NEAS[.]621920a2075396304ba58d31c7c961a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.621920a2075396304ba58d31c7c961a0.exe
Size

195KB
MD5

621920a2075396304ba58d31c7c961a0
SHA1

37920f9aa3982548530116ec7a873c9b631bf3ed
SHA256

66e354f5f1bc70b8189b60604a5fd130ee3e7187bc0bf3c07857ca115cc0779b
SHA512

919460c8facb68b41e0401df1d328d630893efeda69e9319d74f67936279eeb93c209857cb6fde12ce5b4edf910b6f7a2da03654f3aab75534a50a2110f4c8cd
SSDEEP

6144:H+nrAYrJ/hL4XliARBZcR7T5Ui9+G5TB3:erAYhhL0NLc4EpB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.621920a2075396304ba58d31c7c961a0.exe

Files

NEAS.621920a2075396304ba58d31c7c961a0.exe
.exe windows:5 windows x86

9f72e15deba6ef65c40979f82c2592f9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mfc140

ord1751
ord1765
ord1739
ord1717
ord4938
ord4997
ord4981
ord4926
ord5003
ord4958
ord4896
ord4911
ord4972
ord4493
ord5769
ord9647
ord4485
ord3050
ord12201
ord12205
ord13798
ord1772
ord3259
ord9213
ord10950
ord6947
ord12163
ord8922
ord14502
ord11881
ord3825
ord3830
ord12032
ord9096
ord11672
ord11671
ord5631
ord10240
ord10236
ord10238
ord10239
ord10237
ord14699
ord2759
ord8173
ord10207
ord3295
ord3298
ord13681
ord6195
ord6104
ord6505
ord3159
ord3396
ord3395
ord458
ord10421
ord11343
ord10963
ord8997
ord12115
ord9167
ord2758
ord13677
ord4920
ord6193
ord12074
ord10986
ord7459
ord6562
ord4944
ord5960
ord310
ord494
ord5491
ord12725
ord5059
ord5095
ord6936
ord12503
ord14238
ord3005
ord305
ord311
ord5898
ord3839
ord12706
ord4656
ord8679
ord8672
ord6529
ord5493
ord500
ord11907
ord12294
ord1140
ord2289
ord4315
ord1530
ord2387
ord1507
ord306
ord4950
ord12528
ord14322
ord12863
ord3230
ord4841
ord6469
ord5937
ord8713
ord2251
ord2216
ord2171
ord860
ord12471
ord2550
ord4473
ord1379
ord8269
ord8973
ord10951
ord5763
ord14510
ord7887
ord14508
ord6848
ord11663
ord13628
ord5911
ord2680
ord12067
ord3933
ord3363
ord3364
ord3258
ord12111
ord1000
ord4490
ord2560
ord3689
ord1389
ord890
ord2241
ord1650
ord1178
ord2200
ord8429
ord7618
ord1468
ord8347
ord12190
ord10383
ord12869
ord12806
ord4580
ord8285
ord5336
ord2484
ord12485
ord12484
ord14509
ord7886
ord14507
ord9353
ord4143
ord4082
ord12888
ord7905
ord2027
ord11928
ord11927
ord14380
ord12474
ord7964
ord14581
ord265
ord266
ord2383
ord2381
ord2376
ord6724
ord3841
ord1661
ord5861
ord8146
ord316
ord6322
ord14583
ord6324
ord14582
ord6323
ord993
ord6831
ord3844
ord5894
ord12182
ord8180
ord12194
ord12162
ord1177
ord1109
ord4084
ord5228
ord5528
ord5739
ord9089
ord8031
ord4216
ord4932
ord1528
ord13584
ord13582
ord6563
ord2210
ord9088
ord2751
ord14487
ord3866
ord2989
ord8704
ord4215
ord4987
ord3184
ord2407
ord13193
ord7997
ord12705
ord4655
ord1534
ord1533
ord1664
ord1668
ord1667
ord1665
ord9305
ord5504
ord5742
ord5231
ord5390
ord5210
ord7687
ord7688
ord7677
ord5388
ord8182
ord10202
ord9166
ord2298
ord2165
ord2389
ord1447
ord13198
ord13883
ord974
ord14571
ord12348
ord14518
ord12291
ord4725
ord4705
ord2881
ord8140
ord5565
ord1142
ord503
ord4807
ord8322
ord8717
ord12826
ord2992
ord2986
ord1693
ord1696
ord1692
ord1529
ord1526
ord1044
ord300
ord1509

kernel32

FindCloseChangeNotification
OutputDebugStringA
SetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
FindNextChangeNotification
OutputDebugStringW
Sleep
FindClose
GetTempPathA
GetTempFileNameA
RemoveDirectoryA
DeleteFileA
FindFirstFileA
FindNextFileA
lstrcpynA
CopyFileA
MoveFileExA
ExpandEnvironmentStringsA
GetModuleFileNameA
MultiByteToWideChar
GetVersion
MulDiv
GetComputerNameExA
GetFileSize
SetHandleInformation
FormatMessageA
CreatePipe
CreateProcessA
GetNumberFormatA
LoadLibraryA
DecodePointer
FindFirstChangeNotificationA
CreateFileA
CloseHandle
ReadFile
WaitForMultipleObjects
WaitForSingleObject
ResumeThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy

