NEAS[.]813136114b09f94d04621c01ea6e13f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.813136114b09f94d04621c01ea6e13f0.exe
Size

144KB
MD5

813136114b09f94d04621c01ea6e13f0
SHA1

a53431461304671ec8d5da301647b59ccdb91697
SHA256

2158362149f10a75f16c9fbbd0a88f17954405d67de17527a3978a77b884f096
SHA512

78bb56fa0a6e8fb58476740343c6fd5b33683ac5a08fbacf3afcab582bd518315d803a05bc07cbfa74985f18122a19bffdab2bc4aef8ad4e9f22c7a614b3f4ab
SSDEEP

1536:9DrVvbMRvuMmkJrzAUUV69wtUBPVlaTmLnoByv4EZH3KDkZO9i3PaO1Itku9P:9DxvbumkJf+VU1W3O4m6ZgPx1Itku9P

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.813136114b09f94d04621c01ea6e13f0.exe

Files

NEAS.813136114b09f94d04621c01ea6e13f0.exe
.exe windows:4 windows x86

1f1cccefb0b5e4206f08f96282088bf1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetFileSizeEx
GetLastError
CreateDirectoryA
MultiByteToWideChar
WideCharToMultiByte
GetModuleFileNameA
LocalFree
FormatMessageA
GetSystemInfo
GetProcAddress
GetModuleHandleA
InterlockedDecrement
SetEvent
CreateEventA
OutputDebugStringA
ResumeThread
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
FlushInstructionCache
lstrlenW
InterlockedIncrement
lstrlenA
lstrcmpiA
IsDBCSLeadByte
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
LoadLibraryA
HeapAlloc
HeapFree
InterlockedCompareExchange
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
ReadFile
WriteFile
SetFileAttributesA
CopyFileA
DeleteFileA
CreateProcessA
CreateFileA
GetFileSize
GetCurrentThreadId
CreateToolhelp32Snapshot
Process32First
CloseHandle
Process32Next
Sleep
OpenProcess
TerminateProcess
GetCurrentProcess
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
ExitProcess
LCMapStringW
GetVersionExA
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
LCMapStringA
IsValidCodePage
GetProcessHeap
RaiseException
GetOEMCP
GetCPInfo
HeapSize
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
VirtualQuery
VirtualProtect
CreateThread
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetThreadLocale
GetLocaleInfoA
IsProcessorFeaturePresent

user32

CreateDialogParamA
DefWindowProcA
TranslateMessage
DispatchMessageA
ShowWindow
SetWindowLongA
KillTimer
GetWindowLongA
SendMessageA
IsDialogMessageA
SetWindowPos
MapWindowPoints
CharNextA
GetClientRect
SystemParametersInfoA
GetWindowRect
GetWindow
GetParent
GetWindowThreadProcessId
FindWindowA
DestroyWindow
PostQuitMessage
LoadImageA
GetSystemMetrics
PostMessageA
PeekMessageA
UnregisterClassA
SetTimer
GetMessageA

advapi32

CryptHashData
RegQueryInfoKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteKeyA
CryptDecrypt
CryptAcquireContextA
CryptCreateHash
AdjustTokenPrivileges
CryptDeriveKey
CryptDestroyHash
CryptEncrypt
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarUI4FromStr
VariantClear

shlwapi

PathFileExistsA

comctl32

InitCommonControlsEx

ws2_32

ioctlsocket
recvfrom
ntohs
htonl
bind
WSACleanup
select
WSAGetLastError
htons
sendto
socket
WSAStartup

winmm

timeGetTime

Sections

.text
Size: 104KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.uro
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1f1cccefb0b5e4206f08f96282088bf1

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

shlwapi

comctl32

ws2_32

winmm

Sections

.text Size: 104KB - Virtual size: 101KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 8KB - Virtual size: 12KB

.rsrc Size: 8KB - Virtual size: 6KB

.uro Size: - Virtual size: 4KB

.text
Size: 104KB - Virtual size: 101KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 8KB - Virtual size: 6KB

.uro
Size: - Virtual size: 4KB