NEAS[.]c4bd17f5de952f49af8d64eae3688660[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.c4bd17f5de952f49af8d64eae3688660.exe
Size

1.4MB
MD5

c4bd17f5de952f49af8d64eae3688660
SHA1

e20a87e9935e2face47034b568db736d8e69d703
SHA256

51310ad4d35a3f84694de23261d1b55120a87337bc843d9c7675fe4825dc83fa
SHA512

8421f79e4d9ada8b1ed506d378a4d4cd21f2e3b6887849ebb613e18d1eb628f9759ee32c4d9357798e067dfef5f7acef04a62d43ad2e0730c1bdbbdc47610ba1
SSDEEP

24576:9u4cdsJVx1G2Wd34zlAXK8t4Y8SAVRXdaaOCmfEnSdygP+Y:5G3sqXK9dXifU4Pv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c4bd17f5de952f49af8d64eae3688660.exe

Files

NEAS.c4bd17f5de952f49af8d64eae3688660.exe
.exe windows:4 windows x86

2d15c06d6dc0295807a016950216b9e8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ole32

CoTaskMemAlloc
CoInitialize
CoUninitialize

shell32

SHGetFileInfoA

olepro32

OleTranslateColor

kernel32

GetProcAddress
VirtualProtect
RtlMoveMemory
HeapFree
GetModuleHandleA
GetProcessHeap
RtlZeroMemory
LoadLibraryA
lstrcmpA
FreeLibrary
lstrlenA
GetVersion
MulDiv
lstrlenW
lstrcmpiA
HeapAlloc
MultiByteToWideChar

comctl32

ImageList_DrawEx
ImageList_DragMove
ImageList_GetIcon
ImageList_AddIcon
ImageList_DragLeave
ImageList_DragEnter
ImageList_BeginDrag
InitCommonControlsEx
ImageList_EndDrag
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Create
DllGetVersion
ImageList_DragShowNolock
ImageList_Draw
ImageList_AddMasked
InitCommonControls
ImageList_Destroy

gdi32

GetObjectA
SelectObject
GetDeviceCaps
CreateFontIndirectA
DeleteDC
CreateCompatibleDC
CreateDCA
CreateDIBSection
GetPixel
SetTextColor
CreateBrushIndirect
CreatePenIndirect
OffsetWindowOrgEx
StretchDIBits
DeleteObject
CreateCompatibleBitmap
GetTextExtentPoint32A
BitBlt
SetBkColor

user32

SetWindowPos
DestroyIcon
LoadImageA
RemovePropA
GetWindowRect
CreateWindowExA
ScreenToClient
SetWindowsHookExA
ReleaseCapture
FillRect
InvalidateRect
DrawStateA
GetKeyState
UnhookWindowsHookEx
IsRectEmpty
UnionRect
VkKeyScanA
FindWindowExA
EnableWindow
MoveWindow
SetActiveWindow
OffsetRect
DestroyWindow
GetSysColor
RedrawWindow
DrawTextA
SetFocus
GetScrollInfo
SetWindowLongA
SystemParametersInfoA
SendMessageA
ReleaseDC
VkKeyScanW
WindowFromPoint
DestroyAcceleratorTable
PostMessageA
CreateAcceleratorTableA
InflateRect
GetFocus
GetDC
CallNextHookEx
GetSystemMetrics
GetAsyncKeyState
SetPropA
SetTimer
DestroyCursor
GetActiveWindow
KillTimer
GetClientRect
GetCursorPos
GetPropA
UpdateWindow
IntersectRect

