NEAS[.]ce8b4048e426a1f35410360a9cbbb260[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ce8b4048e426a1f35410360a9cbbb260.exe
Size

1.2MB
MD5

ce8b4048e426a1f35410360a9cbbb260
SHA1

d9a2b5d988268abe16095caa472ceaf3f5c26ed2
SHA256

b204d587a41a8da80bec0f83be82eb37b1a7964b8efdc4d7e582b8da3848c36a
SHA512

8688528cf501f520ff32a962256cf89959f17de940ac263d85adb38b7cbab99c120ae535f03ac6efa05cedea3c01e4374aba02f49730d0a25c9979ca3aadbe1e
SSDEEP

24576:5MIFlKYKVoSLcFMpZotkhIRhLh7heP/m8tkI:ebQFMpZ8hLh7hw/ZtkI

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ce8b4048e426a1f35410360a9cbbb260.exe

Files

NEAS.ce8b4048e426a1f35410360a9cbbb260.exe
.exe windows:6 windows x86

7fcaac6692ba8614f99180c3441943dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

vadvapi32

ReportEventW
RegisterEventSourceW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
CryptGetHashParam
CryptHashData
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
RegEnumKeyExW
RegGetValueW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
IsTextUnicode
RegLoadMUIStringW
RegDeleteValueW
RegSetValueExW
CryptReleaseContext
RegCreateKeyExW

vkernel32

LoadLibraryA
GetProcAddress
GlobalFree
SearchPathW
TlsGetValue
GetPrivateProfileStringW
GetModuleFileNameW
ResetEvent
CreateJobObjectW
QueryInformationJobObject
SetInformationJobObject
AssignProcessToJobObject
CompareFileTime
CopyFileW
ExpandEnvironmentStringsW
WritePrivateProfileStringW
TlsSetValue
OpenThread
InterlockedPushEntrySList
GetFileAttributesExW
GetCurrentProcessId
CreateNamedPipeW
ConnectNamedPipe
CreateProcessW
RegisterWaitForSingleObject
TerminateProcess
ResumeThread
GetExitCodeProcess
WaitForMultipleObjects
UnregisterWaitEx
WriteFileEx
GetFileSizeEx
CreateDirectoryW
SetCurrentDirectoryW
CreateDirectoryA
SetCurrentDirectoryA
GetTempPathW
GetTempFileNameW
WriteFile
SetFilePointer
ReadFile
GetProcessHeap
GetModuleHandleW
GetTickCount
DeleteFileW
GetEnvironmentVariableW
RaiseException
LocalFree
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
SetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
GetCurrentProcess
FlushInstructionCache
HeapSetInformation
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
GetDiskFreeSpaceExW
SetVolumeLabelW
GetLogicalDrives
GetVolumeInformationW
GetDriveTypeW
GetSystemWindowsDirectoryW
GetSystemInfo
GetComputerNameW
GetSystemPowerStatus
OutputDebugStringW
GetFileSize
QueueUserAPC
InterlockedFlushSList
InitializeSListHead
GetSystemTime
SystemTimeToFileTime
FindFirstFileW
FindNextFileW
FindClose
MulDiv
GlobalDeleteAtom
GlobalGetAtomNameW
GetTickCount64
QueryPerformanceFrequency
CreateWaitableTimerW
SetWaitableTimer
TlsFree
CancelWaitableTimer
GetVersionExW
GetThreadPreferredUILanguages
WideCharToMultiByte
GlobalAddAtomW
GetFileTime
FindResourceW
SizeofResource
LoadResource
LockResource
FormatMessageW
GetSystemDirectoryW
UnhandledExceptionFilter
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoA
VirtualAlloc
SetErrorMode
GetCommandLineW
RegisterApplicationRestart
GlobalMemoryStatusEx
GetCurrentThreadId
TlsAlloc
Sleep
lstrlenW
SetEvent
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
CompareStringW
CreateEventW
CreateThread
CreateMutexW
GetLastError
WaitForSingleObject
ReleaseMutex
VirtualFree
DelayLoadFailureHook
HeapFree
HeapAlloc
MultiByteToWideChar
LoadLibraryW
FreeLibrary
GetFileAttributesW
SetFileAttributesW
CreateFileW
InterlockedCompareExchange
InitializeCriticalSectionAndSpinCount
InterlockedExchange
CloseHandle
lstrcmpW

