NEAS[.]cd56a07f9047eafa225f1f90492b8470[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cd56a07f9047eafa225f1f90492b8470.exe
Size

5.0MB
MD5

cd56a07f9047eafa225f1f90492b8470
SHA1

ac22373548994200cb3c20f1f49edd491d150a63
SHA256

4fab8451ae4ddf1793fee290b8f366b8f798b312fd45301abfff25d2f99e3702
SHA512

a64481525d5dee8c806e74011f23857d59a86ff876eb1592e4b77670c709760230aaf4eeb816ace9a10a6fe1c2c22611fcc26aa454c604e5f2b37f88a1b5237b
SSDEEP

98304:RSnEoj+qCS7RaVkuAQCbxCS5wyMEfWC9kvVcwfCYevDBgmEG49VcoLzSrz64uHxv:QaqYGkF

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cd56a07f9047eafa225f1f90492b8470.exe

Files

NEAS.cd56a07f9047eafa225f1f90492b8470.exe
.exe windows:4 windows x64

111697fd815199101ee9119cc9605190

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SystemFunction036

comctl32

InitCommonControlsEx

gdi32

BitBlt
ChoosePixelFormat
CombineRgn
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDCW
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
DescribePixelFormat
ExtTextOutW
GetDIBits
GetDeviceCaps
GetDeviceGammaRamp
GetICMProfileW
GetPixelFormat
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextMetricsW
Rectangle
SelectObject
SetBkMode
SetDeviceGammaRamp
SetPixelFormat
SetTextColor
SwapBuffers

imm32

ImmAssociateContext
ImmGetCandidateListW
ImmGetCompositionStringW
ImmGetContext
ImmGetIMEFileNameA
ImmNotifyIME
ImmReleaseContext
ImmSetCandidateWindow
ImmSetCompositionStringW
ImmSetCompositionWindow

kernel32

AddVectoredExceptionHandler
AttachConsole
CancelIo
CloseHandle
CompareStringA
CreateDirectoryW
CreateEventA
CreateEventW
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateSemaphoreA
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeviceIoControl
DuplicateHandle
EnterCriticalSection
ExitProcess
FatalAppExitA
FileTimeToSystemTime
FindClose
FindFirstFileA
FindNextFileA
FlsAlloc
FlsFree
FlsSetValue
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCommandLineA
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentProcessorNumber
GetCurrentThread
GetCurrentThreadId
GetEnvironmentVariableA
GetFileAttributesA
GetFileSizeEx
GetFileType
GetFullPathNameA
GetHandleInformation
GetLargePageMinimum
GetLastError
GetLocaleInfoA
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetNumaHighestNodeNumber
GetNumaNodeProcessorMask
GetOverlappedResult
GetProcAddress
GetProcessAffinityMask
GetProcessTimes
GetStartupInfoA
GetStdHandle
GetSystemInfo
GetSystemPowerStatus
GetSystemTimeAdjustment
GetSystemTimeAsFileTime
GetThreadContext
GetThreadPriority
GetThreadTimes
GetTickCount
GetTickCount64
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalMemoryStatusEx
GlobalUnlock
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
IsDebuggerPresent
IsProcessorFeaturePresent
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalFree
MapViewOfFile
MulDiv
MultiByteToWideChar
OpenProcess
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
QueryPerformanceFrequency
RaiseException
ReadFile
ReleaseMutex
ReleaseSemaphore
RemoveVectoredExceptionHandler
ResetEvent
ResumeThread
RtlCaptureContext
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
SetConsoleMode
SetEnvironmentVariableA
SetErrorMode
SetEvent
SetFilePointer
SetFilePointerEx
SetLastError
SetPriorityClass
SetProcessAffinityMask
SetSystemTime
SetThreadContext
SetThreadExecutionState
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
SwitchToThread
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TryEnterCriticalSection
UnmapViewOfFile
VerSetConditionMask
VerifyVersionInfoW
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile

msvcrt

__C_specific_handler
___lc_codepage_func
___mb_cur_max_func
__getmainargs
__initenv
__iob_func
__lconv_init
__set_app_type
__setusermatherr
_acmdln
_amsg_exit
_beginthreadex
_cexit
_chdir
_commode
_close
_endthreadex
_errno
_fdopen
_filelengthi64
_fileno
_findclose
_fileno
_filelength
_findfirst64
_findnext64
_fmode
_fsopen
_fstat64
_fullpath
_get_osfhandle
_getcwd
_getcwd
_getdcwd
_initterm
_ismbblead
_localtime64
_lock
_lseek
_mkdir
_mkdir
_onexit
_open
_read
_setjmp
_setmode
_snprintf
_stat64
_strdup
_stricmp
_strnicmp
_strnicmp
_strtoi64
_strtoui64
_strupr
_time64
_ultoa
_unlink
_unlock
_vscprintf
_vsnprintf
_wchmod
_wfopen
_wgetenv
_wrename
_write
_wstat64
_wunlink
_wutime64
abort
atof
atol
bsearch
calloc
exit
fclose
feof
ferror
fflush
fgetc
fgetpos
fopen
fprintf
fputc
fputs
fread
free
freopen
fsetpos
fseek
ftell
fwprintf
fwrite
getc
getenv
isalnum
isalpha
islower
isprint
isspace
isupper
isxdigit
localeconv
log10
longjmp
malloc
memchr
memcmp
memcpy
memmove
memset
perror
printf
qsort
rand
realloc
setvbuf
signal
sprintf
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncat
strncat_s
strncmp
strncpy
strncpy_s
strrchr
strstr
strtol
strtoul
tan
tolower
toupper
ungetc
vfprintf
vsprintf
wcslen

