NEAS[.]b06534bc9df02af61755839303f32660[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b06534bc9df02af61755839303f32660.exe
Size

968KB
MD5

b06534bc9df02af61755839303f32660
SHA1

57b88de53598504b1f60603b2269ab5ae02d0616
SHA256

ee3af6a999e8090dcbfb94747e8b3dd4094bea11a21b9138471e80eb7d83f783
SHA512

78005939ed98fe873638cf286cd01428142440658b211552723a54102008e612960e8c64f8a01a654db1f921366e1f02b3f898befe5bb9f7e10e23d2b725585b
SSDEEP

24576:4D6FoZbn9j82CGDDM+B1XsiYQ9We4vEamh:E6Fm9jHDZ1XXWmh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b06534bc9df02af61755839303f32660.exe

Files

NEAS.b06534bc9df02af61755839303f32660.exe
.dll windows:4 windows x86

6000fc5da12bdd4e9bdc9c8a2198f9fc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
RaiseException
GlobalFlags
InterlockedIncrement
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
ExitThread
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetModuleFileNameA
TlsFree
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetOEMCP
GetCPInfo
GetStringTypeA
GetStringTypeW
SetStdHandle
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
GetFileTime
GetFileAttributesW
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
InterlockedDecrement
GetLastError
SetLastError
MulDiv
lstrcpyW
GlobalAlloc
FormatMessageW
LocalFree
lstrcpynW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
lstrlenA
GetModuleHandleA
LoadLibraryA
lstrcatW
lstrcmpW
GetVersionExA
GlobalLock
GlobalUnlock
GlobalFree
FreeResource
lstrlenW
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
TryEnterCriticalSection
GetThreadContext
IsDebuggerPresent
OpenProcess
VirtualProtectEx
GetLocalTime
VirtualQueryEx
CreateToolhelp32Snapshot
Module32FirstW
FreeLibrary
Module32NextW
GetModuleFileNameW
CreateEventW
ResetEvent
CreateThread
GetCurrentProcessId
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
ReadFile
CreateFileA
DeviceIoControl
CreateFileW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
CloseHandle
WideCharToMultiByte
Beep
MultiByteToWideChar
ResumeThread
LeaveCriticalSection
EnterCriticalSection
SuspendThread
InitializeCriticalSection
WaitForSingleObject
TerminateThread
FindFirstFileW
FindNextFileW
FindClose
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
FindResourceW
LoadResource
SizeofResource
LockResource
WriteProcessMemory
GetModuleHandleW
SetEvent
GetTickCount
ReadProcessMemory
Sleep
GetCurrentProcess
UnhandledExceptionFilter
TerminateProcess
LoadLibraryA
VirtualProtect
GetModuleFileNameA
ExitProcess

user32

PostQuitMessage
DestroyMenu
CharUpperW
EndPaint
BeginPaint
GrayStringW
DrawTextExW
TabbedTextOutW
wsprintfW
SetMenuItemBitmaps
ModifyMenuW
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
IsDialogMessageW
RegisterWindowMessageW
WinHelpW
GetCapture
GetClassLongW
SendDlgItemMessageW
SendDlgItemMessageA
SetFocus
GetWindowTextLengthW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MapWindowPoints
TrackPopupMenu
SetForegroundWindow
UpdateWindow
GetMenu
PostMessageW
GetSubMenu
GetMenuItemID
AdjustWindowRectEx
GetClassInfoW
RegisterClassW
GetDlgCtrlID
DefWindowProcW
SetWindowPos
SystemParametersInfoA
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
IsWindowEnabled
GetNextDlgTabItem
EndDialog
DrawFocusRect
WindowFromPoint
ClientToScreen
OffsetRect
DrawStateW
KillTimer
InvalidateRect
CopyRect
UnionRect
SetRectEmpty
GetSysColor
SetWindowTextA
MessageBoxA
SendMessageA
LoadCursorW
SetWindowsHookExW
SendInput
SetWindowRgn
RegisterHotKey
UnregisterHotKey
RemovePropW
GetWindowDC
TrackMouseEvent
CallWindowProcW
FillRect
SetPropW
DrawTextW
EnumWindows
LoadMenuW
LoadBitmapW
PtInRect
GetTopWindow
GetWindow
IsWindowVisible
ShowWindow
CallNextHookEx
GetDesktopWindow
MessageBoxW
GetClassNameA
GetWindowThreadProcessId
SetTimer
GetWindowRect
GetMenuStringW
AppendMenuW
CreatePopupMenu
GetParent
GetWindowTextW
GetClassInfoExW
RegisterClassExW
GetWindowPlacement
CreateWindowExW
DestroyWindow
ReleaseDC
GetDC
GetWindowLongW
SetWindowLongW
GetSysColorBrush
GetMessageW
TranslateMessage
GetMenuItemCount
ValidateRect
SetLayeredWindowAttributes
ExitWindowsEx
GetPropW
GetKeyState
UnregisterClassW
LoadImageW
GetDlgItem
SetWindowTextW
GetSystemMetrics
IsWindow
LoadIconW
GetFocus
GetClientRect
IsIconic
DrawIcon
InflateRect
SetRect
SetCursor
GetClassNameW
GetCursorPos
EnumChildWindows
EnableWindow
ScreenToClient
SendMessageW
MessageBoxA

