NEAS[.]260228f509821e0af3e4085d8737f200[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.260228f509821e0af3e4085d8737f200.exe
Size

508KB
MD5

260228f509821e0af3e4085d8737f200
SHA1

d91b5be1354a9274d823d0e6279d359f42aa001c
SHA256

594e9c2ecda168805277f5e58b01dfd9db058730a61ea1eb1226e8a9e8cee20d
SHA512

2b95c450036f79e278c2e7e6f73a85336e579f4408c5afd8d8d44ae81d2a4ab0301eb2c11839788d88ddcf2e3b928c61c6771f775eb7995831e13c540428c5a8
SSDEEP

12288:C9/xHLk9TfARis0IHeS3LN8MgpT1qyAOKA90TN:C9/5Lk9TfAwsZx0T1q498

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.260228f509821e0af3e4085d8737f200.exe

Files

NEAS.260228f509821e0af3e4085d8737f200.exe
.dll windows:6 windows x86

91aa202db14b1e9ba1823918cb1f04ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

uxtheme

SetWindowTheme

kernel32

GetProcAddress
LoadLibraryA
LoadLibraryW
DeleteFileA
GetModuleFileNameA
OpenFile
GetTempPathA
GetTempFileNameA
CopyFileA
GetVolumeInformationW
WriteFile
SetNamedPipeHandleState
OpenMutexW
GetTickCount
lstrlenW
FreeLibrary
LoadLibraryExA
GetFileAttributesW
GetLongPathNameW
DecodePointer
RaiseException
InitializeCriticalSectionEx
GetVersionExW
GetTempPathW
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
ResumeThread
TerminateThread
OutputDebugStringW
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
EncodePointer
CreateMutexW
ExitThread
WaitNamedPipeW
TransactNamedPipe
GetFileType
VerifyVersionInfoW
VerSetConditionMask
GetModuleHandleExW
CreateSemaphoreA
lstrcpyW
OpenProcess
CreateProcessW
SetThreadPriority
GetCurrentThreadId
GetExitCodeProcess
FindFirstFileW
FindClose
GetSystemDirectoryA
CallNamedPipeW
FormatMessageA
LocalFree
GetCurrentProcess
GetLocalTime
QueryPerformanceCounter
SetFilePointer
CreateFileA
CreateDirectoryA
CreateFileW
GetFileSize
ReadFile
OutputDebugStringA
CloseHandle
GetLastError
GetCurrentProcessId
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
CreateFileMappingA
OpenFileMappingA
MultiByteToWideChar
WideCharToMultiByte
CreateThread
Sleep
CreateEventA
SetLastError
WaitForSingleObject
SetEvent
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection

user32

GetWindow
GetWindowThreadProcessId
EnumWindows
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
ClientToScreen
SetCursor
RemovePropA
GetPropA
SetPropA
SetPropW
PostMessageA
TranslateMessage
DispatchMessageA
ShowScrollBar
GetForegroundWindow
GetSubMenu
LoadMenuA
GetFocus
IsChild
CallWindowProcA
LoadStringW
LoadStringA
DestroyCursor
LoadCursorA
MessageBoxA
KillTimer
SetTimer
SetFocus
SystemParametersInfoA
GetClassNameA
GetWindowRect
GetClientRect
RemovePropW
GetPropW
PostMessageW
InvalidateRect
GetWindowRgn
SetWindowRgn
UpdateWindow
SendDlgItemMessageW
SendDlgItemMessageA
GetDlgItem
EndDialog
CreateDialogParamA
IsWindowVisible
SetWindowPos
ShowWindow
DestroyWindow
IsWindow
DefWindowProcA
RegisterWindowMessageA
SendMessageA
FindWindowA
CreateWindowExW
GetAncestor
wsprintfW
WaitForInputIdle
GetActiveWindow
MsgWaitForMultipleObjects
FindWindowW
GetMessageA
GetMessageW
DispatchMessageW
PostQuitMessage
IsWindowUnicode
PeekMessageA

