NEAS[.]c2e4e6f1518aeab0e8fa5d5f8ef5f680[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c2e4e6f1518aeab0e8fa5d5f8ef5f680.exe
Size

474KB
MD5

c2e4e6f1518aeab0e8fa5d5f8ef5f680
SHA1

6b573fd9d360ab91005df4051c7e11dc81269cb2
SHA256

639549b78b49eaecd3f1134a50ee80c0181e74652ae3f93c5dd00f008b63dcaf
SHA512

b5f261faf07debfc986c19bc63aa2ce363adbb819ebcc06f5434aa96c62888d21a44b4b8ea821aa15d7f37716551c158854a1c9bef8fe34f93776e088eec6364
SSDEEP

6144:94AY6BSzS9gqFawWLiUpQjqp4/rLDcy42isr9o16V2/w0PMMMMKOD:6AY6OwWLibqW/rvcy47aCK0PMMMMKM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c2e4e6f1518aeab0e8fa5d5f8ef5f680.exe

Files

NEAS.c2e4e6f1518aeab0e8fa5d5f8ef5f680.exe
.exe windows:5 windows x86

9791cbedf10b16d6ac4b055e1b066284

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

TlsFree
InterlockedIncrement
lstrlenA
GlobalFlags
SetErrorMode
GetStartupInfoW
RtlUnwind
HeapAlloc
HeapFree
RaiseException
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
VirtualFree
QueryPerformanceCounter
DeleteCriticalSection
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
VirtualAlloc
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
LCMapStringA
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
SetEnvironmentVariableA
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleA
InterlockedDecrement
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesW
lstrcmpA
GetLocaleInfoW
LoadLibraryExW
CompareStringA
InterlockedExchange
GetFileTime
GetFileSizeEx
SetFileAttributesW
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
GetFileAttributesExW
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateFileW
GetFullPathNameW
GetVolumeInformationW
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
LoadLibraryA
lstrcmpW
GetVersionExA
FreeResource
GetCurrentProcessId
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
SetLastError
MoveFileExW
CompareFileTime
GetWindowsDirectoryW
CopyFileW
GetFileAttributesW
CreateDirectoryW
GetDiskFreeSpaceW
GetVersion
WriteProfileStringW
GetLastError
WaitForSingleObject
MultiByteToWideChar
GetModuleHandleW
GetCurrentProcess
GetPrivateProfileIntW
CreateProcessW
CloseHandle
GetTickCount
FindNextFileW
WideCharToMultiByte
lstrcpyW
lstrcatW
FindFirstFileW
FindClose
GetProcAddress
WritePrivateProfileStringW
GetPrivateProfileStringW
GetVersionExW
ExpandEnvironmentStringsW
DeleteFileW
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryW
FreeLibrary
lstrlenW
GetProfileStringW
FindResourceW
LoadResource
LockResource
SizeofResource
GetSystemTimeAsFileTime

user32

UnregisterClassW
LoadCursorW
GetSysColorBrush
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
DestroyMenu
SetCursor
GetMessageW
GetCursorPos
ValidateRect
PostQuitMessage
CharUpperW
ShowWindow
SetWindowTextW
IsDialogMessageW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
SetWindowsHookExW
CallNextHookEx
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
CopyRect
PtInRect
GetMenu
SetWindowLongW
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetCapture
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetParent
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
UpdateWindow
PeekMessageW
TranslateMessage
DispatchMessageW
GetDlgItem
LoadIconW
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
PostMessageW
AppendMenuW
DrawIcon
MessageBoxW
GetDesktopWindow
EnableWindow
GetSystemMetrics
SendMessageW
GetMessageTime

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutW
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutW
CreateBitmap
GetObjectW
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegEnumKeyW
RegOpenKeyW
OpenThreadToken
OpenProcessToken
DuplicateToken
GetFileSecurityW
IsValidSecurityDescriptor
AccessCheck
RegQueryValueW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
SHGetMalloc

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW

ole32

CoInitialize
CoCreateInstance

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9791cbedf10b16d6ac4b055e1b066284

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

shlwapi

ole32

oleaut32

Sections

.text Size: 183KB - Virtual size: 183KB

.rdata Size: 53KB - Virtual size: 52KB

.data Size: 9KB - Virtual size: 23KB

.rsrc Size: 228KB - Virtual size: 227KB

.text
Size: 183KB - Virtual size: 183KB

.rdata
Size: 53KB - Virtual size: 52KB

.data
Size: 9KB - Virtual size: 23KB

.rsrc
Size: 228KB - Virtual size: 227KB