Static task
static1
Behavioral task
behavioral1
Sample
NEAS.ca7596a36c54ab620dc01d112fcc9f50.exe
Resource
win7-20230831-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.ca7596a36c54ab620dc01d112fcc9f50.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
NEAS.ca7596a36c54ab620dc01d112fcc9f50.exe
-
Size
1.4MB
-
MD5
ca7596a36c54ab620dc01d112fcc9f50
-
SHA1
e9e068d560eef784348342adfbe4b22f285f9c6d
-
SHA256
81f5bea7574c84c0982747b4f58e27186136e660d51f683488f5cc0f20c5198b
-
SHA512
7dcb97314b09a17e1601a6c259678973c956b86c8ccc5a670b78dbff7e071434023975fc38a81ae1ca0d53795cb129ca9e399805e2d727d05c79ee7b83c183b8
-
SSDEEP
24576:umv1247SnxrREw87ucLlTfq7olfMV0tBhrpJtZbzc/Pbb8w2ErIhGZVh/e6gaDyB:umvQnxrREw87ucLlTS0lfK4BDvZbzc/M
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.ca7596a36c54ab620dc01d112fcc9f50.exe
Files
-
NEAS.ca7596a36c54ab620dc01d112fcc9f50.exe.exe windows:5 windows x86
9194725c3700fc9b80b0ef1e879aec35
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
iphlpapi
GetAdaptersInfo
version
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW
credui
CredUIConfirmCredentialsW
CredUIPromptForCredentialsW
CredUIParseUserNameW
winhttp
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpGetProxyForUrl
WinHttpSetCredentials
WinHttpOpen
psapi
GetProcessImageFileNameW
GetProcessMemoryInfo
GetModuleFileNameExW
comctl32
_TrackMouseEvent
InitCommonControlsEx
dbghelp
MiniDumpWriteDump
kernel32
SetFilePointer
GetFileSize
GetFileInformationByHandle
CloseHandle
MapViewOfFile
CreateFileMappingW
CreateFileW
WriteFile
UnmapViewOfFile
SystemTimeToFileTime
GetLocalTime
GetTickCount
WideCharToMultiByte
DeleteFileW
GetLastError
CreateProcessW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetFileAttributesExW
GetExitCodeProcess
WaitForSingleObjectEx
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTime
GetSystemInfo
GetComputerNameExW
CopyFileW
FlushFileBuffers
TerminateProcess
VirtualQuery
OpenFileMappingW
OpenProcess
FreeLibrary
SizeofResource
LockResource
LoadResource
FindResourceW
LoadLibraryW
LocalFree
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateEventW
SetEvent
GlobalFree
GetProcAddress
ReadProcessMemory
GlobalMemoryStatusEx
SetErrorMode
WaitForSingleObject
OpenEventW
GetModuleHandleW
GetVersionExW
SuspendThread
ResumeThread
ContinueDebugEvent
DebugSetProcessKillOnExit
DebugActiveProcess
DebugActiveProcessStop
WaitForDebugEvent
DebugBreakProcess
SetThreadContext
WriteProcessMemory
GetThreadContext
OpenThread
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
GetModuleFileNameW
FindResourceExW
DuplicateHandle
GetCurrentProcess
FindClose
FindNextFileW
FindFirstFileW
ReadFile
InterlockedExchange
OutputDebugStringA
IsDebuggerPresent
MultiByteToWideChar
GetEnvironmentVariableW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetFullPathNameW
GetSystemTimeAsFileTime
RaiseException
FlushInstructionCache
HeapAlloc
GetProcessHeap
lstrlenW
GetCurrentThreadId
HeapFree
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
Sleep
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
HeapSize
HeapReAlloc
HeapDestroy
FileTimeToSystemTime
SetThreadUILanguage
user32
GetDesktopWindow
DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
DispatchMessageW
TranslateMessage
PeekMessageW
MessageBoxW
LoadStringW
DestroyIcon
LoadImageW
SendMessageW
IsWindow
WaitForInputIdle
GetWindowTextW
EnumWindows
LoadIconW
MessageBeep
EndDialog
SetWindowLongW
PostMessageW
UnregisterClassA
GetSystemMenu
MoveWindow
SetWindowPos
GetWindowRect
GetClientRect
ScreenToClient
UpdateWindow
InvalidateRect
ShowWindow
SetTimer
KillTimer
EnableWindow
SetFocus
CheckDlgButton
GetDlgItem
GetWindowLongW
DrawTextW
BeginPaint
EndPaint
CallWindowProcW
DrawIconEx
GetWindowTextLengthW
CopyRect
InflateRect
DialogBoxIndirectParamW
EnableMenuItem
GetMonitorInfoW
MonitorFromWindow
DrawFocusRect
GetSystemMetrics
SystemParametersInfoW
GetSysColor
GetDialogBaseUnits
SetWindowTextW
gdi32
CreateDCW
DeleteDC
CreateFontIndirectW
GetStockObject
RoundRect
SelectObject
