NEAS[.]6b27d52c11e6fb06ab7ef41c78e84c50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6b27d52c11e6fb06ab7ef41c78e84c50.exe
Size

1.9MB
MD5

6b27d52c11e6fb06ab7ef41c78e84c50
SHA1

3b5415989c0bb631233fddb7f858a7b1ff3d48fc
SHA256

29cb3264315fc5fe17b27d1f07469f262ba8e55d1462db9082b33ea73c337e7b
SHA512

6d0c7f3c031741df7e060dfa533ff4008ec7151d572d72cce209884d744bf591ed3dcafc60ce8ad6f607a4a80a221a56db73a3a7833464d57bebb553a62b49a1
SSDEEP

24576:Zfj+mQXQTJ0W+vP0I1anQIGhpdK/i22DgM5gkb00HdBrXSA6tII1+6gvEtRMu:dKmQXQTJ0bVAK3bKEPVEtR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6b27d52c11e6fb06ab7ef41c78e84c50.exe

Files

NEAS.6b27d52c11e6fb06ab7ef41c78e84c50.exe
.exe windows:5 windows x86

0bb2e3aa5855b3cb8268900cf0a426c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExW
MoveFileW
SetFileAttributesW
OutputDebugStringW
CreateEventW
GlobalFree
GetTickCount
LoadLibraryW
LocalFree
TerminateProcess
GetSystemDefaultLangID
GetQueuedCompletionStatus
RaiseException
InterlockedExchange
ResetEvent
PostQueuedCompletionStatus
GetSystemInfo
CreateIoCompletionPort
GetCurrentThreadId
ExpandEnvironmentStringsW
ReleaseSemaphore
TlsGetValue
OutputDebugStringA
GetStdHandle
GetSystemTime
GetVersionExA
MapViewOfFile
UnmapViewOfFile
FormatMessageA
CreateFileMappingA
TlsSetValue
IsDebuggerPresent
DuplicateHandle
TlsAlloc
TlsFree
GetCurrentThread
FreeLibrary
GetModuleHandleA
LoadLibraryExW
DeleteFileA
GetFileInformationByHandle
LockFile
UnlockFile
SetEnvironmentVariableA
GetDiskFreeSpaceA
GetLogicalDrives
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetComputerNameA
CreateFileA
SetFileTime
GetFileAttributesW
WideCharToMultiByte
LocalFileTimeToFileTime
MultiByteToWideChar
GetCurrentDirectoryW
GetModuleHandleExA
GetNativeSystemInfo
SystemTimeToFileTime
CreateProcessW
FreeResource
SizeofResource
LockResource
LoadResource
FindResourceW
RemoveDirectoryW
MoveFileExW
GetTempPathA
CopyFileW
GetCommandLineW
CreateDirectoryW
GetEnvironmentVariableW
FlushFileBuffers
WriteFile
DeleteFileW
GetCurrentProcess
GetModuleHandleW
GetProcAddress
Sleep
FindClose
FindNextFileW
SetEvent
FindFirstFileW
InitializeCriticalSectionAndSpinCount
GetLastError
CreateThread
DeleteCriticalSection
GetExitCodeThread
EnterCriticalSection
LeaveCriticalSection
TerminateThread
InitializeCriticalSection
WaitForSingleObject
CloseHandle
DeviceIoControl
GetLogicalDriveStringsA
CreateFileW
GetModuleFileNameW
ReadFile
GetVolumeInformationA
GetProcessHeap
GetUserDefaultLCID
HeapFree
HeapAlloc
lstrlenA
SetFilePointer
QueryPerformanceFrequency
DecodePointer
ReplaceFileW
GetTempFileNameW
GetLongPathNameW
ReleaseMutex
CreateFileMappingW
LoadLibraryA
GetDiskFreeSpaceW
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
CreateSemaphoreA
GetFileSize
LockFileEx
GetTempPathW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
UnlockFileEx
InterlockedCompareExchange
CreateMutexW
GetFullPathNameA
SetEndOfFile
GetFullPathNameW
WriteConsoleW
ReadConsoleW
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetStdHandle
GetDriveTypeW
FindFirstFileExW
GetTimeZoneInformation
RtlUnwind
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetFileType
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
InterlockedIncrement
GetStringTypeW
GetStartupInfoW
SetLastError
GetFileAttributesExW
ExitThread
HeapReAlloc
InterlockedDecrement
ExitProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapSize
AreFileApisANSI
GetModuleHandleExW
EncodePointer

user32

PostMessageW
CreateDesktopW
TranslateMessage
DispatchMessageW
PeekMessageW
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
GetQueueStatus
CallMsgFilterW
DestroyWindow
CreateWindowExW
RegisterClassExW
UnregisterClassW
PostQuitMessage
DefWindowProcW
WaitMessage

advapi32

SystemFunction036
RegOpenCurrentUser
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
CryptHashData
CryptDestroyHash
CryptCreateHash
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam

shell32

SHFileOperationW
SHGetFolderPathW

iphlpapi

GetAdaptersAddresses

shlwapi

SHGetValueW
SHDeleteKeyW
PathFileExistsW

wininet

InternetCheckConnectionW
InternetCloseHandle
InternetOpenUrlW
InternetReadFile
InternetOpenW

winhttp

WinHttpAddRequestHeaders
WinHttpReadData
WinHttpCrackUrl
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpSetOption
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpWriteData
WinHttpConnect
WinHttpCloseHandle

sensapi

IsNetworkAlive

ws2_32

connect
ioctlsocket
getpeername
getsockname
listen
accept
bind
recv
recvfrom
select
send
sendto
setsockopt
shutdown
__WSAFDIsSet
getsockopt
WSAGetLastError
closesocket

winmm

timeBeginPeriod
timeGetTime
timeEndPeriod

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 279KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0bb2e3aa5855b3cb8268900cf0a426c0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

iphlpapi

shlwapi

wininet

winhttp

sensapi

ws2_32

winmm

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 279KB - Virtual size: 279KB

.data Size: 22KB - Virtual size: 60KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 173KB - Virtual size: 172KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 279KB - Virtual size: 279KB

.data
Size: 22KB - Virtual size: 60KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 173KB - Virtual size: 172KB