msvbvm60

EVENT_SINK_GetIDsOfNames
__vbaVarSub
__vbaVarTstGt
__vbaStrI2
_CIcos
_adj_fptan
__vbaHresultCheck
__vbaVarMove
__vbaStrI4
__vbaRedimPreserveVar
__vbaVarVargNofree
__vbaAryMove
__vbaFreeVar
ord588
__vbaLateIdCall
__vbaStrVarMove
__vbaLenBstr
ord697
__vbaEnd
__vbaFreeVarList
__vbaVargObjAddref
_adj_fdiv_m64
ord698
EVENT_SINK_Invoke
__vbaVarIndexStore
__vbaRaiseEvent
__vbaFreeObjList
ord516
ord517
__vbaStrErrVarCopy
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaVarSetVarAddref
__vbaI2Abs
__vbaI4Sgn
__vbaCopyBytes
__vbaResume
__vbaForEachCollAd
__vbaStrCat
ord553
__vbaLsetFixstr
__vbaBoolErrVar
__vbaRecDestruct
__vbaSetSystemError
__vbaLenBstrB
__vbaHresultCheckObj
ord556
_adj_fdiv_m32
__vbaVarTstLe
__vbaAryVar
Zombie_GetTypeInfo
__vbaVarCmpGe
__vbaAryDestruct
__vbaLateMemSt
__vbaVarIndexLoadRefLock
EVENT_SINK2_Release
ord592
ord593
__vbaVarForInit
__vbaStrBool
__vbaBoolStr
__vbaForEachCollObj
__vbaExitProc
ord594
__vbaI4Abs
ord595
__vbaOnError
__vbaObjSet
__vbaVargObj
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
__vbaVarIndexLoad
ord598
__vbaCyStr
ord520
__vbaStrFixstr
__vbaBoolVar
__vbaFpR8
__vbaBoolVarNull
__vbaRefVarAry
_CIsin
ord709
VarPtr
ord631
__vbaErase
ord632
__vbaVargVarMove
__vbaNextEachCollObj
__vbaVarZero
__vbaVarCmpGt
ord525
__vbaChkstk
ord526
__vbaCyVar
EVENT_SINK_AddRef
ord527
__vbaExitEachColl
__vbaStrCmp
__vbaAryConstruct2
__vbaVarTstEq
ord561
__vbaObjVar
PutMem1
__vbaI2I4
ord562
PutMem2
DllFunctionCall
__vbaVarOr
ord563
__vbaCySub
PutMem4
__vbaCastObjVar
__vbaRedimPreserve
__vbaLbound
_adj_fpatan
__vbaR4Var
__vbaFixstrConstruct
__vbaLateIdCallLd
Zombie_GetTypeInfoCount
__vbaR8Cy
__vbaStrR8
__vbaRedim
__vbaRecUniToAnsi
EVENT_SINK_Release
__vbaNew
ord600
__vbaUI1I2
ord601
_CIsqrt
__vbaLateIdCallSt
__vbaRedimVar
__vbaVarAnd
__vbaObjIs
EVENT_SINK_QueryInterface
__vbaVarMul
__vbaStr2Vec
ord710
__vbaUI1I4
__vbaExceptHandler
ord711
ord712
__vbaStrToUnicode
__vbaDateStr
ord606
_adj_fprem
_adj_fdivr_m64
__vbaI2Str
__vbaLateIdStAd
ord714
ord607
GetMem1
__vbaFailedFriend
ord608
GetMem2
ord715
ord716
ord609
__vbaVarCmpLe
__vbaFPException
__vbaInStrVar
GetMem4
ord717
ord319
__vbaUbound
__vbaStrVarVal
__vbaVarCat
__vbaCheckType
__vbaDateVar
__vbaMidStmtBstrB
__vbaI2Var
ord537
ord644
ord538
_CIlog
ord539
__vbaErrorOverflow
__vbaVar2Vec
__vbaInStr
__vbaR8Str
__vbaNew2
_adj_fdiv_m32i
ord572
_adj_fdivr_m32i
ord573
__vbaStrCopy
EVENT_SINK2_AddRef
ord681
__vbaI4Str
__vbaFreeStrList
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
__vbaI4Var
__vbaVarCmpEq
ord611
__vbaVarAdd
__vbaLateMemCall
__vbaAryLock
ord320
__vbaStrToAnsi
__vbaStrComp
__vbaVarDup
ord321
__vbaVerifyVarObj
__vbaFpI2
ord614
ord616
__vbaVarCopy
__vbaFpI4
ord617
__vbaRecDestructAnsi
__vbaLateMemCallLd
_CIatan
__vbaUI1Str
__vbaAryCopy
ord618
__vbaStrMove
__vbaCastObj
__vbaStrVarCopy
ord619
__vbaI4Cy
ord542
__vbaVarNeg
__vbaLateIdNamedCall
ord543
ord650
_allmul
ord544
__vbaLateIdSt
__vbaAryRecCopy
ord545
_CItan
__vbaNextEachCollAd
__vbaUI1Var
ord547
__vbaAryUnlock
__vbaVarForNext
_CIexp
__vbaMidStmtBstr
__vbaRecAssign
__vbaI4ErrVar
__vbaFreeStr
__vbaFreeObj
ord581

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2d15c06d6dc0295807a016950216b9e8

Headers

File Characteristics

Imports

ole32

shell32

olepro32

kernel32

comctl32

gdi32

user32

msvbvm60

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.data Size: 4KB - Virtual size: 51KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.data
Size: 4KB - Virtual size: 51KB

.rsrc
Size: 28KB - Virtual size: 26KB