NEAS[.]b2f4522f4555d3772e08a9e1b1e4cbc0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b2f4522f4555d3772e08a9e1b1e4cbc0.exe
Size

120KB
MD5

b2f4522f4555d3772e08a9e1b1e4cbc0
SHA1

bda4cc72900eeaee25220a019141bcbe3cf63e14
SHA256

80c8b1d200b70ca47d0c36a1f3012576dedae77ac025273a3928414425687fc5
SHA512

5d60aeced44ad01531da6ec67bc771c1016ebdf7e24c40e6f9eec0bbdf31741f80bc5856d98824322be28af85c55c24be1416e285dbb37114df1c5723e8053de
SSDEEP

1536:UD58pF1KjP1j5IqgTsuUVA0vTsOGKaAPVOtzuFsEf4nZdhG7JNhBa8pOw:71KjP3f/uU5vMAMwsEgdg7JbBa8pD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b2f4522f4555d3772e08a9e1b1e4cbc0.exe

Files

NEAS.b2f4522f4555d3772e08a9e1b1e4cbc0.exe
.exe windows:4 windows x86

c3a9c8aafdf385244cb0ac1d2c930feb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

sendto
inet_ntoa
closesocket
gethostbyname
WSAGetLastError
WSACleanup
inet_addr
ntohl
ntohs
htons
WSAStartup
socket

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetModuleBaseNameA

netapi32

NetGetJoinInformation
NetApiBufferFree

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

kernel32

DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
WaitForSingleObject
CreateEventA
GetTickCount
CreateFileA
GetCurrentProcess
GetCurrentThread
WinExec
GetTempPathA
DeviceIoControl
LocalFree
Sleep
HeapFree
HeapAlloc
GetProcessHeap
GetPrivateProfileStringA
GetVersionExA
OpenFile
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileTime
SetFileTime
InitializeCriticalSection
SetEvent
CreateToolhelp32Snapshot
GetProcAddress
CreateDirectoryA
CompareFileTime
GetFileAttributesExA
GetTempFileNameA
WideCharToMultiByte
MultiByteToWideChar
OpenProcess
LoadLibraryA
TerminateProcess
GetComputerNameA
MoveFileA
FindFirstFileA
WaitForMultipleObjects
ProcessIdToSessionId
GetCurrentProcessId
FreeLibrary
Process32First
lstrcmpiA
GetCurrentThreadId
InterlockedDecrement
GetLastError
CreateThread
CloseHandle
GetWindowsDirectoryA
DeleteFileA
Process32Next
RemoveDirectoryA
GetModuleFileNameA
lstrlenA
CopyFileA
GetCommandLineA
GetStartupInfoA
GetModuleHandleA

mfc42

ord389
ord535
ord2915
ord4160
ord825
ord548
ord3337
ord858
ord924
ord6283
ord2764
ord922
ord6877
ord1105
ord539
ord6059
ord6426
ord5204
ord5808
ord5356
ord1988
ord690
ord2393
ord540
ord800
ord1168
ord823
ord2614
ord2818
ord4202
ord537
ord2820

msvcrt

_errno
_mbsicmp
_strlwr
_mbscmp
fputs
fgets
strncat
__dllonexit
_onexit
_except_handler3
??1type_info@@UAE@XZ
_exit
_XcptFilter
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
strerror
_snprintf
_vsnprintf
fread
fopen
fwrite
fclose
_read
exit
sscanf
_ftol
_open
_write
_close
strncpy
_CxxThrowException
strncmp
time
strcat
malloc
free
printf
rename
memcpy
vsprintf
puts
__CxxFrameHandler
sprintf
memset
strstr
strcmp
strlen
strtok
atoi
strcpy
_strdup
_stricmp
calloc

user32

CharNextA
DispatchMessageA
MsgWaitForMultipleObjectsEx
PeekMessageA
TranslateMessage
PostThreadMessageA
GetMessageA
LoadStringA

advapi32

CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeregisterEventSource
ReportEventA
RegEnumValueA
RegCreateKeyExA
GetTokenInformation
OpenThreadToken
OpenProcessToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA
StartServiceA
StartServiceCtrlDispatcherA
RegisterEventSourceA
RegisterServiceCtrlHandlerA
LookupPrivilegeValueA
AdjustTokenPrivileges
SetServiceStatus
RegQueryValueExA
RegCloseKey
RegSetValueExA
ControlService
DeleteService
CreateServiceA
RegDeleteValueA

ole32

CoUninitialize
CoInitializeSecurity
CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp60

?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADHD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBDH@Z
??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?open@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXPBDH@Z

atl

ord57
ord23
ord18
ord17
ord20
ord16

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

Sections

.text
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c3a9c8aafdf385244cb0ac1d2c930feb

Headers

File Characteristics

Imports

ws2_32

psapi

netapi32

version

kernel32

mfc42

msvcrt

user32

advapi32

ole32

oleaut32

msvcp60

atl

iphlpapi

Sections

.text Size: 64KB - Virtual size: 61KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 8KB - Virtual size: 3.3MB

.idata Size: 8KB - Virtual size: 6KB

.rsrc Size: 8KB - Virtual size: 4KB

.reloc Size: 20KB - Virtual size: 16KB

.text
Size: 64KB - Virtual size: 61KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 8KB - Virtual size: 3.3MB

.idata
Size: 8KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 20KB - Virtual size: 16KB