NEAS[.]3d2a55750f90ad7a12a19b69227a5ed0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3d2a55750f90ad7a12a19b69227a5ed0.exe
Size

172KB
MD5

3d2a55750f90ad7a12a19b69227a5ed0
SHA1

1c6a31af5807df8170b5a351e35b7eb696ebe23f
SHA256

ad9bf92cbf7598f36c64590ff72e6b9e258e6b678090821327df1ab88c6d29d8
SHA512

e6dc6d06461a1bccec583088b82e132a9cd4e595ac0d720179b415784ee748b9af5fc7551f56c03738bad5e2970a6502a68b75f9bb0caf888567145fb1aad885
SSDEEP

3072:T75bw1oJEbTicBxcvOSqXSy6f8Go6HLBO+33MouLoLgulQ2:JEDBFiB8GTfH9DK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3d2a55750f90ad7a12a19b69227a5ed0.exe

Files

NEAS.3d2a55750f90ad7a12a19b69227a5ed0.exe
.exe windows:4 windows x86

3eb5af724351ba702927656f08d4d1ad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

select
recvfrom
sendto
WSASend
listen
gethostbyname
setsockopt
inet_ntoa
WSARecv
closesocket
WSAStartup
WSAGetLastError
htons
socket
bind
WSAEventSelect
accept
WSACleanup

w3btrv7

BTRCALLID@32

kernel32

DeleteCriticalSection
GlobalHandle
LeaveCriticalSection
GlobalReAlloc
EnterCriticalSection
TlsSetValue
LocalReAlloc
TlsGetValue
lstrcmpA
GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
GetCurrentDirectoryA
RtlUnwind
ExitProcess
TerminateProcess
SetStdHandle
GetFileType
HeapFree
HeapAlloc
GetCommandLineA
RaiseException
GetLocalTime
GetACP
HeapSize
HeapReAlloc
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalLock
GlobalUnlock
SetLastError
IsBadReadPtr
IsBadWritePtr
GetFileAttributesA
TlsAlloc
lstrcpynA
SetEndOfFile
SetCurrentDirectoryA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GetCurrentThreadId
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetTimeZoneInformation
GetWindowsDirectoryA
WritePrivateProfileStringA
GetPrivateProfileStringA
CreateProcessA
lstrcpyA
GetSystemTime
LocalAlloc
AllocConsole
GetStdHandle
FormatMessageA
LocalFree
SetConsoleCtrlHandler
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetVersionExA
DeleteFileA
GetTickCount
GetLastError
PostQueuedCompletionStatus
SleepEx
GlobalAlloc
CreateIoCompletionPort
CreateThread
GetQueuedCompletionStatus
PulseEvent
ExitThread
GlobalFree
FindFirstFileA
FindClose
SetEvent
Sleep
CloseHandle
CreateEventA
WaitForSingleObject
InitializeCriticalSection
InterlockedExchange

user32

GetMenuCheckMarkDimensions
ClientToScreen
ReleaseDC
TabbedTextOutA
DrawTextA
GrayStringA
GetClassNameA
PtInRect
PostQuitMessage
LoadCursorA
GetSysColorBrush
DestroyMenu
LoadStringA
EnableMenuItem
GetNextDlgTabItem
IsWindowEnabled
SetWindowTextA
LoadIconA
PostMessageA
MapWindowPoints
GetSysColor
GetFocus
SetFocus
AdjustWindowRectEx
GetClientRect
CopyRect
GetMenuState
GetTopWindow
GetParent
GetCapture
WinHelpA
GetClassInfoA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetWindowTextA
GetDlgCtrlID
GetKeyState
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
SetWindowPos
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetSystemMetrics
GetWindowLongA
SetWindowLongA
SendMessageA
LoadBitmapA
GetDC
MessageBoxA
RegisterClassA
CreateWindowExA
DefWindowProcA
DestroyWindow
EnableWindow
PeekMessageA
TranslateMessage
DispatchMessageA
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetWindow

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteObject
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap
SetBkColor
SetTextColor

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

StartServiceA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenSCManagerA
CreateServiceA
CloseServiceHandle
StartServiceCtrlDispatcherA
GetUserNameA
LookupAccountNameA
IsValidSid
GetLengthSid
CopySid
RegDeleteValueA
OpenServiceA
ControlService
QueryServiceStatus
LockServiceDatabase
QueryServiceLockStatusA
ChangeServiceConfigA
UnlockServiceDatabase
RegDeleteKeyA
RegOpenKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
DeregisterEventSource
ReportEventA
RegisterEventSourceA
RegQueryValueExA
DeleteService

shell32

ShellExecuteA

comctl32

ord17

wininet

InternetCloseHandle
HttpQueryInfoA
InternetOpenUrlA
InternetOpenA
InternetReadFile

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3eb5af724351ba702927656f08d4d1ad

Headers

File Characteristics

Imports

ws2_32

w3btrv7

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

comctl32

wininet

Sections

.text Size: 120KB - Virtual size: 119KB

.rdata Size: 28KB - Virtual size: 24KB

.data Size: 16KB - Virtual size: 34KB

.rsrc Size: 4KB - Virtual size: 1KB

.text
Size: 120KB - Virtual size: 119KB

.rdata
Size: 28KB - Virtual size: 24KB

.data
Size: 16KB - Virtual size: 34KB

.rsrc
Size: 4KB - Virtual size: 1KB