gdi32

SetMapMode
RestoreDC
SaveDC
CreateBitmap
SetBkColor
GetClipBox
Ellipse
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
TextOutW
RectVisible
PtVisible
MoveToEx
LineTo
CreatePen
Polygon
GetTextColor
GetBkColor
GetDeviceCaps
ExtTextOutW
CreateFontW
SetStretchBltMode
CreateCompatibleDC
SelectObject
StretchBlt
DeleteDC
GetStockObject
Rectangle
RoundRect
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
CombineRgn
CreateEllipticRgnIndirect
CreateRectRgnIndirect
GetObjectW
CreateSolidBrush
GetTextExtentPoint32W

comdlg32

GetFileTitleW
GetSaveFileNameW
GetOpenFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
RegCreateKeyExW
AdjustTokenPrivileges
RegSetValueExW

comctl32

ImageList_Draw
_TrackMouseEvent
ord17
ImageList_Destroy

shlwapi

PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathFindFileNameW

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
VariantClear
VariantChangeType
VariantInit

ws2_32

inet_addr
htons
connect
ioctlsocket
closesocket
WSAIoctl
send
recv
shutdown
socket
select

winmm

PlaySoundW

iphlpapi

GetAdaptersInfo

Exports

Exports

*�D⊠�g��C��3��Hm2 �V��.��;6b��M�1��1v�D�,ˉ9m��:�>2��?�x�b��kV�Wm��$0��yt|apG}CHf+� B��Ñ4��g��cFj�~߃Y�4r¨7��&:9K��^�� ֛�trr��&ц=:G ��?>�b_��Td(��,�Z��9��,��3��"��7c�|8[;��3R%ؿ�_��|� ��׬I� ��p)e��Cj,�̇��N^4�W��=�R ?(vrkȰ��9��)�T��^�p��'��-��Gr<��Ɨ_��R��A�9�.A��AG2��^�A+��_� h��fÇ�Cب�˹��`��\��,4��V]��T��#� ��5��~��1�yJ��l�\,�f8��`�91Y��őr/�`��@�d��PFBx��zZ�D9��m��=��2a��.J=G�Y��ɓ��Q�v�q3g:�Ԃ��n�Om��7�/��(u�a�*'�J�> �/�� \�"%3>-W?K`�]��sa��F��B(lNB��i��ަ6�J�[�]�<CA/d��<է뗆��q��a�s��b�� h�� +�q�L}��I�U[��ah��Y�<��bR��`��!/0i�}�SY�b��,�>�M��H��@�.F��^�:L�{:��u�b��=�~�&M=�� ¾ �}�Q�ۃʕ1E��)t��u7=,M��n��a[�b ��dH�ݗ��U�Z�p��p��9��3��b��YbJFެ��Xk��/M6�0�}L�T(��^h[��)��KȸSյ��y��}��h��u��೫wo�X0��%�q�:��,z��&��)�z��%�et�G+޴��9�nj�sW�WJ��$X��22��?�Yt�pJ��?3覕��J�&�<��x"�>/�D�g��Q��>&VW�f:��D��i��M�W{Uv�ꭘ6ͪ�)�y�t8�� v�̎lG<˖�l��7*��Zr~2WH H�t ��.ڧ</�i�|d��E��_:j�� 9c��N&� � � ��r�=��D��s4�P��<�t�M�N# 4��~C^wn��3?L`v @u˜L&ЎЀ�!��n�T!�A^��̖;^k|�o�H��7�DJ{Sq@XU��c��3O�:�-�l��I�W�T��/�"��<�j��l:��N*��w�#"�۹x4y.�w��2�$B=�Qm�y�Db �1�T��XҦ2�,'ݷdW�J��\��O_�X[�, l&ʣ�>_��8�Kw5�5�t�YQs��6N��@��sҮ�� ~S?6��?��ݖ}4 S�4�Y1+F��} ��F��T!+��;�2�riŞZ��ZQba�£�+�},tb��d6z>��5��>�y��eP��ȩ\]�q�.�v�:�� =Q5�ǉ /��@�},r��/>Bd)$��K��Kta?