gdi32

SetWindowOrgEx
SetBkColor
GetDIBits
CreateCompatibleDC
OffsetWindowOrgEx
SetBkMode
GetClipBox
GetObjectW
BitBlt
SelectObject
CreateDIBSection
SetLayout
CreateFontIndirectW
GetStockObject
GetWindowOrgEx
StretchBlt
SetStretchBltMode
GetPath
LineDDA
GetTextExtentExPointW
SetTextColor
GetDeviceCaps
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
DeleteObject
Rectangle
SelectClipRgn
CreateRectRgn
GetClipRgn
CreateRectRgnIndirect
DeleteMetaFile
CloseMetaFile
RestoreDC
SetWindowExtEx
ExtTextOutW
SaveDC
CreateMetaFileW

vuser32

TrackPopupMenu
CheckMenuItem
SetMenuDefaultItem
PrintWindow
SetLayeredWindowAttributes
DeregisterShellHookWindow
GetWindowThreadProcessId
FindWindowW
ChangeWindowMessageFilter
ShowWindow
AllowSetForegroundWindow
PostMessageW
DefWindowProcW
DestroyWindow
LoadStringW
MessageBoxW
DrawTextExW
GetSystemMetrics
PostThreadMessageW
InflateRect
SetWindowPos
SetWindowRgn
CharUpperW
GetShellWindow
MessageBeep
UnhookWinEvent
SetWinEventHook
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
OpenInputDesktop
GetThreadDesktop
GetUserObjectInformationW
CloseDesktop
InsertMenuItemW
LoadImageW
GetWindowTextW
SetWindowTextW
EndDialog
DrawFrameControl
CreatePopupMenu
AppendMenuW
AdjustWindowRectEx
MonitorFromRect
SetActiveWindow
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
MsgWaitForMultipleObjectsEx
IsDialogMessageW
GetWindowInfo
GetIconInfo
PostQuitMessage
SwitchToThisWindow
SetDlgItemTextW
SetForegroundWindow
GetForegroundWindow
GetCursorPos
SetTimer
GetDlgItem
GetWindowRect
ScreenToClient
KillTimer
DestroyIcon
RegisterWindowMessageW
SendMessageTimeoutW
PeekMessageW
TranslateMessage
DispatchMessageW
SendMessageW
MessageBoxIndirectW
CharUpperBuffW
GetParent
GetKeyState
InvalidateRect
IsWindow
DestroyAcceleratorTable
SetFocus
GetFocus
IsChild
UnionRect
PtInRect
CreateWindowExW
GetWindowLongW
SetWindowLongW
CallWindowProcW
BeginPaint
GetClientRect
EndPaint
IntersectRect
EqualRect
OffsetRect
ReleaseDC
GetDC
DestroyMenu
RemoveMenu
GetSubMenu
LoadMenuW
GetWindow
EnumWindows
DeleteMenu
GetMenuItemCount
GetMonitorInfoW
MapWindowPoints
FillRect
SetRect
MsgWaitForMultipleObjects
RemovePropW
SetPropW
GetPropW
RegisterClassW
LoadCursorW
DialogBoxParamW
CreateDialogParamW
GetDoubleClickTime
SetCapture
ReleaseCapture
NotifyWinEvent
UpdateLayeredWindow
RedrawWindow
SetCursor
GetMessagePos
GetKeyboardState
GetMessageTime
EnableWindow
EnumDisplayMonitors
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
GetDesktopWindow
LoadIconW
IsHungAppWindow
IsWindowVisible
IsRectEmpty
SetParent
UpdateWindow
WindowFromPoint
RegisterHotKey
SystemParametersInfoW
UnregisterHotKey
GetSysColor
MonitorFromWindow
RegisterShellHookWindow

vmsvcrt

_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_ismbblead
_CIexp
floor
ceil
_CIfmod
_CIsqrt
_CIcos
_CIsin
_CxxThrowException
_wtof
_itow
wcsrchr
wcschr
iswalpha
_ftol2_sse
_XcptFilter
_exit
_cexit
__getmainargs
wcsstr
time
strrchr
strtok
_lseek
_close
_write
_read
_open
_wtol
realloc
wcstok
_wtoi
wcsspn
_vsnwprintf
memcpy
memmove
??1type_info@@UAE@XZ
_controlfp
_ftol2
_purecall
??_U@YAPAXI@Z
__CxxFrameHandler3
??_V@YAXPAX@Z
free
memset
malloc