SetBkMode
SetTextColor
SetBkColor
ExtTextOutW
DeleteObject
CreateSolidBrush
CreatePen
advapi32
CryptGetHashParam
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW
CredReadW
CredFree
CredDeleteW
CredWriteW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
shell32
DuplicateIcon
ord165
ShellExecuteW
SHGetFileInfoW
SHGetFolderPathW
CommandLineToArgvW
ole32
CoCreateInstance
CoInitializeEx
CoCreateGuid
CoTaskMemFree
StringFromCLSID
msvcp90
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0locale@std@@QAE@PBDH@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PADH@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@ABV12@@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?find_first_not_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
?close@?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
??_D?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAEXXZ
?clear@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?length@?$char_traits@D@std@@SAIPBD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?end@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
?begin@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE?AV?$_String_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?max@?$numeric_limits@_J@std@@SA_JXZ
?swap@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXAAV12@@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Unlock@_Mutex@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?_Raise_handler@std@@3P6AXABVexception@stdext@@@ZA
?_Throw@std@@YAXABVexception@stdext@@@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_WH@Z
?setf@ios_base@std@@QAEHHH@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??_D?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXXZ
?str@?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@2@XZ
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?setw@std@@YA?AU?$_Smanip@H@1@H@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AAV21@@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAEHH@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?eq_int_type@?$char_traits@_W@std@@SA_NABG0@Z
?eof@?$char_traits@_W@std@@SAGXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?flags@ios_base@std@@QBEHXZ
??1locale@std@@QAE@XZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?width@ios_base@std@@QBEHXZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEHPB_WH@Z
?length@?$char_traits@_W@std@@SAIPB_W@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE_W_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_ostream@_WU?$char_traits@_W@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??1_Lockit@std@@QAE@XZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$ctype@_W@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
msvcr90
wcscmp
_open
_lseek
_close
_read
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
_except_handler4_common
_wmakepath_s
wcsnlen
_recalloc
calloc
wcsstr
memcpy_s
__iob_func
fprintf
tolower
_wsplitpath_s
iswspace
wcstol
memmove_s
abort
strchr
_snwprintf
_snprintf
ceil
strncmp
sprintf
_errno
strerror
_wcstoui64
wcsncpy_s
_wfopen
fseek
_fileno
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
ldiv
wcsncpy
_invalid_parameter_noinfo
??3@YAXPAX@Z
memcpy
memset
_wcsicmp
wcslen
??_V@YAXPAX@Z
??2@YAPAXI@Z
__CxxFrameHandler3
rand
srand
strcat
strlen
strcpy
wcscpy
strncpy
wcsrchr
iswalnum
_wfullpath
_wcslwr_s
wcstombs_s
_vsnprintf_s
_vsnwprintf_s
??0bad_cast@std@@QAE@PBD@Z
_CxxThrowException
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABV01@@Z
wcschr
_write
_wcslwr
wcscat
memcmp
_purecall
malloc
_beginthread
_wtoi
free
wcstoul
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
Sections
.text Size: 292KB - Virtual size: 292KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 67KB - Virtual size: 66KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.0MB - Virtual size: 1.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 16KB - Virtual size: 15KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