NEAS[.]96e14e79e2786c5307390bbdd64acee0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.96e14e79e2786c5307390bbdd64acee0.exe
Size

964KB
MD5

96e14e79e2786c5307390bbdd64acee0
SHA1

7e48ab50017e59ef3fab61bef20264400fb6c90d
SHA256

35d4ebf53dc8f279ce71f02c3cdd059c722dd6ee6b43a06ca040a1996a82bfc0
SHA512

2f39b5861c789ce6b243739eb6648f7ca85b63604d8660db17c7e40485b10cc429cd88c1e8bff6cf3b81d485ee2769dcd7917613a999254e917dd26400140711
SSDEEP

24576:xF06qZhy68LZu+tmbagsXUVW7lY/3S9S8x2X0THqkg9al:xFouZMKkV8vTjg9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.96e14e79e2786c5307390bbdd64acee0.exe

Files

NEAS.96e14e79e2786c5307390bbdd64acee0.exe
.exe windows:4 windows x86

dc71c58add14f19dc4715787212cf9b9

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

shutdown
gethostname
inet_addr
closesocket
recv
WSAGetLastError
send
getsockname
getpeername
accept
listen
ioctlsocket
connect
htons
htonl
bind
socket
setsockopt
WSACleanup
WSAStartup
gethostbyname

winmm

timeGetTime

kernel32

FileTimeToSystemTime
lstrlenA
GetLogicalDriveStringsA
GetDriveTypeA
MoveFileA
SetEndOfFile
SetFileTime
SystemTimeToFileTime
ReadFile
SetFilePointer
WriteFile
GetCurrentThread
SetThreadPriority
WaitForSingleObject
OpenEventA
GlobalLock
GlobalUnlock
GlobalAlloc
SetProcessShutdownParameters
GetVersionExA
TerminateProcess
CreateProcessA
LockResource
LoadResource
SizeofResource
FindResourceA
ReleaseMutex
CreateMutexA
GetStdHandle
AllocConsole
MoveFileExA
FormatMessageA
OutputDebugStringA
WriteConsoleA
GlobalDeleteAtom
GlobalGetAtomNameA
GlobalAddAtomA
GetFileTime
SearchPathA
GetEnvironmentVariableA
HeapSize
HeapReAlloc
ExitThread
RaiseException
GetVersion
GetCommandLineA
GetStartupInfoA
GetFileType
SetStdHandle
ExitProcess
InterlockedIncrement
InterlockedDecrement
GetLocalTime
GetTimeZoneInformation
HeapAlloc
HeapFree
RtlUnwind
TlsAlloc
TlsFree
DuplicateHandle
ReleaseSemaphore
TlsGetValue
CreateSemaphoreA
InitializeCriticalSection
DeleteCriticalSection
TlsSetValue
HeapCreate
VirtualFree
VirtualAlloc
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
FlushFileBuffers
SetErrorMode
CreateDirectoryA
GetSystemTime
GetCurrentProcessId
GetModuleHandleA
GetSystemDirectoryA
DeviceIoControl
CreateFileA
Sleep
Beep
GetCurrentThreadId
IsBadWritePtr
IsBadReadPtr
ResumeThread
CreateThread
GetComputerNameA
GetLastError
GetCurrentProcess
HeapDestroy
OpenProcess
CloseHandle
SetLastError
LeaveCriticalSection
EnterCriticalSection
CopyFileA
FindNextFileA
FindFirstFileA
GetModuleFileNameA
FindClose
DeleteFileA
FreeLibrary
LoadLibraryA
GetProcAddress
SetHandleCount
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadCodePtr
GetCPInfo
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree
InterlockedExchange