ole32

CLSIDFromString
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoUninitialize
PropVariantClear

oleaut32

SysFreeString

setupapi

CM_Get_Device_IDA
CM_Get_Parent
CM_Locate_DevNodeA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA

shell32

DragAcceptFiles
DragFinish
DragQueryFileW
ExtractIconExW
SHGetFolderPathW
ShellExecuteW

user32

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
AttachThreadInput
CallNextHookEx
CallWindowProcW
ChangeDisplaySettingsExW
ClientToScreen
ClipCursor
CloseClipboard
CopyImage
CreateDialogParamA
CreateIconFromResource
CreateIconIndirect
CreateWindowExA
CreateWindowExW
DefWindowProcW
DestroyIcon
DestroyWindow
DialogBoxIndirectParamW
DispatchMessageA
DispatchMessageW
DrawTextW
EmptyClipboard
EnableWindow
EndDialog
EnumDisplayDevicesW
EnumDisplayMonitors
EnumDisplaySettingsW
FillRect
FlashWindowEx
GetAsyncKeyState
GetClassInfoExW
GetClientRect
GetClipCursor
GetClipboardData
GetClipboardSequenceNumber
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetKeyState
GetKeyboardLayout
GetKeyboardLayoutNameA
GetKeyboardState
GetMenu
GetMessageA
GetMessageExtraInfo
GetMessageW
GetMonitorInfoA
GetMonitorInfoW
GetParent
GetPropW
GetRawInputData
GetRawInputDeviceInfoA
GetRawInputDeviceList
GetSysColorBrush
GetSystemMetrics
GetUpdateRect
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowLongW
GetWindowRect
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
IntersectRect
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsWindow
KillTimer
LoadBitmapA
LoadCursorW
LoadIconW
LoadKeyboardLayoutA
MapVirtualKeyW
MessageBoxA
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
MoveWindow
OpenClipboard
PeekMessageW
PostMessageW
PostThreadMessageW
PtInRect
RegisterClassExA
RegisterClassExW
RegisterClassW
RegisterDeviceNotificationW
RegisterRawInputDevices
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemovePropW
ScreenToClient
SendMessageA
SendMessageW
SetActiveWindow
SetCapture
SetClipboardData
SetCursor
SetCursorPos
SetFocus
SetForegroundWindow
SetLayeredWindowAttributes
SetPropW
SetTimer
SetWindowLongA
SetWindowLongPtrW
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowsHookExW
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
ToUnicode
TrackMouseEvent
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UnregisterDeviceNotification
ValidateRect
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

winmm

midiOutGetDevCapsA
midiOutGetNumDevs
midiOutLongMsg
midiOutPrepareHeader
midiOutShortMsg
midiOutUnprepareHeader
midiStreamClose
midiStreamOpen
midiStreamOut
midiStreamPosition
midiStreamProperty
midiStreamRestart
midiStreamStop
timeBeginPeriod
timeEndPeriod
timeGetDevCaps
timeGetTime
waveInAddBuffer
waveInClose
waveInGetDevCapsW
waveInGetNumDevs
waveInOpen
waveInPrepareHeader
waveInReset
waveInStart
waveInUnprepareHeader
waveOutClose
waveOutGetDevCapsW
waveOutGetErrorTextW
waveOutGetNumDevs
waveOutOpen
waveOutPrepareHeader
waveOutReset
waveOutUnprepareHeader
waveOutWrite

ws2_32

WSARecvFrom
WSASendTo
WSAStringToAddressA
getnameinfo

wsock32

WSACleanup
WSAGetLastError
WSAStartup
__WSAFDIsSet
accept
bind
closesocket
connect
gethostbyaddr
gethostbyname
gethostname
getsockname
getsockopt
htonl
htons
inet_addr
inet_ntoa
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

dsound

DirectSoundCreate

Exports

Exports

AmdPowerXpressRequestHighPerformance
NvOptimusEnablement
_sm_allocator_create
_sm_allocator_destroy
_sm_allocator_thread_cache_create
_sm_allocator_thread_cache_destroy
_sm_free
_sm_malloc
_sm_mbucket
_sm_msize
_sm_realloc

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 663KB - Virtual size: 662KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.xdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 20.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 382B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

111697fd815199101ee9119cc9605190

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

imm32

kernel32

msvcrt

ole32

oleaut32

setupapi

shell32

user32

version

winmm

ws2_32

wsock32

dsound

Exports

Exports

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.data Size: 185KB - Virtual size: 184KB

.rdata Size: 663KB - Virtual size: 662KB

.pdata Size: 93KB - Virtual size: 92KB

.xdata Size: 96KB - Virtual size: 96KB

.bss Size: - Virtual size: 20.0MB

.edata Size: 512B - Virtual size: 382B

.idata Size: 21KB - Virtual size: 21KB

.CRT Size: 512B - Virtual size: 112B

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 48KB - Virtual size: 47KB

.reloc Size: 26KB - Virtual size: 26KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.data
Size: 185KB - Virtual size: 184KB

.rdata
Size: 663KB - Virtual size: 662KB

.pdata
Size: 93KB - Virtual size: 92KB

.xdata
Size: 96KB - Virtual size: 96KB

.bss
Size: - Virtual size: 20.0MB

.edata
Size: 512B - Virtual size: 382B

.idata
Size: 21KB - Virtual size: 21KB

.CRT
Size: 512B - Virtual size: 112B

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 48KB - Virtual size: 47KB

.reloc
Size: 26KB - Virtual size: 26KB