NEAS[.]90b97f30ea06cae0321304049f3acd60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.90b97f30ea06cae0321304049f3acd60.exe
Size

1.1MB
MD5

90b97f30ea06cae0321304049f3acd60
SHA1

7fea825ec5026316ebf8ff8b501f4fb25de23a58
SHA256

8cd8327fbea29b846f176c18bfe4e6230487ad8e0fe90d7052cd14df7a22d980
SHA512

c9f5ccb45ae6e44c8ab436dc1db2fe7ec669ac1a9719fb136abfa92ba422786512c2c1cd6f7256f8f33d45600c98a952f27e512cc4e844664e53ed25464a00ee
SSDEEP

12288:bciAZSOi8x6Lana/UUwasX9N9H1JYOaOnDnoyWwU:bFAZhZGana/UUwamfVJYO5nzo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.90b97f30ea06cae0321304049f3acd60.exe

Files

NEAS.90b97f30ea06cae0321304049f3acd60.exe
.exe windows:6 windows x64

ee41e11c10642a55276f1d538c734d1b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DuplicateHandle
AddVectoredExceptionHandler
RemoveVectoredExceptionHandler
WaitForSingleObject
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThread
GetCurrentThreadId
OpenThread
SuspendThread
ResumeThread
GetThreadId
GetThreadContext
OpenProcess
GlobalMemoryStatusEx
GetVersionExW
GetNativeSystemInfo
VirtualProtect
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
FormatMessageA
LoadLibraryW
WideCharToMultiByte
K32EnumProcessModules
K32GetModuleInformation
K32GetProcessImageFileNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
Thread32First
Thread32Next
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetSystemInfo
VirtualAlloc
VirtualFree
CloseHandle
SetEvent
ResetEvent
ReleaseSemaphore
ReleaseMutex
CreateMutexA
CreateEventA
CreateFileW
SetThreadPriority
GetThreadPriority
SetThreadAffinityMask
CreateSemaphoreA
VerSetConditionMask
QueryPerformanceCounter
QueryPerformanceFrequency
InitializeCriticalSection
VerifyVersionInfoA
SetErrorMode
GetCurrentDirectoryW
GetModuleHandleExW
GetFullPathNameA
SetEndOfFile
SetStdHandle
GetStringTypeW
VirtualQuery
WriteConsoleW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
WaitForSingleObjectEx
OutputDebugStringW
SetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
RaiseException
IsDebuggerPresent
CreateDirectoryW
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureStackBackTrace
LeaveCriticalSection
FileTimeToLocalFileTime
SetFilePointerEx
ReadConsoleW
SetEnvironmentVariableA
FlushFileBuffers
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
HeapAlloc
HeapQueryInformation
HeapReAlloc
HeapFree
GetCPInfo
GetOEMCP
EnterCriticalSection
Sleep
OutputDebugStringA
GetACP
IsValidCodePage
SetConsoleCtrlHandler
CreateSemaphoreW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
EncodePointer
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
GetLastError
ExitProcess
AreFileApisANSI
MultiByteToWideChar
HeapSize
HeapValidate
GetSystemTimeAsFileTime
CreateThread
ExitThread
LoadLibraryExW
RtlUnwindEx
ReadFile
FindClose
FindFirstFileExW
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetStdHandle
WriteFile
RtlPcToFileHeader
FatalAppExitA
SetLastError
GetProcessHeap
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
CreateEventW
TlsAlloc

user32

EnumDisplayDevicesW
SendMessageA
DialogBoxIndirectParamA
PeekMessageA
DefWindowProcA
GetSystemMetrics
UnregisterClassW
ShowCursor
MessageBoxA
AdjustWindowRect
CreateWindowExW
DestroyWindow
SetCapture
ReleaseCapture
RegisterClassW
EndDialog
SetWindowTextA
GetDlgItem
GetClientRect

gdi32

CreateFontW

advapi32

RegisterEventSourceA
EventWrite
ReportEventA
DeregisterEventSource

shell32

SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

SysAllocString
SysFreeString

dxgi

CreateDXGIFactory

d3d11

D3D11CreateDevice

d3dcompiler_47

D3DCompile
D3DReflect

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

Sections

.text
Size: 824KB - Virtual size: 823KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ee41e11c10642a55276f1d538c734d1b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dxgi

d3d11

d3dcompiler_47

version

winmm

Sections

.text Size: 824KB - Virtual size: 823KB

.rdata Size: 220KB - Virtual size: 220KB

.data Size: 11KB - Virtual size: 191KB

.pdata Size: 29KB - Virtual size: 28KB

.idata Size: 10KB - Virtual size: 10KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 824KB - Virtual size: 823KB

.rdata
Size: 220KB - Virtual size: 220KB

.data
Size: 11KB - Virtual size: 191KB

.pdata
Size: 29KB - Virtual size: 28KB

.idata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB