NEAS[.]74501f79d95b4d7fe16d552cb7d4a620[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.74501f79d95b4d7fe16d552cb7d4a620.exe
Size

3.8MB
MD5

74501f79d95b4d7fe16d552cb7d4a620
SHA1

61204f06a4e037879c9849e259cfb000c2899a00
SHA256

c081b87e275deb4bb8ce9e5cc576d6c42735af61633f561b7f64e220c3bdc40e
SHA512

dcb7b6fbbe2db8a708ae8f08a85321739c3a6dc8210fb023ef73247e2b386d437b07c19f5de1f7ae26844d6c9c994c8a021ee9be473ee5558341345c5d23da64
SSDEEP

98304:x6CUK/m0uXfNgOo4R5GrhH9Y68DBqp0PTDVoVl+Te9aEyxqL:x6CUK/m0uXfNgOo4RgruPTgKG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.74501f79d95b4d7fe16d552cb7d4a620.exe

Files

NEAS.74501f79d95b4d7fe16d552cb7d4a620.exe
.dll windows:5 windows x86

92d6fc44362fe826c01e5d5946b056c8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mapi32

ord11

wininet

InternetConnectA

ws2_32

connect
gethostbyname

psapi

GetModuleBaseNameW
EnumProcessModules
EnumProcesses
GetProcessImageFileNameA

kernel32

GetModuleHandleExW
ExitProcess
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
FindFirstFileW
FindClose
OpenProcess
GetFileAttributesW
FindFirstFileA
FindNextFileA
GetCommandLineW
WideCharToMultiByte
CreateSemaphoreA
ReleaseSemaphore
SetFilePointer
WaitForMultipleObjects
ReleaseMutex
Sleep
CreateMutexW
SetUnhandledExceptionFilter
GetTickCount
GetCurrentThreadId
GetCurrentProcess
ExitThread
CreateWaitableTimerA
SetWaitableTimer
SystemTimeToFileTime
ResumeThread
ResetEvent
GetSystemInfo
GetExitCodeThread
GetFileAttributesExW
GetThreadTimes
QueryPerformanceFrequency
DeleteFileW
lstrlenA
GetFileSize
GetFileType
SetLastError
CopyFileW
LocalFree
FindResourceExW
LockResource
ReadFile
GetMailslotInfo
CreateMailslotW
CreateEventW
GlobalAlloc
OpenEventW
CreateFileW
InterlockedExchange
LoadLibraryW
CreateThread
CloseHandle
lstrcmpW
DeleteCriticalSection
lstrcmpiW
EnterCriticalSection
GetProcAddress
GetLastError
RaiseException
lstrlenW
MultiByteToWideChar
GetModuleFileNameW
LeaveCriticalSection
SetEvent
WaitForSingleObject
CreateEventA
SizeofResource
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
HeapQueryInformation
CreateFileA
SetEndOfFile
HeapCreate
GetSystemTimeAsFileTime
SetEnvironmentVariableA
CompareStringW
SetStdHandle
WriteConsoleW
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FatalAppExitA
GetTimeZoneInformation
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GlobalLock
GlobalUnlock
GlobalFree
GetTempPathW
GetEnvironmentVariableW
GetVersionExW
HeapAlloc
GetProcessHeap
HeapFree
IsWow64Process
VirtualQuery
OutputDebugStringW
FormatMessageW
LocalAlloc
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateDirectoryW
FindNextFileW
GetLocalTime
VirtualProtect
WriteFile
TerminateThread
MulDiv
GlobalHandle
FlushInstructionCache
GetLocaleInfoW
GlobalAddAtomW
GlobalDeleteAtom
InitializeCriticalSection
HeapDestroy
HeapReAlloc
HeapSize
InterlockedCompareExchange
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetStringTypeW
EncodePointer
DecodePointer
GetCommandLineA
GetTimeFormatW
GetDateFormatW
RtlUnwind
GetCPInfo
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
TlsAlloc

