord5251
ord4422
ord796
ord554
ord529
ord402
ord807
ord2486
ord2619
ord2618
ord5867
ord5996
ord2109
ord2112
ord4451
ord4407
ord3865
ord2293
ord2350
ord3087
ord3798
ord2281
ord6565
ord2855
ord2854
ord1850
ord4240
ord5095
ord2093
ord2382
ord5094
ord5098
ord3346
ord976
ord2874
ord4147
ord2374
ord5279
ord4430
ord5250
ord2437
ord794
ord4421
ord2858
ord527
ord401
ord5906
ord2244
ord4494
ord2970
ord2879
ord3515
ord6397
ord3995
ord6004
ord1934
ord4267
ord5255
ord3394
ord3729
ord3282
ord3909
ord3291
ord4501
ord2141
ord2637
ord1197
ord6023
ord349
ord1172
ord4690
ord6218
ord2755
ord4273
ord2810
ord6330
ord1569
ord5268
ord1145
ord2356
ord4709
ord4279
ord4282
ord1644
ord2455
ord496
ord498
ord804
ord3724
ord3389
ord4400
ord2579
ord771
ord2606
ord4254
ord1900
ord6379
ord5436
ord6390
ord5446
ord4425
ord2046
ord4433
ord5284
ord1683
ord2099
ord1008
ord2836
ord2820
ord6172
ord2859
ord2644
ord1662
ord3133
ord4294
ord1165
ord2385
ord2520
ord6195
ord489
ord491
ord768
ord4829
ord5283
ord4848
ord4371
ord4942
ord4899
ord5154
ord5156
ord5155
ord6024
ord4352
ord4736
ord4970
ord4253
ord1899
ord858
ord326
ord4436
ord4677
ord1808
ord614
ord4221
ord4211
ord4381
ord4078
ord6398
ord4414
ord4233
ord1817
ord3476
ord1202
ord1196
ord6112
ord2613
ord4154
ord411
ord986
ord5208
ord6191
ord1105
ord3517
ord2717
ord4692
ord561
ord5710
ord5285
ord5303
ord4074
ord5298
ord5296
ord3341
ord2388
ord3917
ord5727
ord2504
ord4480
ord6371
ord815
ord535
ord538
ord6022
ord774
ord2910
ord5568
ord1258
ord4118
ord1143
ord1996
ord3566
ord1634
ord3490
ord1191
ord616
ord609
ord940
ord927
ord6399
ord5297
ord802
ord617
ord4269
ord1938
ord1863
ord350
ord502
ord5584
ord5454
ord2875
ord6394
ord1791
ord290
ord4616
ord823
ord4155
ord4704
ord2088
ord2294
ord2362
ord324
ord540
ord384
ord861
ord641
ord800
ord686
ord3592
ord4419
ord5276
ord1767
ord6048
ord2506
ord4992
ord4847
ord4370
ord5261
ord795
ord825
ord567
ord3716
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord3614
ord2406
ord3621
ord3658
ord4958
ord4229

msvcrt

wcscmp
_CxxThrowException
_purecall
?terminate@@YAXXZ
_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__CxxFrameHandler
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
swscanf
__p__commode
wcsncpy
_except_handler3
_wcsicmp
wcslen
_vsnwprintf
wcsncmp
toupper
_strnicmp
_wsplitpath
_wmakepath
free
_wcsdup
malloc
wcstok

atl

ord32

advapi32

RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegOpenKeyExA
RegQueryValueExA
RegDeleteKeyW
RegEnumKeyExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
lstrcmpiW
GetModuleFileNameW
GetCurrentProcess
lstrlenW
LocalFree
FormatMessageW
GetModuleHandleW
GetComputerNameExW
CompareStringW
InterlockedExchange
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetUserDefaultLCID
CreateEventW
CloseHandle
DeleteCriticalSection
GetCurrentThread
SetThreadPriority
WaitForSingleObject
QueueUserWorkItem
GetCurrentThreadId
ResetEvent
SetEvent
DnsHostnameToComputerNameW
LeaveCriticalSection
EnterCriticalSection
GetComputerNameW
Sleep
SetLastError
GetLastError
InterlockedDecrement
InterlockedIncrement
GetProcAddress
LoadLibraryA
GetUserDefaultLangID
LocalAlloc
GetStartupInfoW

