NEAS[.]2f7e8ac72c1d2ecf7a9eec643f8bee70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2f7e8ac72c1d2ecf7a9eec643f8bee70.exe
Size

372KB
MD5

2f7e8ac72c1d2ecf7a9eec643f8bee70
SHA1

f643111e78a0f65e97e158f19795be58c8acd4d4
SHA256

07dd86b0355dde492f2b933300724c4eb81796c6996d35b96f3aeae954d3173a
SHA512

224f8137c2840de755dce22a092199555007c878b79cfc6a6cf544f36e8e6050a0472e081ac6064d0451c926a437a17e937162e2223f2e813093304f97c2f23d
SSDEEP

6144:jOj8/0472Uh4APIYYC3+xvf0AJrt2sxromaLYl3HyuDY5yHdzqHwIv53iF5tIy/6:j72uTPIYYdLJrt9rAYlC1yHFqHzvd6/6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2f7e8ac72c1d2ecf7a9eec643f8bee70.exe

Files

NEAS.2f7e8ac72c1d2ecf7a9eec643f8bee70.exe
.exe windows:6 windows x86

dbd06c37dbc55dad69a14ffe277b2d66

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
WriteFile
CloseHandle
GetLastError
SetNamedPipeHandleState
OpenMutexW
Sleep
GetTickCount
lstrlenW
OutputDebugStringA
RaiseException
SetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
FindResourceExW
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadResource
LockResource
SizeofResource
FindResourceW
LoadLibraryW
MultiByteToWideChar
GetCurrentProcessId
GetVolumeInformationW
LoadLibraryA
WideCharToMultiByte
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileW
FindClose
FindFirstFileW
GetTempFileNameW
GetTempPathW
CreateProcessW
MoveFileW
VerSetConditionMask
HeapSetInformation
GetCurrentProcess
ExitProcess
CreateThread
TerminateThread
SetDllDirectoryW
VerifyVersionInfoW
CreateFileW
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FreeLibrary
OutputDebugStringW

user32

DdeGetLastError
DdeClientTransaction
DdeDisconnect
DdeConnect
DdeUninitialize
DdeCreateStringHandleW
DdeFreeStringHandle
MessageBoxW
TranslateMessage
DispatchMessageW
SetTimer
KillTimer
DdeInitializeW
CreateWindowExW
RegisterClassExW
DefWindowProcW
PostMessageW
RegisterWindowMessageW
GetMessageW
DestroyWindow

advapi32

RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExA
RegQueryValueExW
RegCloseKey

shell32

ShellExecuteW
ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize

msvcp140

?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?_Xlength_error@std@@YAXPBD@Z
?uncaught_exception@std@@YA_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sputn@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAE_JPBG_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@GU?$char_traits@G@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
??6?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?wcout@std@@3V?$basic_ostream@GU?$char_traits@G@std@@@1@A
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBGHH@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ

vcruntime140

__std_exception_copy
memset
_CxxThrowException
_except_handler4_common
__std_exception_destroy
__CxxFrameHandler3
memmove
memchr
__std_terminate
memcpy

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_invalid_parameter_noinfo_noreturn
_errno
_controlfp_s
terminate
_register_thread_local_exe_atexit_callback
_c_exit
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
__p___wargv
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
__p___argc
exit
_exit
_invalid_parameter_noinfo

api-ms-win-crt-string-l1-1-0

_wcslwr
isspace
isxdigit
isdigit
strlen
wcscpy_s
wcscat_s
_wcsicmp
wcsncpy
wcsnlen
wcsncpy_s
wcsncat_s
wmemcpy_s

api-ms-win-crt-heap-l1-1-0

_callnewh
_get_heap_handle
free
malloc
_set_new_mode

api-ms-win-crt-stdio-l1-1-0

fputc
fsetpos
_fseeki64
fgetpos
fgetc
_setmode
fflush
fwrite
ungetc
_get_stream_buffer_pointers
getchar
__p__commode
fclose
_wfopen_s
__acrt_iob_func
_fileno
_set_fmode
setvbuf

api-ms-win-crt-filesystem-l1-1-0

_wsplitpath_s
_waccess_s
_waccess
_lock_file
_unlock_file

api-ms-win-crt-convert-l1-1-0

_itoa_s
_itow_s

api-ms-win-crt-math-l1-1-0

pow
_except1
__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 235KB - Virtual size: 236KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbd06c37dbc55dad69a14ffe277b2d66

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 23KB - Virtual size: 22KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 35KB - Virtual size: 34KB

.reloc Size: 235KB - Virtual size: 236KB

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 23KB - Virtual size: 22KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 35KB - Virtual size: 34KB

.reloc
Size: 235KB - Virtual size: 236KB