NEAS[.]e070c8eccbffed0b088af8eac7588560[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e070c8eccbffed0b088af8eac7588560.exe
Size

2.0MB
MD5

e070c8eccbffed0b088af8eac7588560
SHA1

2a9257028213887ee0624470ee5a7c12bf4c7597
SHA256

ba11f88769459b50f76289cfbe6648cb3c7b6c70db2bf0563c1e90d54c1f871d
SHA512

0c034f2796576f47d2cb60046ce9506ff45a57a9808ba37a63300e0d92d792c043b40a0800f39ccd4f8ef3f236d11100fcc3376e668fc4a6a35dcaa378ac35bf
SSDEEP

49152:TBzLtyZ1eBhp9iJ6D13sJKyXHW6cnwWN4Rxkcq5:LWEYxkN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e070c8eccbffed0b088af8eac7588560.exe

Files

NEAS.e070c8eccbffed0b088af8eac7588560.exe
.exe windows:6 windows x64

002131d9723343505540931ffe5b9c89

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFirmwareEnvironmentVariableA
GetFirmwareType
InitializeCriticalSectionEx
DeleteCriticalSection
FormatMessageA
LocalFree
FreeLibrary
VerifyVersionInfoW
SetFileCompletionNotificationModes
CloseThreadpoolIo
CancelThreadpoolIo
StartThreadpoolIo
CreateThreadpoolIo
GetOverlappedResult
WriteFile
ReadFile
CreateFileW
FormatMessageW
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetCurrentProcessId
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
InitOnceComplete
InitOnceBeginInitialize
GetLocaleInfoEx
QueryPerformanceCounter
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetTickCount64
TerminateProcess
ExitProcess
GetCurrentProcess
WaitForSingleObject
GetLastError
CloseHandle
GetFileAttributesA
FindNextFileA
FindFirstFileA
GetCurrentThread
Sleep
GetUserDefaultLocaleName
ExpandEnvironmentStringsA
LoadLibraryA
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetModuleFileNameA
GetFileSizeEx
FindClose

user32

ShowWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
UnregisterClassA
PostQuitMessage
DefWindowProcA
PeekMessageA
DispatchMessageA
TranslateMessage
LoadCursorA
ScreenToClient
ClientToScreen
GetCursorPos
SetCursor
SetCursorPos
GetSystemMetrics
GetForegroundWindow
IsWindowUnicode
ReleaseCapture
SetCapture
GetCapture
GetKeyState
GetMessageExtraInfo
TrackMouseEvent
EmptyClipboard
GetClipboardData
UpdateWindow
MoveWindow
LoadIconA
RegisterClassExA
CreateWindowExA
OpenClipboard
GetWindowRect
GetClientRect
SetClipboardData
CloseClipboard

advapi32

RegQueryValueExA
AdjustTokenPrivileges
RegGetValueA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
RegOpenKeyExA
RegCloseKey
LookupPrivilegeValueA

shell32

ShellExecuteExA

msvcp140

?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
?_Random_device@std@@YAIXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?uncaught_exceptions@std@@YAHXZ
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
_Thrd_detach
_Cnd_do_broadcast_at_thread_exit
?_Throw_C_error@std@@YAXH@Z
?_Throw_Cpp_error@std@@YAXH@Z
?_Xinvalid_argument@std@@YAXPEBD@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
?__ExceptionPtrCopyException@@YAXPEAXPEBX1@Z
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_wait
_Cnd_broadcast
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Xbad_function_call@std@@YAXXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Assign@_ContextCallback@details@Concurrency@@AEAAXPEAX@Z
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
??0task_continuation_context@Concurrency@@AEAA@XZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Syserror_map@std@@YAPEBDH@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xbad_alloc@std@@YAXXZ
?_Winerror_map@std@@YAHH@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?classic@locale@std@@SAAEBV12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEA_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?__ExceptionPtrCompare@@YA_NPEBX0@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??5?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@AEAH@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

concrt140

?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QEAAXXZ
??0_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QEAA@XZ

imm32

ImmReleaseContext
ImmSetCompositionWindow
ImmSetCandidateWindow
ImmGetContext

d3dcompiler_43

D3DCompile

crypt32

CertFreeCertificateChain
CertGetCertificateChain
CertFreeCertificateContext
CryptUnprotectMemory
CertVerifyCertificateChainPolicy

bcrypt

BCryptCreateHash
BCryptCloseAlgorithmProvider
BCryptHashData
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash

winhttp

WinHttpOpenRequest
WinHttpSetTimeouts
WinHttpQueryOption
WinHttpQueryDataAvailable
WinHttpWriteData
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl

d3d11

D3D11CreateDeviceAndSwapChain

tbs

Tbsi_GetDeviceInfo

vcruntime140

__std_terminate
__std_exception_copy
__std_exception_destroy
_CxxThrowException
memchr
memcmp
memcpy
memmove
memset
strstr
_purecall
__C_specific_handler
__current_exception
__current_exception_context

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
abort
_beginthreadex
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_configure_narrow_argv
_seh_filter_exe
_set_app_type
terminate
_register_thread_local_exe_atexit_callback
_get_narrow_winmain_command_line
_initterm
_c_exit
_initterm_e
_exit
exit

api-ms-win-crt-string-l1-1-0

iswspace
strncpy
wcsnlen
isalpha
isdigit
strncpy_s
strcat_s
strcpy_s
strnlen
strcmp
strncmp

api-ms-win-crt-stdio-l1-1-0

feof
ferror
__p__commode
__stdio_common_vswprintf_s
__acrt_iob_func
fclose
fwrite
_get_stream_buffer_pointers
fflush
fgetc
_set_fmode
fgetpos
__stdio_common_vsscanf
__stdio_common_vsprintf
__stdio_common_vfprintf
ftell
fseek
_wfopen
fputc
fread
fsetpos
_fseeki64
__stdio_common_vsprintf_s
__stdio_common_vsnwprintf_s
ungetc
setvbuf

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
realloc
malloc

api-ms-win-crt-convert-l1-1-0

_ui64tow_s
strtol
wcstombs_s
atoi
_i64tow_s
_i64toa_s
_ui64toa_s
wcstol
_wcstod_l

api-ms-win-crt-filesystem-l1-1-0

_access_s
_access
_lock_file
remove
_mkdir
_unlock_file

api-ms-win-crt-time-l1-1-0

_localtime64
_localtime64_s
strftime
_time64

api-ms-win-crt-math-l1-1-0

ldexp
powf
__setusermatherr
acosf
sinf
cosf
sqrtf
fmodf
ceilf

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-locale-l1-1-0

_free_locale
_configthreadlocale
__pctype_func
_create_locale

Sections

.text
Size: 874KB - Virtual size: 874KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 874KB - Virtual size: 877KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

002131d9723343505540931ffe5b9c89

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

msvcp140

concrt140

imm32

d3dcompiler_43

crypt32

bcrypt

winhttp

d3d11

tbs

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 874KB - Virtual size: 874KB

.rdata Size: 226KB - Virtual size: 226KB

.data Size: 874KB - Virtual size: 877KB

.pdata Size: 42KB - Virtual size: 42KB

.rsrc Size: 512B - Virtual size: 488B

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 874KB - Virtual size: 874KB

.rdata
Size: 226KB - Virtual size: 226KB

.data
Size: 874KB - Virtual size: 877KB

.pdata
Size: 42KB - Virtual size: 42KB

.rsrc
Size: 512B - Virtual size: 488B

.reloc
Size: 7KB - Virtual size: 6KB