NEAS[.]cd5491f36708015f1ab40489b08c6a00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cd5491f36708015f1ab40489b08c6a00.exe
Size

84KB
MD5

cd5491f36708015f1ab40489b08c6a00
SHA1

13ba4ffd31d7a21f0453857b4eddabd826aa4912
SHA256

79399d9a68f6139dc9ef3aa4b5df8148ad0f353c5a712a2bf75abff57527b7f5
SHA512

3959ebf354221f364eb76ee13be8cb143fa2e9899ad199a036c6903694eb753eae351d3c823efea9373b69abe55463ac28ae33b158ba578dcd794cb4d0786c93
SSDEEP

1536:BWQXL+Xi8JJpqT/AFso6CI9uAE17euyBe5fh/gXd8bUo:veq6sia2Oc5fao

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cd5491f36708015f1ab40489b08c6a00.exe

Files

NEAS.cd5491f36708015f1ab40489b08c6a00.exe
.exe windows:5 windows x86

ec14288f10b95c12f08cf8fe7c8c507c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

wcsstr
_wcslwr
towlower
setlocale
_c_exit
_exit
isalpha
_cexit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
tolower
exit
atoi
towupper
toupper
strncpy
_strnicmp
wcstok
_wcsnicmp
_wtoi
_snprintf
wcsncat
wcscat
wcscpy
calloc
strtoul
strchr
sprintf
memchr
wcscmp
_XcptFilter
__set_app_type
_controlfp
_except_handler3
strncmp
wcsncpy
iswctype
_wcsicmp
_snwprintf
wcslen
_vsnwprintf
malloc
free

advapi32

RegSetValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegCreateKeyExW
RegQueryValueExW
OpenProcessToken
GetTokenInformation
LookupAccountSidW
GetUserNameW

kernel32

CreateEventW
CreateConsoleScreenBuffer
PulseEvent
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleInputA
MultiByteToWideChar
GetConsoleCursorInfo
SetConsoleCursorInfo
GetFileType
IsDBCSLeadByte
GetStdHandle
WriteConsoleA
ReadConsoleOutputAttribute
WriteConsoleOutputAttribute
ScrollConsoleScreenBufferW
SetConsoleCtrlHandler
WriteFile
GetCurrentProcessId
OpenProcess
Sleep
LoadLibraryExW
GetEnvironmentVariableA
GetConsoleCP
SetThreadLocale
GetThreadLocale
FormatMessageW
GetSystemDirectoryA
LoadLibraryA
GetProcAddress
FreeLibrary
ReadConsoleOutputW
GetModuleHandleA
GetSystemDefaultLangID
SetLastError
GetModuleHandleW
ExitProcess
GetConsoleOutputCP
GetLargestConsoleWindowSize
CreateThread
WriteConsoleOutputCharacterA
SetConsoleActiveScreenBuffer
WaitForSingleObject
WriteConsoleInputW
ResetEvent
WriteConsoleW
lstrcpynW
LocalFree
SetConsoleTitleW
SetEvent
SetConsoleWindowInfo
SetConsoleScreenBufferSize
GetConsoleScreenBufferInfo
GetEnvironmentVariableW
LocalAlloc
CloseHandle
GetLastError
CreateFileW
GetACP
SetEnvironmentVariableW
FillConsoleOutputAttribute
FillConsoleOutputCharacterW
SetConsoleCursorPosition
WideCharToMultiByte
ReadConsoleW
WriteConsoleOutputW

user32

wsprintfW
GetMessageW
TranslateMessage
DispatchMessageW
RegisterClassW
CreateWindowExW
DefWindowProcW
KillTimer
SetWindowLongW
GetKeyboardType
DestroyWindow
VkKeyScanW
MessageBeep
SetRectEmpty
GetWindowLongW
PostMessageW
IsCharAlphaW
IsCharAlphaNumericW
LoadStringW
MapVirtualKeyW

wsock32

WSAStartup
WSACleanup
socket
bind
setsockopt
connect
closesocket
WSAAsyncSelect
recv
send
getservbyport
ntohs
gethostbyaddr
htonl
inet_addr
gethostbyname
WSAGetLastError
ioctlsocket
getservbyname
htons

security

AcquireCredentialsHandleW
QuerySecurityPackageInfoW
InitializeSecurityContextW

imm32

ImmGetContext
ImmSetCompositionFontW
ImmSetCompositionWindow
ImmReleaseContext

ole32

CoCreateInstanceEx
CoUninitialize
CoInitializeEx

gdi32

TranslateCharsetInfo

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

ec14288f10b95c12f08cf8fe7c8c507c

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

user32

wsock32

security

imm32

ole32

gdi32

Sections

.text Size: 49KB - Virtual size: 48KB

.data Size: 6KB - Virtual size: 114KB

.rsrc Size: 28KB - Virtual size: 28KB

.text
Size: 49KB - Virtual size: 48KB

.data
Size: 6KB - Virtual size: 114KB

.rsrc
Size: 28KB - Virtual size: 28KB