gdi32

GetTextExtentPoint32W
GetTextMetricsW

user32

GetDlgItemInt
GetDlgItemTextW
LoadBitmapW
EnableWindow
SendMessageW
GetSysColor
GetWindowRect
ScreenToClient
PostMessageW
LoadIconW
KillTimer
SetTimer
GetCursorPos
ReleaseCapture
SetCapture
GetSubMenu
IsZoomed
SetWindowLongW
GetWindowTextW
GetWindowLongW
GetFocus
ClientToScreen
GetParent
ModifyMenuW
EnableMenuItem
LoadStringW
ChildWindowFromPoint
AppendMenuW
CreatePopupMenu
InsertMenuW
GetMenuStringW
GetMenuItemCount
DeleteMenu
DestroyMenu
LoadMenuW
DrawMenuBar
AttachThreadInput
LoadCursorW
IsIconic
SetCursor
MessageBeep
UpdateWindow
GetDC
ReleaseDC

comctl32

ImageList_SetBkColor
ImageList_AddMasked
ImageList_SetDragCursorImage
ImageList_DragShowNolock
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragMove
ImageList_DragEnter
ImageList_DragLeave
ImageList_GetIcon

ole32

StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetServerEnum
NetApiBufferFree
NetpwNameValidate
Netbios
NetpNetBiosStatusToApiStatus
NetpNetBiosReset

resutils

ResUtilGetCoreClusterResources

clusapi

ClusterGroupOpenEnum
SetClusterGroupNodeList
CloseClusterNetInterface
GetClusterNetInterfaceState
GetClusterNetInterfaceKey
OpenClusterNetInterface
ClusterNetInterfaceControl
CloseClusterNetwork
GetClusterNetworkState
ClusterNetworkControl
SetClusterNetworkName
GetClusterNetworkKey
OpenClusterNetwork
ClusterGroupEnum
CloseClusterNode
GetClusterNodeState
ClusterNodeControl
PauseClusterNode
ResumeClusterNode
EvictClusterNodeEx
GetClusterNodeKey
OpenClusterNode
ClusterResourceTypeControl
CloseClusterResource
ChangeClusterResourceGroup
CanResourceBeDependent
GetClusterResourceNetworkName
ClusterGroupCloseEnum
CreateClusterGroup
OpenClusterGroup
GetClusterGroupKey
RegisterClusterNotify
OfflineClusterGroup
OnlineClusterGroup
MoveClusterGroup
SetClusterGroupName
ClusterGroupControl
DeleteClusterGroup
CloseClusterGroup
SetClusterNetworkPriorityOrder
AddClusterResourceNode
GetClusterResourceTypeKey
ClusterResourceTypeCloseEnum
ClusterResourceTypeEnum
ClusterResourceTypeOpenEnum
GetClusterResourceState
GetClusterGroupState
GetClusterKey
GetClusterQuorumResource
SetClusterName
SetClusterQuorumResource
ClusterResourceControl
ClusterRegSetValue
ClusterRegOpenKey
ClusterRegQueryValue
ClusterOpenEnum
ClusterEnum
ClusterCloseEnum
ClusterRegCloseKey
CreateClusterNotifyPort
CloseClusterNotifyPort
GetClusterNotify
ClusterControl
GetClusterInformation
CloseCluster
OpenCluster
GetNodeClusterState
SetClusterResourceName
OnlineClusterResource
FailClusterResource
GetClusterResourceKey
OpenClusterResource
DeleteClusterResource
OfflineClusterResource
CreateClusterResource
ClusterResourceCloseEnum
ClusterResourceEnum
ClusterResourceOpenEnum
RemoveClusterResourceDependency
AddClusterResourceDependency
RemoveClusterResourceNode

netshell

NcIsValidConnectionName

ntdll

RtlFreeOemString
RtlNtStatusToDosError
RtlUnicodeStringToOemString

dnsapi

DnsValidateName_W

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 141KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f2c4f6ff03adeb904c0c6eb6c4784691

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

atl

advapi32

kernel32

gdi32

user32

comctl32

ole32

oleaut32

version

netapi32

resutils

clusapi

netshell

ntdll

dnsapi

Sections

.text Size: 283KB - Virtual size: 282KB

.data Size: 6KB - Virtual size: 10KB

.rsrc Size: 141KB - Virtual size: 142KB

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 6KB - Virtual size: 10KB

.rsrc
Size: 141KB - Virtual size: 142KB