atl

ord57
ord18
ord21
ord16
ord23
ord20
ord32
ord30
ord43
ord44
ord58
ord45
ord27
ord26
ord31
ord50
ord51
ord60
ord10
ord17
ord11

vntdll

WinSqmEventWrite
WinSqmIsOptedIn
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
NtQuerySystemInformation
WinSqmAddToStream
WinSqmEventEnabled

ole32

CoTaskMemFree
CreateDataAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoInitializeEx
CoUninitialize
CreateBindCtx
CoResumeClassObjects
CoSuspendClassObjects
CreateOleAdviseHolder
StringFromCLSID
CoCreateInstance
ReleaseStgMedium
PropVariantClear
CoCreateGuid
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
OleInitialize
GetHGlobalFromStream
CLSIDFromString
CreateStreamOnHGlobal
CoInitialize
CLSIDFromProgID

oleaut32

LoadTypeLibEx
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayCreateVector
SysFreeString
SysStringLen
SysAllocStringLen
VariantClear
DispCallFunc
VariantChangeType
GetErrorInfo
OleCreatePropertyFrame
LoadRegTypeLi
SetErrorInfo
SysAllocString
VariantCopy
RegisterActiveObject
RevokeActiveObject
GetActiveObject
SystemTimeToVariantTime
LoadTypeLi
VariantInit
CreateErrorInfo

vcomctl32

ord345
ord412
ord413
ord410
PropertySheetW
CreatePropertySheetPageW
ord380

vgdiplus

GdipGetPropertyItem
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImageGraphicsContext
GdipCreateHatchBrush
GdipCreateTexture2
GdipSetTextureTransform
GdipCreatePathGradientFromPath
GdipSetPathGradientWrapMode
GdipSetPathGradientCenterColor
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientSigmaBlend
GdipSetPathGradientLinearBlend
GdipSetPathGradientGammaCorrection
GdipSetLineLinearBlend
GdipCreateLineBrush
GdipSetLineGammaCorrection
GdipSetLineSigmaBlend
GdipSetPathGradientPresetBlend
GdipMultiplyLineTransform
GdipSetLinePresetBlend
GdipSetPathGradientCenterPoint
GdipSetPathGradientFocusScales
GdipFillPath
GdipSetSolidFillColor
GdipSetPenCustomEndCap
GdipSetPenCustomStartCap
GdipSetCustomLineCapStrokeCaps
GdipStartPathFigure
GdipAddPathLine2
GdipCreateCustomLineCap
GdipClonePen
GdipCreatePathIter
GdipPathIterNextSubpath
GdipSetPenMode
GdipSetPenStartCap
GdipSetPenEndCap
GdipSetPenCompoundArray
GdipSetPenDashCap197819
GdipSetPenDashArray
GdipSetPenMiterLimit
GdipSetPenLineJoin
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipAddPathRectangle
GdipAddPathEllipse
GdipAddPathPath
GdipAddPathBezier
GdipClosePathFigure
GdipResetPath
GdipDeletePathIter
GdipDeleteCustomLineCap
GdipMeasureString
GdipCreateStringFormat
GdipGetPenColor
GdipTransformPath
GdipSetClipPath
GdipDrawPath
GdipDeleteMatrix
GdipDeleteStringFormat
GdipCreateBitmapFromHBITMAP
GdipCreateMatrix
GdipCreateMatrix2
GdipSetStringFormatFlags
GdipSetWorldTransform
GdipDrawString
GdipCreateImageAttributes
GdipDisposeImageAttributes
GdipCreatePen1
GdipDeletePen
GdipDeleteRegion
GdipGetImageWidth
GdipGetImageHeight
GdipSetImageAttributesColorMatrix
GdipSetPenColor
GdipSetPenDashStyle
GdipTranslateWorldTransform
GdipDrawRectangle
GdipDrawImageRectRect
GdipSetClipRect
GdipSetClipRegion
GdipGetClip
GdipIsVisibleRect
GdipSaveGraphics
GdipRestoreGraphics
GdipCreateRegion
GdipCreateFromHDC
GdipDeleteBrush
GdipImageRotateFlip
GdipCreateSolidFill
GdipDrawLine
GdipCloneBrush
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipAddPathLine
GdipAddPathArc
GdipSetPixelOffsetMode
GdipDrawRectangleI
GdipFillRectangleI
GdipDrawImageRectRectI
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipSetImageAttributesColorKeys
GdiplusStartup
GdiplusShutdown
GdipFillRectangle
GdipCreateBitmapFromHICON
GdipDeletePath
GdipDeleteFont
GdipDeleteFontFamily
GdipGetDC
GdipReleaseDC
GdipSetMatrixElements
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImagePixelFormat
GdipGetPathPoints
GdipGetPathTypes
GdipGetPointCount
GdipClonePath
GdipGetPropertyItemSize
GdipImageGetFrameCount
GdipGetImageVerticalResolution
GdipGetImageHorizontalResolution
GdipImageSelectActiveFrame
GdipGetImageRawFormat
GdipSetPageUnit
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipSetCompositingQuality
GdipSetCompositingMode
GdipBitmapSetResolution
GdipCreateHBITMAPFromBitmap
GdipCreateFont
GdipCreateFontFamilyFromName
GdipGetInterpolationMode
GdipResetWorldTransform
GdipGetCompositingQuality
GdipGetCompositingMode
GdipAddPathRectangleI
GdipCreatePath
GdipSetClipHrgn
GdipSetClipRectI
GdipRecordMetafile
GdipLoadImageFromFileICM
GdipCreateFromHWND
GdipGetVisibleClipBoundsI
GdipSetStringFormatAlign
GdipGetImageBounds
GdipGetPenWidth
GdipGetPenMode
GdipIsVisiblePathPoint
GdipWidenPath
GdipFlattenPath

