NEAS[.]ca0770b00498515fe326999124df1070[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ca0770b00498515fe326999124df1070.exe
Size

2.7MB
MD5

ca0770b00498515fe326999124df1070
SHA1

20032b06d690482c639acce1c35c02eff0d97aca
SHA256

47636320de9683fed3130feeb7bbb822a5d60037b8f3e49d4348f52b3cf6b042
SHA512

ae629814e8b73c9f27efac38004659f2141876a3092f833c2d143fe53f74b86d6d5b1d06322969f192a4bf7becc74a59b8d381abd8f5c5e3ea3582f7403fb7a9
SSDEEP

24576:clIxSi7typoNMQszN7eGrF1r+TcNglNQPOvTOAseqt7lZCN8dZbTbKh6K25kL/jk:8IIix3N/c5kfcBT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ca0770b00498515fe326999124df1070.exe

Files

NEAS.ca0770b00498515fe326999124df1070.exe
.exe windows:4 windows x86

035586edeb87c93b03da2c438cf25749

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
IsBadWritePtr
GetTimeZoneInformation
GetTimeFormatA
GetDateFormatA
SetUnhandledExceptionFilter
GetOEMCP
GetCPInfo
GetEnvironmentStrings
IsBadCodePtr
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetDriveTypeA
CompareStringA
CompareStringW
SetEnvironmentVariableA
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetModuleFileNameA
GetStdHandle
InterlockedExchange
HeapSize
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapReAlloc
TerminateProcess
ExitThread
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
GetStartupInfoW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalFlags
GetCurrentDirectoryW
GetProfileIntW
GetFileTime
GetFileAttributesW
GetFullPathNameW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ReadFile
lstrcmpiW
FindFirstFileW
FindNextFileW
FindClose
GlobalFindAtomW
lstrlenA
LoadLibraryA
lstrcatW
GetVersionExA
GetModuleHandleA
InterlockedDecrement
LocalAlloc
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalAddAtomW
SetLastError
FormatMessageW
lstrcpynW
LocalFree
GetCurrentThread
GetCurrentThreadId
lstrcmpW
GlobalDeleteAtom
lstrcmpA
ConvertDefaultLocale
GetVersion
EnumResourceLanguagesW
GetLocaleInfoW
RemoveDirectoryW
MoveFileW
CopyFileW
GetSystemTime
CreateFileW
WriteFile
GlobalSize
MulDiv
GlobalReAlloc
GetProcAddress
ResumeThread
GetSystemDirectoryW
DeleteFileW
GlobalHandle
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDefaultLangID
LoadLibraryW
CreateDirectoryW
GetModuleHandleW
FreeLibrary
WritePrivateProfileStringW
InterlockedIncrement
InterlockedExchangeAdd
WaitForSingleObject
PulseEvent
Sleep
GetTickCount
WaitForMultipleObjects
SetEvent
CloseHandle
ResetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrcpyW
CreateThread
GetPrivateProfileStringW
GetTempPathW
GetModuleFileNameW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
CreateMutexW
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
LoadResource
LockResource
SizeofResource
GetLastError
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
IsBadReadPtr

user32

GetSysColorBrush
CharUpperW
RegisterWindowMessageW
WinHelpW
CreateWindowExW
GetClassInfoExW
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
SendDlgItemMessageA
IsChild
GetForegroundWindow
GetTopWindow
GetMessageTime
MapWindowPoints
TrackPopupMenu
GetScrollPos
ShowScrollBar
UpdateWindow
GetMenu
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
RegisterClassW
CallWindowProcW
SystemParametersInfoA
GetWindowPlacement
DestroyMenu
EndPaint
BeginPaint
GetWindowDC
UnhookWindowsHookEx
GetWindowTextLengthW
GetWindowTextW
SetFocus
MoveWindow
SetWindowLongW
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CheckDlgButton
RegisterClipboardFormatW
GetWindow
SetWindowContextHelpId
MapDialogRect
wsprintfW
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamW
DestroyWindow
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuW
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
ValidateRect
GetLastActivePopup
IsWindowEnabled
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
PostQuitMessage
DrawIconEx
GetDlgItem
GetDoubleClickTime
CopyRect
ClipCursor
GetMessagePos
IsClipboardFormatAvailable
GetFocus
SetCapture
InvertRect
GetKeyState
IntersectRect
CharNextW
CopyAcceleratorTableW
InvalidateRgn
MessageBeep
SetCursor
FrameRect
FillRect
SystemParametersInfoW
ReleaseDC
SetWindowRgn
OffsetRect
DrawFocusRect
GetNextDlgGroupItem
WindowFromPoint
GetWindowLongW
GetDC
DrawEdge
GetCapture
ReleaseCapture
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
RedrawWindow
GetSysColor
IsWindow
GetClassInfoW
DefWindowProcW
LoadCursorW
GetParent
InflateRect
SetRect
MessageBoxW
PostMessageW
IsRectEmpty
ClientToScreen
SetParent
BringWindowToTop
MsgWaitForMultipleObjects
PeekMessageW
PostThreadMessageW
UnregisterClassW
LoadImageW
SetWindowPos
GetSystemMetrics
GetCursorPos
EnableWindow
LoadIconW
KillTimer
SetTimer
IsWindowVisible
InvalidateRect
ScreenToClient
GetClientRect
GetWindowRect
IsIconic
SendMessageW
SetMenuDefaultItem
AppendMenuW
CreatePopupMenu
DrawIcon
LoadBitmapW
PtInRect
FindWindowW
ShowWindow
SetForegroundWindow

