NEAS[.]3aa5d1c2f8e0d7dc9f17e8205d459e00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3aa5d1c2f8e0d7dc9f17e8205d459e00.exe
Size

624KB
MD5

3aa5d1c2f8e0d7dc9f17e8205d459e00
SHA1

bb3f1848ddf701344c53f71207baeac1ea8b0e21
SHA256

5c15107b514d801d93f648979563ef5a7e0dc37ac04fad1a9054268b7cff3317
SHA512

951cba837567fb8cd7c9d6ad053256e95e0f2bfe73cc5b6c659748c7b4b8594ff1909e49af0887dba9a7de89bcab7e8cb4a280c479d6a93feef22e5ef730ae01
SSDEEP

6144:kbkjc+bnVStvQbrC3oHKHP49SM+vbPTsy781BsEPcsT1Eyam3ouD26L7:kkI+bnVStvQbrgoIdsyI3jPc6WuD26f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3aa5d1c2f8e0d7dc9f17e8205d459e00.exe

Files

NEAS.3aa5d1c2f8e0d7dc9f17e8205d459e00.exe
.exe windows:4 windows x86

29056e4d6c2d8e4b7e62fe3b58342d7d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shell32

ShellExecuteExA
SHGetFolderPathW
Shell_NotifyIconA
ShellExecuteA

gdi32

SetBkColor
MaskBlt
CreateBitmap
BitBlt
GetStockObject
ExtTextOutA
CreateFontIndirectA
GetTextExtentPoint32A
SetBkMode
CreateCompatibleBitmap
CreatePatternBrush
GetObjectA
DeleteDC
StretchBlt
DeleteObject
SelectObject
CreateCompatibleDC
Rectangle
CreatePen
CreateSolidBrush
SetTextColor

user32

GetClientRect
LoadBitmapA
CallWindowProcA
ReleaseDC
SetWindowLongA
GetDC
BeginPaint
SendMessageA
FillRect
GetWindowRect
EndPaint
MoveWindow
SendDlgItemMessageA
SetFocus
GetDlgItem
ShowWindow
GetDlgItemTextA
SetDlgItemTextA
wsprintfW
wsprintfA
LoadImageA
IsMenu
TrackPopupMenu
EnableMenuItem
GetCursorPos
CreatePopupMenu
InsertMenuA
DestroyMenu
DestroyIcon
ClientToScreen
GetParent
GetDesktopWindow
RegisterClassExA
PostQuitMessage
SetForegroundWindow
LoadIconA
RegisterWindowMessageA
IsDialogMessageA
IsWindow
LoadStringA
SetCursor
GetFocus
DrawFocusRect
GetSystemMetrics
PostMessageA
RedrawWindow
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
SetTimer
KillTimer
IsDlgButtonChecked
GetKeyState
ScreenToClient
CheckDlgButton
GetDlgCtrlID
MessageBoxA
DestroyWindow
EndDialog
PeekMessageA
EnableWindow
CreateDialogParamA
DialogBoxParamA
SetWindowPos
SetWindowTextA
UpdateWindow
GetMessageA
TranslateMessage
GetWindowLongA
CreateWindowExA
DefWindowProcA
wvsprintfA
DispatchMessageA
LoadCursorA
RegisterClassA

setupapi

SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
CM_Get_Parent
CM_Request_Device_EjectA
SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

hid

HidP_GetCaps
HidD_FreePreparsedData
HidD_GetSerialNumberString
HidD_GetAttributes
HidD_GetHidGuid
HidD_FlushQueue
HidD_GetPreparsedData

ws2_32

WSAStartup
inet_addr
htons
shutdown
WSACleanup
socket
closesocket
gethostbyaddr
gethostbyname
connect

winhttp

WinHttpReadData
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse

kernel32

InitializeCriticalSection
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapSize
DeleteCriticalSection
GetFileType
FreeEnvironmentStringsA
SetHandleCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetACP
InterlockedDecrement
InterlockedIncrement
GetCPInfo
RtlUnwind
RaiseException
GetStartupInfoA
GetProcessHeap
GetCommandLineA
ExitProcess
CreateThread
ResumeThread
ExitThread
HeapAlloc
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
CreateEventA
GetModuleFileNameA
GetDriveTypeA
ReleaseMutex
CreateMutexA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStdHandle
CreateSemaphoreA
WaitForSingleObject
GetFullPathNameA
GetUserDefaultLangID
LockResource
FlushFileBuffers
SizeofResource
LoadResource
SetEndOfFile
FindResourceA
GetFileSize
GlobalUnlock
GlobalAlloc
GlobalLock
SetFilePointer
GetCurrentProcess
SetVolumeMountPointA
GetLogicalDrives
QueryDosDeviceA
CopyFileA
OutputDebugStringA
GetLastError
lstrcatA
lstrcpyA
FindFirstFileA
FindClose
FindNextFileA
GetCurrentDirectoryA
DeleteFileA
CreateFileA
FormatMessageA
DeviceIoControl
CloseHandle
FreeLibrary
OutputDebugStringW
GetProcAddress
LoadLibraryA
GetModuleHandleA
GetDiskFreeSpaceExW
GetVolumeInformationW
lstrcmpA
GetPrivateProfileStringA
GetVersionExA
GetPrivateProfileStringW
WriteFile
Sleep
ReadFile
GlobalFree
lstrlenA
GetTickCount
GetPrivateProfileIntA
lstrcmpiA
WritePrivateProfileStringA
SetErrorMode

advapi32

RegCloseKey
RegOpenKeyW
RegQueryValueExA

Sections

.text
Size: 296KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 260KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

29056e4d6c2d8e4b7e62fe3b58342d7d

Headers

File Characteristics

Imports

shell32

gdi32

user32

setupapi

version

hid

ws2_32

winhttp

kernel32

advapi32

Sections

.text Size: 296KB - Virtual size: 293KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 16KB - Virtual size: 47KB

.rsrc Size: 260KB - Virtual size: 257KB

.text
Size: 296KB - Virtual size: 293KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 16KB - Virtual size: 47KB

.rsrc
Size: 260KB - Virtual size: 257KB