shlwapi

AssocQueryStringW
ord214
PathGetDriveNumberW
PathCanonicalizeW
SHCreateStreamOnFileW
ord12
PathIsPrefixW
StrToIntExW
StrStrNIW
StrStrNW
UrlUnescapeW
PathRemoveFileSpecW
UrlEscapeW
PathFindExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathCommonPrefixW
PathIsRelativeW
PathCombineW
PathFileExistsW
ord270
PathFindFileNameW
ord9
ord8
ord10
ord7
PathCreateFromUrlW
UrlIsW
PathIsURLW
ord219

vshell32

DragFinish
DragQueryPoint
ord102
DragQueryFileW
SHCreateItemWithParent
ord2
SHGetFolderLocation
ord4
SHBrowseForFolderW
ShellExecuteExW
SHAppBarMessage
Shell_NotifyIconW
SHGetFolderPathEx
DragAcceptFiles
SHEmptyRecycleBinW
SHGetPathFromIDListW
ord155
SHGetFileInfoW
SHBindToObject
ord43
SHParseDisplayName
SHCreateItemFromIDList
SHCreateDirectoryExW
ord165
ShellExecuteW
SHFileOperationW
SHGetFolderPathAndSubDirW
CommandLineToArgvW

urlmon

URLOpenBlockingStreamW
CreateURLMoniker
CoInternetGetSession

crypt32

CryptMsgClose
CertFreeCertificateContext
CertGetNameStringW
CryptDecodeObject
CertFindCertificateInStore
CryptMsgGetParam
CryptQueryObject
CertCloseStore

sfc

SfcIsFileProtected

vdwmapi

DwmUpdateThumbnailProperties
DwmSetWindowAttribute

cryptui

CryptUIDlgViewCertificateW

msimg32

AlphaBlend

vuxtheme

IsThemeActive
SetWindowThemeAttribute
CloseThemeData
DrawThemeBackground
OpenThemeData
SetWindowTheme
DrawThemeTextEx

Exports

Exports

Microsoft_WDF_UMDF_Version

Sections

.text
Size: 628KB - Virtual size: 628KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 563KB - Virtual size: 562KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.detour
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7fcaac6692ba8614f99180c3441943dc

Headers

DLL Characteristics

File Characteristics

Imports

vadvapi32

vkernel32

gdi32

vuser32

vmsvcrt

atl

vntdll

ole32

oleaut32

vcomctl32

vgdiplus

shlwapi

vshell32

urlmon

crypt32

sfc

vdwmapi

cryptui

msimg32

vuxtheme

Exports

Exports

Sections

.text Size: 628KB - Virtual size: 628KB

.data Size: 6KB - Virtual size: 11KB

.rsrc Size: 563KB - Virtual size: 562KB

.reloc Size: 30KB - Virtual size: 30KB

.detour Size: 19KB - Virtual size: 19KB

.text
Size: 628KB - Virtual size: 628KB

.data
Size: 6KB - Virtual size: 11KB

.rsrc
Size: 563KB - Virtual size: 562KB

.reloc
Size: 30KB - Virtual size: 30KB

.detour
Size: 19KB - Virtual size: 19KB