NEAS[.]ab51a440083ce5893f4df9d6ddffbed0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.ab51a440083ce5893f4df9d6ddffbed0.exe
Size

343KB
MD5

ab51a440083ce5893f4df9d6ddffbed0
SHA1

60f1533750a4f0dfad16bd29a122d5544e79456e
SHA256

fdd0c338575355a61bb1b5ee5a5a256c23b923f4e234c0fa93587539c74ea8d7
SHA512

415ffe6e1122811dc3c2b9c2ba740746ef0ded1f3592b4b4032f1c06cbdb69e3c661c07138de205f35a3edc85d9bf29a81900370a7b0c3326a6a4e85351540d0
SSDEEP

6144:DqSz2vR0eSiH4h2FZmNgpA5IVkW75xySjkgAW6/EGKOth5fcLF1s:DqWMR0c4hIMSV3Zkw6cGKO2F1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ab51a440083ce5893f4df9d6ddffbed0.exe

Files

NEAS.ab51a440083ce5893f4df9d6ddffbed0.exe
.exe windows:6 windows x86

174400a01b268a209fae2074e85ffe34

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
WriteFile
CloseHandle
GetLastError
SetNamedPipeHandleState
OpenMutexW
Sleep
GetTickCount
lstrlenW
OutputDebugStringA
DecodePointer
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
GetVolumeInformationW
LoadLibraryW
FindResourceW
MultiByteToWideChar
GetCurrentProcessId
FreeLibrary
LoadLibraryA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
FindClose
FindFirstFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
VerSetConditionMask
HeapSetInformation
GetCurrentProcess
ExitProcess
CreateThread
TerminateThread
SetDllDirectoryW
VerifyVersionInfoW
OutputDebugStringW
GetSystemTimeAsFileTime
GetCurrentThreadId
QueryPerformanceCounter
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateFileW
EnterCriticalSection
LeaveCriticalSection
SizeofResource

user32

DdeCreateStringHandleW
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeGetLastError
DdeFreeStringHandle
KillTimer
SetTimer
DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
DdeInitializeW

advapi32

RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize

msvcp120

??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z

msvcr120

__wgetmainargs
__set_app_type
exit
_exit
_cexit
_configthreadlocale
__setusermatherr
_initterm_e
_initterm
__winitenv
_commode
_except1
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
?terminate@@YAXXZ
__crtSetUnhandledExceptionFilter
_invoke_watson
_controlfp_s
_wcslwr
_fmode
??_V@YAXPAX@Z
memset
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy_s
free
wmemcpy_s
_CxxThrowException
__CxxFrameHandler3
_purecall
memchr
memmove
memcpy
wcsnlen
wcsncat_s
wcsncpy_s
wcsncpy
_wcsicmp
fclose
getchar
_wfopen_s
_waccess
_waccess_s
fflush
fgetc
fgetpos
fputc
fsetpos
_fseeki64
fwrite
setvbuf
sprintf_s
ungetc
_lock_file
_unlock_file
_itoa_s
_itow_s
memmove_s
wcscat_s
wcscpy_s
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
__iob_func
_fileno
_get_heap_handle
_setmode
isdigit
isxdigit
isspace
_lock
_unlock
_calloc_crt
__dllonexit
_onexit
_except_handler4_common
??1type_info@@UAE@XZ
_XcptFilter
_amsg_exit

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 213KB - Virtual size: 216KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

174400a01b268a209fae2074e85ffe34

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp120

msvcr120

Sections

.text Size: 73KB - Virtual size: 72KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 213KB - Virtual size: 216KB

.text
Size: 73KB - Virtual size: 72KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 213KB - Virtual size: 216KB