NEAS[.]1e7e162e4a29d3185769e78bc1107740[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1e7e162e4a29d3185769e78bc1107740.exe
Size

5.2MB
MD5

1e7e162e4a29d3185769e78bc1107740
SHA1

f8be1251b9392d0028b768fb060c519711d04ead
SHA256

835a838ab9851f664501ee12fcc3217c46a35a3c37c91b77e385ddbafb68e090
SHA512

7a9d3cee5034f16a94db9a7ffac84ef73070fd8355ca09bb36e16e24883427d7f42a01bedfa0a1ffec504a7074b46f340eda176033e9bd1488bc9f4ae44dac34
SSDEEP

49152:zdfzpOHCS4r3iJrgVgcAhNz4gsQJ+mBE/Jjg+ZRyWrLNA8naLTGfvFGy:zZPiJrgVgcAhNz4gsQJ7EcMnaGFx

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1e7e162e4a29d3185769e78bc1107740.exe

Files

NEAS.1e7e162e4a29d3185769e78bc1107740.exe
.exe windows:4 windows x86

e5d6b6e075be212d66ffa5f60b97fd7a

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

soundlib

CreateSoundLib

winmm

timeGetTime

ss3dgfunc

_CalcDistance@8
_MatrixMultiply2@12
_TransformV3TOV4@16
_SetInverseMatrix@8
_CrossProduct@12
_COLORtoDWORD@16
_TransformVector3_VPTR2@16
_Normalize@8
_VECTOR3_MULEQU_FLOAT@8
_VECTOR3_ADD_VECTOR3@12
_VECTOR3Length@4
_WriteTGA@24
_RotatePositionWithPivot@24
_SetRotationXMatrix@8
_SetRotationYMatrix@8

wsock32

inet_addr
gethostbyname
gethostname
WSAGetLastError

dinput8

DirectInput8Create

wininet

InternetReadFile
InternetCloseHandle
InternetQueryDataAvailable
HttpSendRequestA
InternetOpenA
InternetConnectA
HttpOpenRequestA

kernel32

InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InitializeCriticalSection
GetTimeZoneInformation
SetEndOfFile
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
DeleteCriticalSection
EnterCriticalSection
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
GetLocaleInfoA
GetDateFormatA
GetTimeFormatA
GetStringTypeW
FindClose
FindNextFileA
DeleteFileA
RemoveDirectoryA
FindFirstFileA
CreateDirectoryA
CloseHandle
GetLastError
CreateFileMappingA
FileTimeToSystemTime
GetCurrentDirectoryA
GetWindowsDirectoryA
SetUnhandledExceptionFilter
lstrcpynA
GetModuleFileNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateFileA
lstrcatA
GetProcAddress
LoadLibraryA
lstrcpyA
FormatMessageA
GetModuleHandleA
IsBadReadPtr
GetTickCount
Sleep
GetLocalTime
IsDBCSLeadByte
lstrlenA
MulDiv
OutputDebugStringA
Process32Next
LeaveCriticalSection
CreateToolhelp32Snapshot
ReadFile
WriteFile
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetSystemTime
WritePrivateProfileStringA
GetPrivateProfileStringA
GetFileSize
GetSystemDefaultLangID
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
FreeLibrary
OpenFile
lstrcmpA
SetCurrentDirectoryA
GetStringTypeA
SetStdHandle
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
QueryPerformanceCounter
LCMapStringW
SetFilePointer
GetConsoleMode
GetConsoleCP
OutputDebugStringW
VirtualQuery
LoadLibraryW
SetConsoleCtrlHandler
GetCPInfo
GetOEMCP
GetACP
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
HeapReAlloc
GetModuleFileNameW
FatalAppExitA
SetHandleCount
GetCurrentThread
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineA
UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
RtlUnwind
RaiseException
CompareStringA
CompareStringW
HeapValidate
Process32First
SetEnvironmentVariableA
WriteConsoleW
GetFileType
DebugBreak
GetStdHandle
GetSystemTimeAsFileTime

user32

CreateWindowExA
CallNextHookEx
ShowWindow
IsWindowVisible
GetAsyncKeyState
SetCapture
ReleaseCapture
GetCursorPos
ScreenToClient
IsClipboardFormatAvailable
GetClipboardData
GetActiveWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
CharPrevA
CharNextA
GetDC
ReleaseDC
OffsetRect
LoadCursorFromFileA
CopyRect
GetClientRect
SendMessageA
SetRect
PostMessageA
EndDialog
DefWindowProcA
GetSystemMetrics
SetCursor
UpdateWindow
ShowCursor
LoadIconA
RegisterClassExA
MessageBoxA
PeekMessageA
TranslateMessage
DispatchMessageA
wsprintfA
UnhookWindowsHookEx
SetWindowsHookExA

gdi32

GetStockObject
DeleteObject
CreateFontIndirectA
GetTextExtentPoint32A
SelectObject
GetDeviceCaps

shell32

ShellExecuteA

ole32

CoInitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance

freeimage

_FreeImage_GetBits@4
_FreeImage_Load@12
_FreeImage_SaveJPEG@12
_FreeImage_Unload@4
_FreeImage_GetInfo@4
_FreeImage_ConvertTo16Bits565@4

shlwapi

StrStrIA

Sections

.textbss
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 380KB - Virtual size: 379KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 792KB - Virtual size: 1022KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5d6b6e075be212d66ffa5f60b97fd7a

Headers

File Characteristics

Imports

soundlib

winmm

ss3dgfunc

wsock32

dinput8

wininet

kernel32

user32

gdi32

shell32

ole32

freeimage

shlwapi

Sections

.textbss Size: - Virtual size: 1.9MB

.text Size: 3.9MB - Virtual size: 3.9MB

.rdata Size: 380KB - Virtual size: 379KB

.data Size: 792KB - Virtual size: 1022KB

.idata Size: 12KB - Virtual size: 8KB

.rsrc Size: 124KB - Virtual size: 122KB

.textbss
Size: - Virtual size: 1.9MB

.text
Size: 3.9MB - Virtual size: 3.9MB

.rdata
Size: 380KB - Virtual size: 379KB

.data
Size: 792KB - Virtual size: 1022KB

.idata
Size: 12KB - Virtual size: 8KB

.rsrc
Size: 124KB - Virtual size: 122KB