NEAS[.]68f99a8ad6aec5e47b8e6a33808541a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.68f99a8ad6aec5e47b8e6a33808541a0.exe
Size

2.8MB
MD5

68f99a8ad6aec5e47b8e6a33808541a0
SHA1

81a405974deca4a4876f4acad385e0b7fcccbd8b
SHA256

b81a327a62b7c0a06a586b58af331c5d118f5bd7bc74d27ec06d44186683d108
SHA512

64fc1db5dbc85360393ca45125c4ccc3d941e8d19e5d1ff543ef9b0a21131466dbab5475f209653df8df18636045e55f283ba7041750922744af99f1f8589541
SSDEEP

49152:6tXWcWq47N3WP//DBsmhzBlhggkXuEYtepV+TgiztP:6tt47N3WPDxhgRuEYteb0ZP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.68f99a8ad6aec5e47b8e6a33808541a0.exe

Files

NEAS.68f99a8ad6aec5e47b8e6a33808541a0.exe
.exe windows:4 windows x86

8d513746099265a6499be8edeafecfac

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesW
FormatMessageA
InterlockedExchangeAdd
WideCharToMultiByte
MultiByteToWideChar
SetUnhandledExceptionFilter
VirtualQuery
GetModuleFileNameA
MulDiv
Sleep
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalMemoryStatus
GetVersionExA
GetFullPathNameA
CreateEventA
SetEvent
WaitForSingleObject
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TerminateThread
SuspendThread
GetCurrentThread
SetThreadPriority
CreateThread
GlobalFree
GetWindowsDirectoryA
GetCurrentDirectoryA
RtlUnwind
RaiseException
GetStartupInfoA
GetCommandLineA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ExitProcess
TerminateProcess
GetCurrentProcess
GetSystemTimeAsFileTime
HeapAlloc
SetEndOfFile
SetFilePointer
GetCurrentDirectoryW
GetFullPathNameW
SetStdHandle
GetFileType
FlushFileBuffers
GetFileAttributesW
DeleteFileW
RemoveDirectoryW
DeleteFileA
MoveFileA
SetLastError
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
LCMapStringA
LCMapStringW
WriteFile
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
HeapDestroy
HeapCreate
VirtualFree
GetTimeZoneInformation
ReadFile
IsBadWritePtr
CompareStringA
CompareStringW
InterlockedExchange
IsBadReadPtr
IsBadCodePtr
GetACP
GetOEMCP
GetCPInfo
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
QueryPerformanceCounter
GetTickCount
SetEnvironmentVariableA
lstrlenA
FindFirstFileW
FindClose
GetDriveTypeW
TlsFree
TlsAlloc
TlsSetValue
TlsGetValue
LocalAlloc
LocalFree
GetCurrentThreadId
CreateFileA
CloseHandle
LoadResource
SizeofResource
LockResource
FindResourceA
GetLastError
GetModuleHandleA
GetFileAttributesA
SetFileAttributesA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
FreeLibrary
InterlockedIncrement
HeapFree
InterlockedDecrement

user32

GetMenuItemCount
GetSystemMetrics
DrawTextA
DrawEdge
CopyRect
InflateRect
GetSysColorBrush
TrackPopupMenuEx
OffsetRect
FillRect
RemoveMenu
DestroyMenu
CreateMenu
CreatePopupMenu
EnableWindow
GetDlgItemTextA
SetWindowPos
GetDlgItemInt
CallNextHookEx
GetActiveWindow
UnhookWindowsHookEx
SetWindowsHookExA
SetTimer
KillTimer
SetDlgItemInt
MessageBeep
CheckDlgButton
GetKeyState
CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
UnregisterClassA
CreateCursor
SetFocus
GetWindowTextLengthA
InsertMenuItemA
DialogBoxIndirectParamA
GetClientRect
SetRect
InvalidateRect
DestroyWindow
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
SetWindowTextA
SetForegroundWindow
SetMenu
IsWindow
GetWindowRect
GetDesktopWindow
ClientToScreen
BeginPaint
PostMessageA
UpdateWindow
GetWindowTextA
EndPaint
LoadBitmapA
CreateWindowExA
ShowWindow
LoadCursorA
RegisterClassExA
MessageBoxA
LoadAcceleratorsA
LoadIconA
FindWindowA
GetWindowThreadProcessId
SetRectEmpty
SystemParametersInfoA
MoveWindow
GetMenuItemInfoA
LoadStringA
DialogBoxParamA
GetParent
GetDlgItem
GetSysColor
GetSystemMenu
EndDialog
SetCursor
SendMessageA
SetDlgItemTextA
GetDC
ReleaseDC
ScreenToClient
SendDlgItemMessageA
GetClassInfoA
RegisterClassA
GetWindowLongA
PostQuitMessage
SetWindowLongA
EnableMenuItem
DefWindowProcA

advapi32

RegDeleteValueA
RegDeleteKeyA
RegQueryInfoKeyA
RegFlushKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegEnumValueA
CryptAcquireContextA
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
RegSetKeySecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegGetKeySecurity
RegOpenKeyExA
RegCreateKeyExA

comctl32

ImageList_GetIconSize
ImageList_Draw
InitCommonControlsEx
ImageList_Create
ImageList_ReplaceIcon
ImageList_Destroy
PropertySheetA

gdi32

GetDeviceCaps
CreateBitmap
PatBlt
SetBkColor
SetTextColor
SetBkMode
CreateSolidBrush
GetTextExtentPoint32A
GetStockObject
CreateFontIndirectA
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
DeleteObject
GetObjectA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA
SHGetMalloc

ole32

CLSIDFromString
StgIsStorageFile
StgIsStorageILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
StgOpenStorage
StgOpenStorageOnILockBytes
StgCreateDocfile
StgCreateDocfileOnILockBytes
CoInitialize
OleInitialize
OleUninitialize
CoUninitialize
CoCreateInstance
ReleaseStgMedium

oleaut32

SysFreeString
SysStringByteLen
VariantInit
SysAllocString
VariantClear
SafeArrayPutElement
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayCreateVector
GetErrorInfo
SysAllocStringByteLen

ws2_32

__WSAFDIsSet
socket
WSAGetLastError
connect
htons
shutdown
send
recv
closesocket
htonl
WSACleanup
WSAStartup
select
ioctlsocket

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CONST
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_TEXT
Size: 524KB - Virtual size: 521KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

xdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_BSS
Size: - Virtual size: 48B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 900KB - Virtual size: 899KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8d513746099265a6499be8edeafecfac

Headers

File Characteristics

Imports

kernel32

user32

advapi32

comctl32

gdi32

comdlg32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

CONST Size: 8KB - Virtual size: 7KB

_TEXT Size: 524KB - Virtual size: 521KB

xdata Size: 24KB - Virtual size: 22KB

text Size: 24KB - Virtual size: 22KB

_BSS Size: - Virtual size: 48B

.rdata Size: 900KB - Virtual size: 899KB

.data Size: 16KB - Virtual size: 97KB

_DATA Size: 4KB - Virtual size: 3KB

.rsrc Size: 160KB - Virtual size: 158KB

.text
Size: 1.2MB - Virtual size: 1.2MB

CONST
Size: 8KB - Virtual size: 7KB

_TEXT
Size: 524KB - Virtual size: 521KB

xdata
Size: 24KB - Virtual size: 22KB

text
Size: 24KB - Virtual size: 22KB

_BSS
Size: - Virtual size: 48B

.rdata
Size: 900KB - Virtual size: 899KB

.data
Size: 16KB - Virtual size: 97KB

_DATA
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 160KB - Virtual size: 158KB