user32

GetProcessWindowStation
GetUserObjectInformationA
PostThreadMessageA
SetMenuDefaultItem
TrackPopupMenu
GetMenuItemID
GetSubMenu
EnableMenuItem
DestroyMenu
LoadMenuA
EnableWindow
ToAscii
ExitWindowsEx
MapVirtualKeyA
GetAsyncKeyState
SetRect
WaitMessage
PeekMessageA
IsIconic
EnumWindows
SetClipboardViewer
WaitForInputIdle
RegisterWindowMessageA
GetWindowRect
IsWindowVisible
EnumDesktopWindows
OpenDesktopA
GetParent
GetDesktopWindow
WindowFromPoint
IsDlgButtonChecked
CheckDlgButton
GetDlgItemInt
VkKeyScanA
SetDlgItemInt
EmptyClipboard
SetClipboardData
GetIconInfo
DrawIconEx
ChangeClipboardChain
DestroyWindow
GetClipboardData
GetClipboardOwner
CloseClipboard
OpenClipboard
IsWindow
GetWindowTextA
keybd_event
GetKeyboardState
InvalidateRect
mouse_event
wsprintfA
MessageBeep
GetForegroundWindow
SetActiveWindow
FlashWindow
GetCursorPos
SetCursorPos
GetThreadDesktop
CloseDesktop
SetThreadDesktop
OpenInputDesktop
ReleaseDC
GetDC
EnumDisplaySettingsA
LoadStringA
SetWindowTextA
SetFocus
GetDlgItemTextA
EndDialog
GetScrollInfo
SendDlgItemMessageA
GetDlgItem
SetForegroundWindow
SetDlgItemTextA
PostMessageA
DialogBoxParamA
MessageBoxA
GetWindowThreadProcessId
FindWindowA
SystemParametersInfoA
SendMessageA
LoadIconA
LoadCursorA
SetWindowLongA
GetWindowLongA
AdjustWindowRect
ShowWindow
CreateWindowExA
RegisterClassExA
DispatchMessageA
TranslateMessage
GetMessageA
GetSystemMetrics
KillTimer
SetTimer
SetWindowPos
PostQuitMessage
DefWindowProcA
IsRectEmpty
LoadImageA
GetClassNameA

gdi32

GetObjectA
GetBitmapBits
GetPixel
GetDeviceCaps
CreateDIBSection
CreateCompatibleBitmap
GdiFlush
SetDIBColorTable
SelectPalette
RealizePalette
CreatePalette
BitBlt
ExtEscape
GetSystemPaletteEntries
SetBkMode
GetStockObject
StretchBlt
SelectObject
PatBlt
GetClipBox
DeleteObject
CreateSolidBrush
CreateCompatibleDC
GetDIBits
CreateDCA
DeleteDC

shell32

SHAppBarMessage
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA

advapi32

RevertToSelf
ReportEventA
RegisterEventSourceA
DeregisterEventSource
GetUserNameA
CreateServiceA
QueryServiceStatus
DeleteService
ControlService
RegOpenKeyA
RegDeleteValueA
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA
DuplicateToken
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegSetValueExA
RegCreateKeyA
RegCloseKey
FreeSid
AllocateAndInitializeSid
ImpersonateLoggedOnUser
OpenProcessToken
GetTokenInformation
EqualSid

ole32

CoUninitialize
CoCreateInstance
CoInitialize

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 584KB - Virtual size: 581KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data1
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 244KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dc71c58add14f19dc4715787212cf9b9

Headers

File Characteristics

Imports

wsock32

winmm

kernel32

user32

gdi32

shell32

advapi32

ole32

version

Sections

.text Size: 584KB - Virtual size: 581KB

.text1 Size: 12KB - Virtual size: 11KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 20KB - Virtual size: 97KB

.data1 Size: 68KB - Virtual size: 65KB

.rsrc Size: 244KB - Virtual size: 243KB

.text
Size: 584KB - Virtual size: 581KB

.text1
Size: 12KB - Virtual size: 11KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 20KB - Virtual size: 97KB

.data1
Size: 68KB - Virtual size: 65KB

.rsrc
Size: 244KB - Virtual size: 243KB