NEAS[.]92ebe8e2022fb9eb16662a0f2ae41dc0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.92ebe8e2022fb9eb16662a0f2ae41dc0.exe
Size

425KB
MD5

92ebe8e2022fb9eb16662a0f2ae41dc0
SHA1

d8a1770a23f108e1f4114cbcc2e36be6fd7c9c08
SHA256

0338d8ec0ecddd70edc721169e34b4b3d780ce2dd637293ebdad9472ea4489ae
SHA512

4d0552b3b7839267c7897f97b238aee7a334526702d209a8aa700700deedf0fbf945bfed079ae31e288561245a31b67ba645ca9a9d4b76dc043d075566cdd675
SSDEEP

12288:WvP0jPxIjWHjPTUkfLypOJeUVJgBTmE1PM99zkpL:WvP0jPCjWLxLypOJeUV8TE99zkp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.92ebe8e2022fb9eb16662a0f2ae41dc0.exe

Files

NEAS.92ebe8e2022fb9eb16662a0f2ae41dc0.exe
.dll windows:6 windows x64

07f8bba7a1ef928ed5c62c1d03d37b7d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

setsockopt
socket
WSAIoctl
getaddrinfo
freeaddrinfo
accept
listen
sendto
ioctlsocket
gethostname
htonl
ntohl
WSACleanup
recvfrom
WSAGetLastError
__WSAFDIsSet
select
WSASetLastError
recv
send
bind
closesocket
connect
getpeername
getsockname
getsockopt
htons
ntohs
WSAStartup

wldap32

ord60
ord301
ord200
ord30
ord79
ord35
ord143
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord46
ord211
ord45

crypt32

CertFreeCertificateContext

advapi32

CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
CryptEncrypt
CryptDestroyKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam

iphlpapi

GetAdaptersInfo
GetIpForwardTable

kernel32

VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
OpenThread
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GetCurrentProcessId
GetThreadContext
HeapAlloc
HeapReAlloc
CreateToolhelp32Snapshot
ResumeThread
SuspendThread
InitializeCriticalSectionAndSpinCount
Thread32First
Thread32Next
GetCurrentProcess
HeapFree
VirtualProtect
HeapCreate
WaitForMultipleObjects
PeekNamedPipe
ReadFile
GetFileType
GetStdHandle
ExpandEnvironmentStringsA
VerifyVersionInfoA
GetSystemDirectoryA
VerSetConditionMask
SetEvent
ResetEvent
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleA
DisableThreadLibraryCalls
LoadLibraryA
GetProcAddress
FreeLibrary
GetLocalTime
DeleteCriticalSection
GetTickCount64
InitializeCriticalSectionEx
Sleep
SleepEx
GetLastError
SetLastError
FormatMessageA
CloseHandle
WaitForSingleObjectEx

user32

MessageBoxA

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
_Cnd_signal
?_Throw_Cpp_error@std@@YAXH@Z
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
_Cnd_do_broadcast_at_thread_exit
_Cnd_destroy
_Cnd_wait
_Mtx_init
_Thrd_start
_Thrd_id
_Mtx_destroy
_Cnd_init
_Thrd_join
_Mtx_unlock
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
??1_Lockit@std@@QEAA@XZ
??0_Lockit@std@@QEAA@H@Z
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

vcruntime140

_CxxThrowException
__C_specific_handler
memchr
memcmp
strstr
strrchr
__std_type_info_destroy_list
memmove
memset
memcpy
__std_exception_copy
__std_exception_destroy
__std_terminate
_purecall
__CxxFrameHandler3
strchr

api-ms-win-crt-math-l1-1-0

_dtest

api-ms-win-crt-convert-l1-1-0

strtod
strtol
atoi
strtoul
strtoll

api-ms-win-crt-stdio-l1-1-0

fgetpos
fread
fgetc
_get_stream_buffer_pointers
_lseeki64
__acrt_iob_func
__stdio_common_vfprintf
fclose
fflush
fputc
fopen
fseek
__stdio_common_vsprintf
fsetpos
ungetc
_read
_write
_close
_open
fwrite
setvbuf
fgets
_fseeki64
__stdio_common_vsscanf
fputs

api-ms-win-crt-runtime-l1-1-0

_cexit
_initterm
_wassert
_initterm_e
terminate
_crt_atexit
_errno
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
strerror
__sys_nerr
_beginthreadex
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_getpid
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-heap-l1-1-0

realloc
calloc
_callnewh
free
malloc

api-ms-win-crt-filesystem-l1-1-0

_fstat64
_access
_stat64
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-string-l1-1-0

tolower
strncmp
isdigit
_strdup
isgraph
islower
isupper
isalnum
isalpha
isprint
isspace
strpbrk
strncpy
isxdigit

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-multibyte-l1-1-0

_mbspbrk
_mbschr
_mbsnbcpy

api-ms-win-crt-environment-l1-1-0

getenv

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07f8bba7a1ef928ed5c62c1d03d37b7d

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

wldap32

crypt32

advapi32

iphlpapi

kernel32

user32

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-environment-l1-1-0

Sections

.text Size: 310KB - Virtual size: 309KB

.rdata Size: 90KB - Virtual size: 90KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 17KB - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 90KB - Virtual size: 90KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 17KB - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 2KB - Virtual size: 1KB