NEAS[.]1bd41c386083a143ddff72b53fc0e8c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1bd41c386083a143ddff72b53fc0e8c0.exe
Size

2.9MB
MD5

1bd41c386083a143ddff72b53fc0e8c0
SHA1

a3bf318570c60494e3079091d6984bbf5fa10082
SHA256

6d13167b5b519d30c29b57b3fbe253586529b2a79344cb520fef8d905a2bdea0
SHA512

e176a86e84171fe03a127372e98f5c03096b72ddd8fe29364e2207ce86848083a5c880fc7c1d77ba8261e5d2a80dafbf88646b9804d2b508ccd6af4586c3c1d4
SSDEEP

49152:jA8t9MCefW2x/9c2dJO4qS0QRg39bwf+4KuZVQRL1Y0YaOZit2Vf/Qk7aBa:c8bMCsl/9NvOfS06gNbiKMCS08Zs2VAy

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1bd41c386083a143ddff72b53fc0e8c0.exe

Files

NEAS.1bd41c386083a143ddff72b53fc0e8c0.exe
.dll windows:5 windows x86

99a1f0e2f1acd70793fd06b56e2fd3e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

HttpEndRequestW

iphlpapi

NhpAllocateAndGetInterfaceInfoFromStack
IcmpSendEcho2

oleaut32

SafeArrayUnlock
VarBstrCat

ntdsapi

DsCrackNamesW

shlwapi

ColorHLSToRGB

shell32

SHBrowseForFolderW

winmm

timeGetDevCaps

ole32

CoIsHandlerConnected
CoCreateFreeThreadedMarshaler
CLIPFORMAT_UserMarshal
STGMEDIUM_UserFree
CoCancelCall

winspool.drv

EnumPrinterKeyW

gdi32

SetICMProfileA
CreateCompatibleBitmap
GetGraphicsMode
DPtoLP

user32

GetKeyNameTextA
GetUpdateRgn
CreateWindowExA
VkKeyScanW
GetCaretBlinkTime
MonitorFromWindow
LockSetForegroundWindow
keybd_event
GetMessageExtraInfo
PaintDesktop
PostQuitMessage
LoadAcceleratorsW

advapi32

GetEffectiveRightsFromAclW

crypt32

CryptSIPGetSignedDataMsg

ws2_32

select

rpcrt4

RpcUserFree
I_RpcReceive
I_RpcFree
I_RpcFreeBuffer

msvcrt

iswpunct
putc

secur32

DecryptMessage

wintrust

CryptCATHandleFromStore
IsCatalogFile

mprapi

MprAdminServerDisconnect

kernel32

GetThreadTimes
GetMailslotInfo
SetConsoleWindowInfo
SetHandleInformation
LocalFlags
EnterCriticalSection
GetBinaryTypeA
GetModuleFileNameA
GetProcAddress
WaitForSingleObjectEx
DeleteCriticalSection
CancelIo
GetModuleFileNameW
GetModuleHandleA
LoadLibraryA
InterlockedPushEntrySList
GetExitCodeProcess
MapViewOfFileEx
GetSystemDefaultUILanguage

esent

JetCommitTransaction

setupapi

SetupDiGetDriverInfoDetailA
CM_Reenumerate_DevNode
SetupPrepareQueueForRestoreW

Exports

Exports

TaretxopnnevnNtitx

Sections

.text
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2*s+PkG
Size: 568KB - Virtual size: 564KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

5QwK*98
Size: 336KB - Virtual size: 334KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

dkx
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

7Hoy
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H
Size: 196KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99a1f0e2f1acd70793fd06b56e2fd3e1

Headers

File Characteristics

Imports

wininet

iphlpapi

oleaut32

ntdsapi

shlwapi

shell32

winmm

ole32

winspool.drv

gdi32

user32

advapi32

crypt32

ws2_32

rpcrt4

msvcrt

secur32

wintrust

mprapi

kernel32

esent

setupapi

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 44KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 1.3MB - Virtual size: 1.3MB

2*s+PkG Size: 568KB - Virtual size: 564KB

5QwK*98 Size: 336KB - Virtual size: 334KB

dkx Size: 100KB - Virtual size: 96KB

7Hoy Size: 320KB - Virtual size: 318KB

H Size: 196KB - Virtual size: 193KB

.rsrc Size: 4KB - Virtual size: 880B

.reloc Size: 68KB - Virtual size: 66KB

.text
Size: 48KB - Virtual size: 44KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 1.3MB - Virtual size: 1.3MB

2*s+PkG
Size: 568KB - Virtual size: 564KB

5QwK*98
Size: 336KB - Virtual size: 334KB

dkx
Size: 100KB - Virtual size: 96KB

7Hoy
Size: 320KB - Virtual size: 318KB

H
Size: 196KB - Virtual size: 193KB

.rsrc
Size: 4KB - Virtual size: 880B

.reloc
Size: 68KB - Virtual size: 66KB