NEAS[.]1ee5e510ac376b8151ac26cd4e1ab2d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1ee5e510ac376b8151ac26cd4e1ab2d0.exe
Size

1.6MB
MD5

1ee5e510ac376b8151ac26cd4e1ab2d0
SHA1

e571e68bef92d2054e6d973e0bb4d2dffaf5c5f5
SHA256

8c10b28d8eaff27288d0b7b7dadf2c87ad9f4668f85e46942183fdde27198489
SHA512

1abe571ea80df1c6d2b4b707d4a6cc98dc63ef532fcf168eef61977489d06e93c176a75a8bdb1e4244e54c4a3964e89c811b9b0a295485a6ae26ddb97d2fc87b
SSDEEP

24576:1hByZW/rPbGnpw4vG2xIjKS3XIn3YsyKS8oopooIz3b3YVxSoLhXgG6yCTjSb:XBmWLiw4txIjKg4n5JSlYVxSoLRHCT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1ee5e510ac376b8151ac26cd4e1ab2d0.exe

Files

NEAS.1ee5e510ac376b8151ac26cd4e1ab2d0.exe
.dll windows:6 windows x86

4ae2e7523249f9fd0a780f033456f22a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
CreateThread
ReleaseSemaphore
CreateSemaphoreA
GetSystemTime
GetModuleFileNameW
SystemTimeToFileTime
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
GetProfileStringA
CreateDirectoryW
MultiByteToWideChar
CreateFileW
DeleteFileW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
GetFileAttributesW
ReadFile
SetFilePointerEx
WriteFile
GetLastError
MoveFileExW
FileTimeToSystemTime
WideCharToMultiByte
IsValidCodePage
GetACP
Sleep
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThreadId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
VerifyVersionInfoW
GetSystemInfo
IsProcessorFeaturePresent
FindClose
VerSetConditionMask
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

user32

LoadStringA

gdi32

GetICMProfileW
DeleteDC
CreateDCW
CreateDCA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathW

ole32

CoCreateInstance

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

vcruntime140

__current_exception
strstr
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
memcmp
wcsstr
_purecall
memmove
__current_exception_context
__std_exception_destroy
__std_exception_copy
memset
memcpy
__RTDynamicCast
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

fabs
pow
log10
log2
sqrt
log
_fdsign

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm_e
_invalid_parameter_noinfo
_errno
_initterm
terminate
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcat
wcstok_s
wcscmp
strcmp
strlen
strnlen
towupper
strcpy

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ACEGetVersion
ACEHasFeature
ACEInitDelayed
ACEInitialize
ACEInitializeEx
ACETerminate

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 516KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ae2e7523249f9fd0a780f033456f22a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 850KB - Virtual size: 850KB

.rdata Size: 250KB - Virtual size: 249KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 516KB - Virtual size: 520KB

.text
Size: 850KB - Virtual size: 850KB

.rdata
Size: 250KB - Virtual size: 249KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 516KB - Virtual size: 520KB