user32

DefWindowProcW
SetWindowLongW
GetWindowLongW
DestroyAcceleratorTable
InvalidateRect
CallWindowProcW
InvalidateRgn
FillRect
ReleaseCapture
SetCapture
MoveWindow
ScreenToClient
ClientToScreen
CreateAcceleratorTableW
GetClassInfoExW
RedrawWindow
LoadCursorW
IsWindow
GetDlgItem
GetMessageW
SetFocus
GetFocus
IsChild
EndPaint
BeginPaint
GetWindowTextLengthW
SetWindowPos
UnregisterHotKey
RegisterHotKey
GetDesktopWindow
GetSysColorBrush
DrawTextW
UnregisterClassA
RegisterClassExW
DialogBoxIndirectParamW
GetSysColor
GetForegroundWindow
SetWindowTextW
GetWindowTextW
GetClientRect
SendMessageW
TranslateMessage
EndDialog
SetWindowContextHelpId
IsDialogMessageW
GetMenu
SetCursor
DispatchMessageW
PeekMessageW
MsgWaitForMultipleObjects
UnregisterClassW
ShowWindow
GetWindowRect
wsprintfW
InSendMessage
DestroyWindow
EnumChildWindows
IsWindowVisible
FindWindowExW
ReleaseDC
GetDC
RegisterWindowMessageW
MessageBoxW
GetWindowDC
EnumDesktopWindows
EnumWindows
CharNextW
GetActiveWindow
InsertMenuW
GetMenuItemID
EnableMenuItem
GetWindowThreadProcessId
DrawTextExW
AdjustWindowRectEx
MapDialogRect
SendDlgItemMessageW
GetClassNameW
GetAncestor
GetParent
GetWindow
InsertMenuItemW
CreateWindowExW

gdi32

SetDIBits
GetDIBits
CreateDIBSection
SetTextColor
CreateFontIndirectW
CreateDCA
CreateDCW
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject
StartDocW
BitBlt
GetStockObject
SelectObject
DeleteDC
SetBkColor
GetObjectW
GetPixel
GetDeviceCaps

advapi32

SetTokenInformation
RegEnumKeyW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ConvertSidToStringSidW
IsValidSid
LookupAccountNameW
GetUserNameW
GetSidSubAuthority
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegSetValueExW
OpenProcessToken
DuplicateTokenEx
ConvertStringSidToSidW
GetLengthSid
RegQueryValueExW
GetSidSubAuthorityCount
LookupPrivilegeNameW
GetTokenInformation
CreateProcessAsUserW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueW

ole32

CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoInitialize
CoInitializeEx
CoTaskMemRealloc
StringFromGUID2
CLSIDFromString
OleUninitialize
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
OleInitialize
CLSIDFromProgID
StringFromCLSID

oleaut32

GetErrorInfo
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantChangeType
VarBstrCmp
SetErrorInfo
VarUI4FromStr
SysFreeString
VariantInit
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SafeArrayCopy
SysStringLen
SafeArrayGetVartype
VariantClear
SysAllocStringLen
SafeArrayCreate
SafeArrayDestroy
CreateErrorInfo
SafeArrayUnlock
SafeArrayLock

urlmon

CoInternetParseUrl

shlwapi

PathAppendW
PathFindExtensionW
PathFindFileNameW

msimg32

AlphaBlend

rpcrt4

RpcStringFreeW
UuidToStringW

winspool.drv

GetJobW
EnumPrintersW
OpenPrinterW
GetPrinterDriverW

dbghelp

ImageDirectoryEntryToData

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
ShellExecuteW

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 653KB - Virtual size: 652KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 70KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

92d6fc44362fe826c01e5d5946b056c8

Headers

DLL Characteristics

File Characteristics

Imports

mapi32

wininet

ws2_32

psapi

kernel32

user32

gdi32

advapi32

ole32

oleaut32

urlmon

shlwapi

msimg32

rpcrt4

winspool.drv

dbghelp

version

shell32

Sections

.text Size: 2.8MB - Virtual size: 2.8MB

.rdata Size: 653KB - Virtual size: 652KB

.data Size: 70KB - Virtual size: 88KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 101KB - Virtual size: 100KB

.reloc Size: 166KB - Virtual size: 165KB

.text
Size: 2.8MB - Virtual size: 2.8MB

.rdata
Size: 653KB - Virtual size: 652KB

.data
Size: 70KB - Virtual size: 88KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 101KB - Virtual size: 100KB

.reloc
Size: 166KB - Virtual size: 165KB