��W1�4�,_�^�X.=�C�ժ��2��@�!��B��8�Cc��N�O��{��1p�t�#�AX��.,�9��G�ݸ��C5�*�dE�5G��f3d�g�O�*M*ؗ�v`��5��J51T��q��W�a��fD.?�5R��r�m�F��g��b7��qC�B�q*��L��JۨhR�2� �.�к�b��u�^f2��cB��h��є�2z*<�Y��6��g��0��/�̀_�A ��$��H��mY�JKp��dk��#�y��JX7�u*$��X�[��j�� ^��_�'�pG=Ȥ�T�M�v� 9�n�d�Y�;�u�U��2Yy��bn��L��ěB��,L��|��zj �׬�K� �qI�,��R�I�s� �N䖧H�_A��7&H�- ��|�y ��gbZ n'�kH�HZ]�U�F�;.>��M[�}�/$Ba9k�� I�"�ό g8�Y��ٓǎ�8��U�Oh��b��.s��s��X��Zn�?@.�>ѕz�� 9�1�1lD��5��"\&��ǌwV�� 5��Tuq�غ�1��՗8�`ScЖ/�[�0��_��f��KJ!v'�E��^��}d�u<ˉ_�O��*�5�-�B��e!NT��o��uRz4�O.�=HN��i=xEs[��`�7��G�}� 7Kq�fDӏwu5��}��#i��db�q�~}^�$2��~]��X��Sp��i�+h�"��tl!�F��)�}]ED�a�@�4>��UG��_�{ �8�X\Y��Ĭ8��̸(��J��F�l��E��"�k�+Wh ��m�B�O�UF��A9|>w ��`��9m&�;��W��BK�xs��w�_��3��qc3G`aI��4��^�ZH��mZ{e!��]��4��!�ㆭ�,�S8��A]c��6�=�Ma��Œ��l��{<�=ě�)�&�x�iQO��r�y�>� Nɦ�\�{~�#��y��SG��t��S�H�ñ�O�9~ ��H��e����f�� w�)��y�"d��2��l�n�p�Oz�,L�n ��tU��$�«��+)l�̣�PG��"!��!ϫGJ��Mt��w�?E1��R�*��$T��<S�ӘP�0�j��|��-[�jo@]��fH��>莹'}]!Z��`��Q�73bA�_�C9s�\-4�G��ɪ�BFL��u��i�η��V9�� C yυ��ݔx��N��O=�?�U�D4{��jh�=ZC�^z��9?��D�7\]��(b��?9 �FR��s?Ȧ2��

Sections

.text
Size: 448KB - Virtual size: 445KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.text0
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text1
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text2
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 40KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6000fc5da12bdd4e9bdc9c8a2198f9fc

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

shlwapi

oleaut32

ws2_32

winmm

iphlpapi

Exports

Exports

Sections

.text Size: 448KB - Virtual size: 445KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 20KB - Virtual size: 43KB

.rsrc Size: 120KB - Virtual size: 117KB

.text0 Size: 60KB - Virtual size: 57KB

.text1 Size: 156KB - Virtual size: 152KB

.tls Size: 4KB - Virtual size: 24B

.text2 Size: 44KB - Virtual size: 42KB

.reloc Size: 40KB - Virtual size: 37KB

.text
Size: 448KB - Virtual size: 445KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 20KB - Virtual size: 43KB

.rsrc
Size: 120KB - Virtual size: 117KB

.text0
Size: 60KB - Virtual size: 57KB

.text1
Size: 156KB - Virtual size: 152KB

.tls
Size: 4KB - Virtual size: 24B

.text2
Size: 44KB - Virtual size: 42KB

.reloc
Size: 40KB - Virtual size: 37KB