NEAS[.]ca16f677027a255b41eae1a487c49880[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ca16f677027a255b41eae1a487c49880.exe
Size

784KB
MD5

ca16f677027a255b41eae1a487c49880
SHA1

271c2de24297f6fc1e48bc3e8c0c161333c9a4df
SHA256

46731df7dbedd87455170d395452ec3cda0f1dbb60b0ec03391ae7d24a096dc3
SHA512

c8aa7d1a8910c2b942a4423f4a79c81d97d0ca136d26e41f9cfde18dc25efa7f54873491780ad359f35e3dee82be5e25410866fa9264aef326211cba195dd041
SSDEEP

6144:7bp4YQsxKp4nq5Iodd+L1JQeewQeeiQeesQeelGQeefQee3i+POTKoorEaigVj/T:XKYQC8+q5IodV+CPaicohyvX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ca16f677027a255b41eae1a487c49880.exe

Files

NEAS.ca16f677027a255b41eae1a487c49880.exe
.exe windows:4 windows x86

50de2c1c4fe7bae26c9c1ed3f2fb7ce5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

d3d9

Direct3DCreate9

kernel32

GetPrivateProfileStringA
WritePrivateProfileStringA
GetSystemInfo
IsProcessorFeaturePresent
GetModuleHandleA
WriteFile
GetLastError
GetVersionExA
LockResource
LoadResource
SizeofResource
FindResourceA
FindResourceW
ReadFile
HeapAlloc
GetProcessHeap
HeapFree
SetEndOfFile
FlushFileBuffers
SetStdHandle
GetStringTypeW
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
WaitForSingleObject
GetCurrentProcessId
SetFilePointer
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetFileType
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
HeapSize
HeapReAlloc
GetOEMCP
GetACP
GetCPInfo
RaiseException
GetVersion
GetCommandLineA
GetStartupInfoA
GetCurrentProcess
TerminateProcess
GetModuleFileNameA
LoadLibraryA
GetProcAddress
WideCharToMultiByte
MultiByteToWideChar
QueryPerformanceFrequency
QueryPerformanceCounter
CreateFileA
CloseHandle
MulDiv
lstrcmpA
lstrcpynA
Sleep
lstrcpyA
lstrcatA
lstrlenA
SetUnhandledExceptionFilter
ExitProcess
RtlUnwind

user32

DrawTextA
GetAsyncKeyState
GetIconInfo
GetDC
ReleaseDC
wsprintfA
IsDlgButtonChecked
EnableWindow
CheckRadioButton
EndDialog
PostMessageA
GetDlgItem
LoadAcceleratorsA
PeekMessageA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
DestroyAcceleratorTable
SetWindowLongA
SetMenu
SetWindowPos
GetClassLongA
GetMenu
DestroyMenu
DestroyWindow
PostQuitMessage
ClipCursor
DefWindowProcA
SetCursor
GetCursorPos
ScreenToClient
MessageBoxA
SendMessageA
LoadIconA
LoadCursorA
RegisterClassA
SetRect
AdjustWindowRect
LoadMenuA
CreateWindowExA
GetWindowLongA
GetWindowRect
GetClientRect
DialogBoxParamA

gdi32

GetDIBits
CreateCompatibleDC
CreateDIBSection
SetMapMode
GetDeviceCaps
CreateFontA
SelectObject
SetTextColor
SetBkColor
SetTextAlign
GetTextExtentPoint32A
ExtTextOutA
DeleteObject
DeleteDC
GetStockObject
GetObjectA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteExA

winmm

timeGetTime

Sections

.text
Size: 352KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 100KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 264KB - Virtual size: 262KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

50de2c1c4fe7bae26c9c1ed3f2fb7ce5

Headers

File Characteristics

Imports

d3d9

kernel32

user32

gdi32

advapi32

shell32

winmm

Sections

.text Size: 352KB - Virtual size: 349KB

.rdata Size: 64KB - Virtual size: 60KB

.data Size: 100KB - Virtual size: 112KB

.rsrc Size: 264KB - Virtual size: 262KB

.text
Size: 352KB - Virtual size: 349KB

.rdata
Size: 64KB - Virtual size: 60KB

.data
Size: 100KB - Virtual size: 112KB

.rsrc
Size: 264KB - Virtual size: 262KB