gdi32

GetDeviceCaps
Escape
SetTextColor
SetBkColor
GetStockObject
FillRgn
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
DeleteObject
DeleteEnhMetaFile
PlayEnhMetaFile
LPtoDP
GetEnhMetaFileA

advapi32

RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
GetTokenInformation
OpenProcessToken

ole32

CoTaskMemFree
CoCreateInstance

msvcp120

?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??1?$basic_iostream@GU?$char_traits@G@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEPAV12@PAG_J@Z
?showmanyc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAEGXZ
?xsgetn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPAG_J@Z
?xsputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@MAE_JPBG_J@Z
?id@?$ctype@G@std@@2V0locale@2@A
??_7?$basic_ios@GU?$char_traits@G@std@@@std@@6B@
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@K@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAPBDH@Z
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_BADOFF@std@@3_JB
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?widen@?$ctype@G@std@@QBEGD@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??1?$basic_streambuf@GU?$char_traits@G@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?gbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEXH@Z
?_Pninc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAEPAGXZ
??1?$basic_ios@GU?$char_traits@G@std@@@std@@UAE@XZ

msvcr120

__dllonexit
_onexit
??1type_info@@UAE@XZ
_except_handler4_common
_except1
_crt_debugger_hook
__crtUnhandledException
__crtTerminateProcess
__CppXcptFilter
_amsg_exit
_malloc_crt
_initterm
_initterm_e
?terminate@@YAXXZ
__clean_type_info_names_internal
_purecall
??2@YAPAXI@Z
??3@YAXPAX@Z
memcmp
memcpy
memset
strcpy
strlen
memmove
wcslen
sprintf
_CxxThrowException
__CxxFrameHandler3
strncmp
wcsncpy_s
swprintf_s
setlocale
localeconv
tolower
strcpy_s
strcat_s
strcat
strcmp
strchr
_stricmp
_strnicmp
strncpy
strrchr
strstr
_set_invalid_parameter_handler
_itoa
free
malloc
sprintf_s
sscanf
vsprintf_s
??_V@YAXPAX@Z
fclose
fopen
fread
fseek
fwrite
_unlink
tmpfile
_mbscmp
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
calloc
memchr
towlower
fwscanf_s
_wfopen_s
wcstol
_wsplitpath_s
memcpy_s
memmove_s
wcsncmp
_wcsnicmp
_wcslwr_s
iswdigit
_waccess_s
_itow_s
_wcsicmp
_vsnprintf_s
_snwprintf
??0bad_cast@std@@QAE@PBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
_wcsdup
_vsnprintf
_wgetenv
_wtof
_wtol
_wputenv_s
wcscat_s
wcscpy_s
wcsncat_s
wcsrchr
wcsstr
wcstok_s
_time64
wcscat
_snwprintf_s
_wmakepath_s
_lock
_unlock
_calloc_crt

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

SHGetFolderPathA

Exports

Exports

NP_AcrobatProtectedInitialize
NP_ApolloEntry
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 289KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

91aa202db14b1e9ba1823918cb1f04ce

Headers

DLL Characteristics

File Characteristics

Imports

uxtheme

kernel32

user32

gdi32

advapi32

ole32

msvcp120

msvcr120

version

shell32

Exports

Exports

Sections

.text Size: 160KB - Virtual size: 160KB

.rdata Size: 48KB - Virtual size: 47KB

.data Size: 2KB - Virtual size: 12KB

.rsrc Size: 7KB - Virtual size: 7KB

.reloc Size: 289KB - Virtual size: 292KB

.text
Size: 160KB - Virtual size: 160KB

.rdata
Size: 48KB - Virtual size: 47KB

.data
Size: 2KB - Virtual size: 12KB

.rsrc
Size: 7KB - Virtual size: 7KB

.reloc
Size: 289KB - Virtual size: 292KB