NEAS[.]c5ec5bd145fa82a682bd54007d0c6b00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c5ec5bd145fa82a682bd54007d0c6b00.exe
Size

4.0MB
MD5

c5ec5bd145fa82a682bd54007d0c6b00
SHA1

b8b6ac83b058e0649ca25bf236f74065b1c46e08
SHA256

e957c410794d558f0d1bf224778dfe9a4479872ab296ce2b2b3f6b43f91702b8
SHA512

87526476027c05c04171d00f60141fac8682947978a3a23aed264f124fa72883f085b02563c492049596958485f91f47bb5e01716ad254757f4a7b6df7a13dea
SSDEEP

49152:8VqccSxV4RG9dO1Ro4Mc2vJJtWQjJ9CWxZZN2y2uWBWXn:8Vp95wOxtWW9r0BWXn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c5ec5bd145fa82a682bd54007d0c6b00.exe

Files

NEAS.c5ec5bd145fa82a682bd54007d0c6b00.exe
.exe windows:4 windows x86

106bb15fc778a2cc8a954d762e4c3137

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEvent
SuspendThread
CreateEventA
GetModuleFileNameW
InterlockedDecrement
GlobalFlags
LocalAlloc
LeaveCriticalSection
TlsGetValue
EnterCriticalSection
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetCPInfo
GetOEMCP
GetAtomNameA
SystemTimeToFileTime
GetPrivateProfileIntA
WritePrivateProfileStringA
MoveFileA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
FindClose
FindFirstFileA
GetFullPathNameA
SetErrorMode
LocalFileTimeToFileTime
SetFileTime
SetFileAttributesA
GetFileAttributesA
RtlUnwind
HeapAlloc
HeapFree
GetSystemInfo
WaitForSingleObject
GetDateFormatA
HeapReAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
RaiseException
ExitThread
HeapSize
UnhandledExceptionFilter
IsDebuggerPresent
FatalAppExitA
HeapDestroy
HeapCreate
GetStdHandle
GetACP
LCMapStringW
SetHandleCount
GetFileType
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
SetConsoleCtrlHandler
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA
ResumeThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
lstrcmpA
CopyFileA
GlobalSize
FormatMessageA
LocalFree
MulDiv
GetThreadLocale
InterlockedIncrement
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
SetLastError
lstrcmpW
GlobalLock
GlobalUnlock
FreeResource
GetStringTypeExW
GetStringTypeExA
GetEnvironmentVariableW
lstrcmpiW
lstrcmpiA
CompareStringW
CompareStringA
lstrlenW
GetVersion
GetLastError
InterlockedExchange
CreateProcessA
DeleteFileA
CreateDirectoryA
GetFileTime
GetVolumeInformationA
OpenProcess
Process32First
OpenMutexA
Process32Next
GlobalAlloc
GlobalFree
lstrlenA
GetPrivateProfileStringA
WideCharToMultiByte
FileTimeToLocalFileTime
FileTimeToSystemTime
LCMapStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentDirectoryA
SetUnhandledExceptionFilter
GetLocalTime
GetCurrentThreadId
GetTickCount
TerminateThread
GetWindowsDirectoryA
WriteFile
CreateThread
DuplicateHandle
GetCurrentDirectoryW
MultiByteToWideChar
OutputDebugStringA
FreeLibrary
Sleep
GetCurrentProcessId
IsBadWritePtr
CreateToolhelp32Snapshot
Module32First
Module32Next
CreateFileA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualQuery
GetShortPathNameA
GetEnvironmentVariableA
lstrcatA
SetPriorityClass
GetCurrentThread
SetThreadPriority
GetModuleFileNameA
GetSystemDirectoryA
WinExec
GetVersionExA
SetFilePointer
ReadFile
GetFileSize
ReadProcessMemory
CloseHandle
IsBadReadPtr
VirtualFree
GetModuleHandleA
VirtualAlloc
VirtualProtect
WriteProcessMemory
LoadLibraryA
GetProcAddress
lstrcpyA
GetCurrentProcess
TerminateProcess
GetTimeFormatA
ExitProcess

