NEAS[.]469051ea9b2a80e357270e7f46041340[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.469051ea9b2a80e357270e7f46041340.exe
Size

524KB
MD5

469051ea9b2a80e357270e7f46041340
SHA1

572edf0968b7d6946a7ac6d2814ddbbf6b352e83
SHA256

97c2e3324146d55ab6c0b00bf16c4326b509e9d693bb2ba811d7bfe56d41b39c
SHA512

4537f0806375d02649ad8ef868cbde253a215cd134b34b4dd39eaaa88d4a2baa29bfb12ec5983eb352619d6d44c8d39089318e3bc4d78a79ac07609ae66a27d9
SSDEEP

12288:xCFOE81PxBCMrF9g60lBtDO833c6gMOEYNAcX+:lCMrg60lBMe3c69YlO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.469051ea9b2a80e357270e7f46041340.exe

Files

NEAS.469051ea9b2a80e357270e7f46041340.exe
.exe windows:5 windows x86

758ebbecf70c8967979261f1f8a66244

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

Imports

user32

GetClassNameW
GetWindowLongW
GetParent
MapWindowPoints
DeferWindowPos
SetWindowLongW
EnumChildWindows
EnumDisplayDevicesW
BeginDeferWindowPos
ReleaseDC
GetClientRect
GetDC
SetWindowPos
InvalidateRect
SetCursor
EnumDisplaySettingsExW
EnumDisplaySettingsW
ChangeDisplaySettingsExW
IsWindowVisible
EnumDesktopWindows
PostMessageW
SystemParametersInfoW
GetSystemMetrics
GetWindowRect
CharPrevW
CharNextW
ExitWindowsEx
FindWindowExW
GetCursor
EndDeferWindowPos
GetDlgItem
GetWindowTextW
ChangeDisplaySettingsW
SendMessageW
OpenWindowStationW
SetProcessWindowStation
OpenDesktopW
CloseWindowStation
CloseDesktop
GetUserObjectSecurity
SetUserObjectSecurity
GetThreadDesktop
OpenInputDesktop
GetProcessWindowStation
SetThreadDesktop
GetMessageW
DispatchMessageW
TranslateMessage
UnregisterClassW
CreateWindowExW
LoadIconW
LoadCursorW
RegisterClassW
FindWindowW
DestroyWindow
DefDlgProcW
CharLowerW
wsprintfW
SetTimer
PostQuitMessage
UnregisterHotKey
RegisterHotKey
MessageBoxW
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
LoadMenuW
DestroyMenu
SetWindowTextW

advapi32

FreeSid
AllocateAndInitializeSid
RegCreateKeyExW
RegEnumValueW
CloseServiceHandle
ControlService
OpenServiceW
OpenSCManagerW
RegEnumKeyExW
RegSetKeySecurity
LogonUserW
ImpersonateLoggedOnUser
RevertToSelf
AddAccessAllowedAce
InitializeSecurityDescriptor
GetAclInformation
InitializeAcl
GetAce
AddAce
GetTokenInformation
GetLengthSid
CopySid
GetKernelObjectSecurity
GetSecurityDescriptorDacl
GetUserNameW
BuildExplicitAccessWithNameW
MakeAbsoluteSD
SetSecurityDescriptorDacl
SetKernelObjectSecurity
LookupPrivilegeValueW
AdjustTokenPrivileges
SetEntriesInAclW
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
RegCloseKey
RegQueryValueExW
RegNotifyChangeKeyValue
RegSetValueExW
RegOpenKeyExW
CreateProcessAsUserW
SetTokenInformation
DuplicateTokenEx
OpenProcessToken

wtsapi32

WTSEnumerateProcessesW
WTSFreeMemory

kernel32

GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
HeapSize
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
ReadFile
lstrcpyW
CloseHandle
ResetEvent
WaitForSingleObject
CreateEventW
OpenEventW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FreeLibrary
SetErrorMode
GetCurrentThreadId
GetStringTypeA
SetCurrentDirectoryW
lstrcmpiW
GetModuleFileNameW
TerminateThread
SetEvent
FreeConsole
GetConsoleTitleW
GetConsoleWindow
ExitProcess
SetConsoleCtrlHandler
TerminateProcess
GetLastError
GetCurrentProcess
FreeEnvironmentStringsA
Sleep
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
ResumeThread
SuspendThread
ExitThread
LocalFree
OpenProcess
Process32NextW
ProcessIdToSessionId
Process32FirstW
CreateToolhelp32Snapshot
LocalAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrcpynW
lstrlenW
WideCharToMultiByte
CreateProcessW
SetThreadLocale
GetWindowsDirectoryW
GetLocaleInfoW
lstrcatW
GetPrivateProfileStringW
GetSystemDefaultLCID
GetTickCount
LeaveCriticalSection
EnterCriticalSection
IsBadReadPtr
GetVersionExW
VerifyVersionInfoW
VerSetConditionMask
GetSystemDirectoryW
lstrcmpW
CreateFileA
GetACP
FlushFileBuffers
GetCPInfo
SetLastError
InterlockedIncrement
TlsFree
GetModuleFileNameA
GetStdHandle
WriteFile
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
IsValidCodePage
WTSGetActiveConsoleSessionId
GetOEMCP
TlsSetValue
TlsAlloc
TlsGetValue
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedDecrement
GetCommandLineA
RaiseException
RtlUnwind
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateThread
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
LoadLibraryA

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

psapi

EnumProcessModules
GetModuleBaseNameW

shlwapi

StrStrIW

gdi32

DeleteDC
CreateDCW
ExtEscape
GetObjectW
GetStockObject
CreateFontIndirectW
SelectObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetDeviceCaps

ole32

CoInitialize
CoCreateInstance
CoUninitialize

shell32

ord680
FindExecutableW
ShellExecuteW

setupapi

SetupDiSetClassInstallParamsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiClassGuidsFromNameW
SetupDiChangeState
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4096.0MB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

758ebbecf70c8967979261f1f8a66244

Headers

DLL Characteristics

File Characteristics

Imports

user32

advapi32

wtsapi32

kernel32

version

psapi

shlwapi

gdi32

ole32

shell32

setupapi

Sections

.text Size: 245KB - Virtual size: 245KB

.rdata Size: 33KB - Virtual size: 32KB

.data Size: 4096.0MB - Virtual size: 80KB

.rsrc Size: 227KB - Virtual size: 227KB

.text
Size: 245KB - Virtual size: 245KB

.rdata
Size: 33KB - Virtual size: 32KB

.data
Size: 4096.0MB - Virtual size: 80KB

.rsrc
Size: 227KB - Virtual size: 227KB