gdi32

CreateRectRgnIndirect
GetMapMode
DPtoLP
GetRgnBox
CreateBitmap
CopyMetaFileW
SetPixel
PatBlt
SaveDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
MoveToEx
LineTo
GetClipBox
SetMapMode
SetStretchBltMode
SetBkColor
GetTextColor
CreateFontW
GetBkColor
GetCurrentObject
GetDeviceCaps
CreateFontIndirectW
CreateRoundRectRgn
Escape
ExtTextOutW
RectVisible
PtVisible
BitBlt
Rectangle
Polygon
CreateEllipticRgn
CreatePen
GetDIBits
SetBkMode
SetTextColor
TextOutW
GetTextExtentPoint32W
FillRgn
CreatePolygonRgn
CreateRectRgn
CreateCompatibleBitmap
StretchBlt
DeleteObject
GetStockObject
GetObjectW
SelectObject
DeleteDC
CreateCompatibleDC
CreateSolidBrush
RestoreDC

comdlg32

GetFileTitleW
GetOpenFileNameW
GetSaveFileNameW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

advapi32

RegCreateKeyExW
RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegQueryValueW

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW

comctl32

ord17
ImageList_AddMasked
_TrackMouseEvent
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_Destroy
ImageList_Create

shlwapi

PathFindExtensionW
PathFindFileNameW
UrlUnescapeW
PathStripToRootW
PathFileExistsW
PathIsUNCW

oledlg

OleUIBusyW

ole32

CLSIDFromProgID
CLSIDFromString
OleUninitialize
CoFreeUnusedLibraries
OleGetClipboard
OleIsCurrentClipboard
OleFlushClipboard
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoTaskMemFree
OleInitialize
OleDuplicateData
ReleaseStgMedium
CoRevokeClassObject
CoRegisterMessageFilter
CreateStreamOnHGlobal
CoTaskMemAlloc
OleSetClipboard

oleaut32

OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
VariantTimeToSystemTime
VarDateFromStr
VarUdateFromDate
SysFreeString
SysStringLen
SystemTimeToVariantTime

gdiplus

GdipCreateBitmapFromHBITMAP
GdipSaveImageToFile
GdipDisposeImage
GdipGetImageEncodersSize
GdipFree
GdiplusStartup
GdiplusShutdown
GdipGetImageEncoders
GdipCloneImage
GdipDeleteGraphics
GdipImageRotateFlip
GdipCreateFromHDC
GdipReleaseDC
GdipDrawImageRectI
GdipAlloc

ws2_32

closesocket
shutdown
WSACleanup
__WSAFDIsSet
select
connect
htons
recv
socket
gethostbyname
inet_addr
send
setsockopt
WSAStartup
ioctlsocket

wininet

InternetCanonicalizeUrlW
InternetCrackUrlW
InternetGetConnectedState
InternetSetOptionExW
InternetQueryDataAvailable
HttpOpenRequestW
InternetConnectW
HttpSendRequestW
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW
InternetGetLastResponseInfoW
InternetCloseHandle

ddraw

DirectDrawCreateEx

winmm

waveInAddBuffer
waveInPrepareHeader
waveInOpen
waveInClose
waveInStop
waveInReset
waveInStart

dsound

ord11

avifil32

AVIStreamRelease
AVIStreamSetFormat
AVIFileCreateStreamW
AVIMakeCompressedStream
AVIStreamWrite
AVISaveOptions
AVIFileOpenW
AVIFileExit
AVIFileInit
AVIFileRelease

msvfw32

ICInfo
ICOpen
ICGetInfo

Sections

.text
Size: 760KB - Virtual size: 756KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rodata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 490KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

035586edeb87c93b03da2c438cf25749

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

ws2_32

wininet

ddraw

winmm

dsound

avifil32

msvfw32

Sections

.text Size: 760KB - Virtual size: 756KB

.rodata Size: 12KB - Virtual size: 10KB

.rdata Size: 132KB - Virtual size: 131KB

.data Size: 16KB - Virtual size: 490KB

.rsrc Size: 1.8MB - Virtual size: 1.8MB

.text
Size: 760KB - Virtual size: 756KB

.rodata
Size: 12KB - Virtual size: 10KB

.rdata
Size: 132KB - Virtual size: 131KB

.data
Size: 16KB - Virtual size: 490KB

.rsrc
Size: 1.8MB - Virtual size: 1.8MB