NEAS[.]d4ee759900734ba015cfce479dca0910[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d4ee759900734ba015cfce479dca0910.exe
Size

504KB
MD5

d4ee759900734ba015cfce479dca0910
SHA1

88c58cd36034afa77bbeeb11225a6bc9f277c1f7
SHA256

4f07fcae51f791df5a07b8541edf35ac9337187340db24a969dfc5d59cd8818a
SHA512

e6b1b2534df2d1adceadb8a69622d41e8716d2b418a99e6cc14915e71d98850ec02417e04d16dc7e770f5ff41de5882ece57fc32b416afb56bfec723dbeca3a5
SSDEEP

6144:uY7F+ICixpp2XSbXoJis4cYvJViW31nNAe4T2CRsvT5vInU1x/uWDNzLW:uYQc12XSbXoJmJViWrA1svT5wnU1TNL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d4ee759900734ba015cfce479dca0910.exe

Files

NEAS.d4ee759900734ba015cfce479dca0910.exe
.exe windows:4 windows x86

aff805a2fbc9d882b0c956b707db6068

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GlobalFree
GlobalAlloc
GetSystemDirectoryW
FileTimeToSystemTime
SystemTimeToFileTime
GetLocalTime
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
SetFileAttributesW
GetFileAttributesW
GetVersionExW
TerminateProcess
OpenProcess
GetFileSize
RemoveDirectoryW
FindClose
FindNextFileW
FindFirstFileW
GetCurrentProcess
GetProcAddress
GetModuleHandleW
ProcessIdToSessionId
GetCurrentProcessId
VerifyVersionInfoW
VerSetConditionMask
GetCurrentThread
GetCurrentDirectoryW
LocalFileTimeToFileTime
CreateDirectoryW
SetFileTime
LocalFree
CreateMutexW
OpenFileMappingW
lstrlenA
GetSystemInfo
GetExitCodeProcess
ResetEvent
SetLastError
MoveFileW
GetTickCount
CopyFileA
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
ReadDirectoryChangesW
DeleteCriticalSection
CreateThread
InitializeCriticalSection
FileTimeToDosDateTime
FileTimeToLocalFileTime
SizeofResource
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetWindowsDirectoryW
GetCommandLineW
GetNumberOfConsoleInputEvents
PeekConsoleInputA
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
FreeLibrary
lstrcmpW
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetConsoleCtrlHandler
SetEndOfFile
GetOEMCP
GetACP
IsBadCodePtr
IsBadReadPtr
CreateFileA
FlushFileBuffers
SetStdHandle
GetCurrentThreadId
QueryPerformanceCounter
GetCPInfo
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
ReleaseMutex
InterlockedDecrement
Sleep
CreateEventW
GetLastError
LoadLibraryW
FindResourceW
LoadResource
GetTempFileNameW
LockResource
GetFileType
SetHandleCount
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
VirtualAlloc
VirtualProtect
SetUnhandledExceptionFilter
HeapSize
VirtualQuery
InterlockedExchange
GetTimeZoneInformation
ExitProcess
WriteConsoleA
LCMapStringW
LCMapStringA
GetVersionExA
GetCommandLineA
WideCharToMultiByte
lstrcatW
lstrcpyW
SetFilePointer
GetComputerNameW
GetTempPathW
GetModuleFileNameW
CreateProcessW
WaitForSingleObject
UnmapViewOfFile
CreateFileMappingW
MapViewOfFile
OpenEventW
SetEvent
HeapReAlloc
HeapFree
DeleteFileW
WritePrivateProfileStringW
WriteFile
GetProcessHeap
HeapAlloc
GetPrivateProfileIntW
GetPrivateProfileStringW
MultiByteToWideChar
CreateFileW
ReadFile
CloseHandle
OutputDebugStringW
lstrlenW
GetFileInformationByHandle
OutputDebugStringA
GetStartupInfoA
GetModuleHandleA
RaiseException
RtlUnwind
GetSystemTimeAsFileTime
LoadLibraryA

user32

BringWindowToTop
GetUserObjectInformationW
GetProcessWindowStation
MoveWindow
GetWindowRect
SetForegroundWindow
EnumWindows
IsWindowVisible
DdeDisconnect
DdeFreeStringHandle
DdeCreateDataHandle
DdeGetLastError
DdeClientTransaction
wsprintfW
DdeConnect
DdeCreateStringHandleW
DdeUninitialize
GetDesktopWindow
DdeInitializeW
CharLowerBuffW
GetWindow
MessageBoxW
GetSystemMetrics
GetWindowLongW

gdi32

StartDocW
DeleteDC
StartPage
TextOutW
SetTextColor
Rectangle
EndPage
EndDoc
CreateDCW

winspool.drv

OpenPrinterW
EnumFormsW
ClosePrinter
DeleteFormW
AddFormW
GetPrinterDriverDirectoryW
ord204
ord203
EnumPrintersW
EnumMonitorsW
DeleteMonitorW
EnumPortsW
AddPrinterDriverExW
DeletePrinterDriverW
AddPrinterW
DeletePrinter
SetPrinterDataW
GetPrinterW
GetJobW
SetPrinterW
DeviceCapabilitiesW
GetPrinterDriverW
EnumPrinterDriversW

advapi32

RegDeleteValueW
RegSetValueExW
OpenProcessToken
GetTokenInformation
EqualSid
BuildExplicitAccessWithNameW
SetEntriesInAclW
SetNamedSecurityInfoW
DuplicateTokenEx
CreateProcessAsUserW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenThreadToken
ControlService
StartServiceW
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetUserNameW
RegQueryValueExA
RegOpenKeyExA
SetTokenInformation

shell32

ShellExecuteW
SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

StringFromGUID2
CoUninitialize
CLSIDFromProgID
CoCreateInstance
OleRun
CoInitialize
CoCreateGuid

oleaut32

GetErrorInfo
SetErrorInfo
VariantInit
VariantClear
VariantChangeType
CreateErrorInfo
SysFreeString
SysAllocString

shlwapi

PathMatchSpecW
PathRemoveBlanksW
StrCmpIW
PathRemoveFileSpecW
PathAddBackslashW
PathIsFileSpecW
StrCmpNIW
PathRemoveExtensionW
StrStrIW
PathAddExtensionW
PathFindExtensionW
AssocQueryStringW
PathRemoveExtensionA
PathRemoveBlanksA
PathRemoveBackslashW
PathFindFileNameW
PathUnquoteSpacesW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupOpenAppendInfFileW
SetupSetDirectoryIdW
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupInstallFromInfSectionW
SetupTermDefaultQueueCallback

urlmon

URLDownloadToFileW

wininet

DeleteUrlCacheEntryW

Sections

.text
Size: 352KB - Virtual size: 348KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

aff805a2fbc9d882b0c956b707db6068

Headers

File Characteristics

Imports

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

ole32

oleaut32

shlwapi

userenv

version

psapi

setupapi

urlmon

wininet

Sections

.text Size: 352KB - Virtual size: 348KB

.rdata Size: 128KB - Virtual size: 126KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 4KB - Virtual size: 952B

.text
Size: 352KB - Virtual size: 348KB

.rdata
Size: 128KB - Virtual size: 126KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 4KB - Virtual size: 952B