user32

FlashWindow
IsIconic
EnableWindow
SendMessageA
DrawIcon
LoadIconW
PostMessageA
UnregisterClassA
GetSystemMetrics
RegisterWindowMessageA
GetWindowLongA
GetClientRect
IsWindow

oleaut32

VarUI4FromUI8
VarI4FromCy
VarI4FromR8
VarI4FromR4
VarUI4FromCy
VarUI4FromR8
VarUI4FromR4
VarUI4FromI8
SysAllocStringLen
VarBstrCmp
SysAllocString
VariantInit
VarUI4FromI2
VarUI4FromUI1
VariantClear
VariantChangeType
VarR8FromCy
VarCyFromI4
VarCyFromR8
VarCyFromDec
VarBstrFromCy
VarDecFromI2
VarDecFromR8
VarDecFromCy
VarDecDiv
VarDecMul
VarCyAdd
VarCyMul
VarCySu
SystemTimeToVariantTime
VariantTimeToSystemTime
VarUI1FromI2
VarUI1FromI4
VarUI1FromI8
VarUI1FromR4
VarUI1FromR8
VarUI1FromCy
VarUI1FromUI8
VarUI2FromUI8
VarUI2FromCy
VarUI2FromR8
VarUI2FromR4
VarUI2FromI8
VarUI2FromI4
VarUI2FromUI1
VarCyFromUI8
VarCyFromR4
VarCyFromI8
VarCyFromI2
VarCyFromUI1
VarR8FromUI8
VarR8FromR4
SysFreeString
VarR8FromI8
VarR8FromI4
VarI4FromI8
VarR8FromI2
VarR8FromUI1
VarR4FromUI8
VarR4FromCy
VarR4FromR8
VarR4FromI8
VarR4FromI4
VarR4FromI2
VarR4FromUI1
VarI2FromUI1
VarI2FromI4
VarI2FromI8
VarI2FromR4
VarI2FromR8
VarI2FromCy
VarI2FromUI8
VarI4FromUI1
VarI4FromI2
VarI4FromUI8

ws2_32

inet_ntoa
gethostbyname
WSACleanup
gethostname
WSAStartup

vcruntime140

__telemetry_main_return_trigger
_except_handler4_common
__std_type_info_destroy_list
memmove
strchr
strrchr
__telemetry_main_invoke_trigger
memset
memcpy
_CxxThrowException
__CxxFrameHandler3
__std_terminate
__vcrt_InitializeCriticalSectionEx

api-ms-win-crt-heap-l1-1-0

free
_recalloc
_set_new_mode
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_invalid_parameter_noinfo
_errno
_seh_filter_dll
_initialize_narrow_environment
_resetstkoflw
_initialize_onexit_table
_controlfp_s
terminate
_register_onexit_function
_execute_onexit_table
_register_thread_local_exe_atexit_callback
_c_exit
_crt_atexit
_exit
exit
_initterm_e
_crt_at_quick_exit
_get_narrow_winmain_command_line
_configure_narrow_argv
_cexit
_set_app_type
_seh_filter_exe

api-ms-win-crt-utility-l1-1-0

srand
qsort
rand

api-ms-win-crt-math-l1-1-0

_libm_sse2_log_precise
_except1
__setusermatherr
_libm_sse2_exp_precise

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsscanf
_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_setmbcp
_configthreadlocale

api-ms-win-crt-string-l1-1-0

strcat
strcmp
strncpy
strlen
isdigit
_stricmp
strcpy

api-ms-win-crt-filesystem-l1-1-0

_fullpath

api-ms-win-crt-convert-l1-1-0

_ui64toa
_i64toa
_ltoa
_itoa
atol
atof
atoi
_atoi64
wcstombs
_gcvt

imagehlp

MakeSureDirectoryPathExists

gdi32

GetDeviceCaps

advapi32

RegSetValueExA
GetUserNameA
RegOpenKeyA
DeregisterEventSource
RegisterEventSourceA
ReportEventA
RegQueryValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegConnectRegistryA
RegCloseKey

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc

shlwapi

PathAddExtensionA
PathAddBackslashA
PathFileExistsA

ole32

CoCreateInstanceEx
CoSetProxyBlanket
CoInitializeSecurity
CoCreateInstance
CoTaskMemFree
CoCreateGuid
StringFromGUID2
StringFromCLSID
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream

api-ms-win-crt-time-l1-1-0

clock
_localtime32
_mktime64

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9f72e15deba6ef65c40979f82c2592f9

Headers

DLL Characteristics

File Characteristics

Imports

mfc140

kernel32

user32

oleaut32

ws2_32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-convert-l1-1-0

imagehlp

gdi32

advapi32

shell32

shlwapi

ole32

api-ms-win-crt-time-l1-1-0

Sections

.text Size: 129KB - Virtual size: 129KB

.rdata Size: 45KB - Virtual size: 45KB

.data Size: 3KB - Virtual size: 4KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 48B

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 11KB - Virtual size: 11KB

.text
Size: 129KB - Virtual size: 129KB

.rdata
Size: 45KB - Virtual size: 45KB

.data
Size: 3KB - Virtual size: 4KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 48B

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 11KB - Virtual size: 11KB