user32

ReleaseCapture
DeleteMenu
WindowFromPoint
WaitMessage
DestroyIcon
GetNextDlgGroupItem
MessageBeep
UnregisterClassA
RegisterClipboardFormatA
TranslateAcceleratorA
SetMenu
CreatePopupMenu
InsertMenuItemA
LoadAcceleratorsA
LoadMenuA
ReuseDDElParam
UnpackDDElParam
PostThreadMessageA
GetSystemMenu
SetParent
UnionRect
GetDCEx
LockWindowUpdate
GetMessageA
TranslateMessage
GetCursorPos
ValidateRect
PostQuitMessage
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
FillRect
GetMenuStringA
AppendMenuA
InsertMenuA
RemoveMenu
CharNextA
ScrollWindowEx
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetCapture
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
PeekMessageA
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
UpdateWindow
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
OffsetRect
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetDesktopWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
CharUpperW
CharUpperA
CharLowerW
CharLowerA
GetWindowLongA
CopyRect
IntersectRect
InvalidateRgn
SetRect
CopyAcceleratorTableA
DestroyMenu
GetMenuItemInfoA
InflateRect
GetSysColorBrush
GetDialogBaseUnits
SetWindowContextHelpId
MapDialogRect
MapVirtualKeyA
GetKeyNameTextA
SetWindowsHookExA
ShowOwnedPopups
IsRectEmpty
SetRectEmpty
SetWindowPos
GetWindowRect
GetDlgItem
OpenDesktopA
EnumDesktopWindows
GetWindowThreadProcessId
GetSystemMetrics
IsIconic
DrawIcon
EnumWindows
IsWindowVisible
GetWindowTextA
PostMessageA
GetDC
LoadIconA
SendMessageA
OpenClipboard
BringWindowToTop
SetWindowLongA
LoadCursorA
CopyIcon
GetMessagePos
KillTimer
SetTimer
InvalidateRect
ScreenToClient
GetClientRect
PtInRect
SetCursor
MessageBoxA
EnableWindow
SetScrollRange

gdi32

ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
DeleteDC
CreateDIBPatternBrushPt
CreatePatternBrush
CreateCompatibleDC
BitBlt
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
SetWindowExtEx
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32A
GetTextMetricsA
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode
DPtoLP
CreateCompatibleBitmap
GetCharWidthA
CreateFontA
StretchDIBits
GetWindowExtEx
GetViewportExtEx
SelectClipPath
CreateRectRgn
GetClipRgn
SelectClipRgn
DeleteObject
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
StartDocA
CreateHatchBrush
GetStockObject
SetColorAdjustment
SetArcDirection
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
CreateDCA
CopyMetaFileA
GetTextColor
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
GetBkColor
CreateFontIndirectA
GetPixel

comdlg32

GetOpenFileNameA
GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegEnumKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumValueA
RegQueryValueA
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
RegCloseKey
RegDeleteValueA

shell32

DragQueryFileA
ShellExecuteExA
ShellExecuteA
ExtractIconA
SHGetFileInfoA
SHChangeNotify
DragFinish

shlwapi

PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA

oledlg

ord8

ole32

ReleaseStgMedium
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
CoTaskMemAlloc
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CLSIDFromString
CLSIDFromProgID
CoCreateInstance
OleRun
OleDuplicateData
CoDisconnectObject
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StringFromGUID2
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRegisterClassObject
CoRevokeClassObject
OleSetClipboard
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
WriteClassStg
CreateStreamOnHGlobal

oleaut32

LoadTypeLi
VarBstrFromDate
VarCyFromStr
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
SysReAllocStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SafeArrayDestroy
SystemTimeToVariantTime
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysStringLen
SysFreeString
OleCreateFontIndirect
SysAllocStringLen
VariantInit
VariantChangeType
VariantClear
VarDateFromStr
VariantTimeToSystemTime

wininet

InternetReadFile
HttpQueryInfoA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle

dbghelp

MiniDumpWriteDump

iphlpapi

GetIfTable
GetAdaptersInfo
SetIfEntry

Sections

.text
Size: 548KB - Virtual size: 546KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text1
Size: 4KB - Virtual size: 122B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pData0
Size: 448KB - Virtual size: 447KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.iText
Size: 4KB - Virtual size: 161B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tdata
Size: 4KB - Virtual size: 189B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vtext
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

106bb15fc778a2cc8a954d762e4c3137

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

oledlg

ole32

oleaut32

wininet

dbghelp

iphlpapi

Sections

.text Size: 548KB - Virtual size: 546KB

.text1 Size: 4KB - Virtual size: 122B

.rdata Size: 120KB - Virtual size: 119KB

.data Size: 28KB - Virtual size: 43KB

.tls Size: 4KB - Virtual size: 8B

.rsrc Size: 24KB - Virtual size: 22KB

.pData0 Size: 448KB - Virtual size: 447KB

.iText Size: 4KB - Virtual size: 161B

.tdata Size: 4KB - Virtual size: 189B

.vtext Size: 2.8MB - Virtual size: 2.8MB

.text
Size: 548KB - Virtual size: 546KB

.text1
Size: 4KB - Virtual size: 122B

.rdata
Size: 120KB - Virtual size: 119KB

.data
Size: 28KB - Virtual size: 43KB

.tls
Size: 4KB - Virtual size: 8B

.rsrc
Size: 24KB - Virtual size: 22KB

.pData0
Size: 448KB - Virtual size: 447KB

.iText
Size: 4KB - Virtual size: 161B

.tdata
Size: 4KB - Virtual size: 189B

.vtext
Size: 2.8MB - Virtual size: 2.8MB