NEAS[.]d3c534d4e4e11e79ecf4344060159610[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d3c534d4e4e11e79ecf4344060159610.exe
Size

1.6MB
MD5

d3c534d4e4e11e79ecf4344060159610
SHA1

7f0144484b196ac66bc592310ec7dd03c7079f03
SHA256

162cc52fc01eb7e30b97997467909828794aee7eab1a13d6e514ca0daf1c66e3
SHA512

6d904c93e8e32d99bf5a7fc231a4dab32a16350506483e4ec583e757bcde4e72335b5cda2fd3fec27a08ecab257a127d3d2d42d2842a82185b1e449ef3ce9961
SSDEEP

24576:kNAryAtKbvnIYgujHgN2HqvKin68t+K4VsqjnhMgeiCl7G0nehbGZpbD:MAWjg8HgN2HqvKo7t+5JDmg27RnWGj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d3c534d4e4e11e79ecf4344060159610.exe

Files

NEAS.d3c534d4e4e11e79ecf4344060159610.exe
.exe windows:5 windows x86

e99c84442244fd531bf52f115210a3aa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegLoadKeyW
RegUnLoadKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumKeyExW
RegEnumValueW
RegEnumValueA
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
GetTokenInformation
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatus
GetUserNameW
RegQueryValueExW
RegSetValueExW
GetFileSecurityW
SetFileSecurityW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
RegQueryInfoKeyW
CreateProcessAsUserW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
GetSidSubAuthority
GetSidSubAuthorityCount
ConvertSidToStringSidW
SystemFunction036
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceEvent

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

ntohl

psapi

GetModuleFileNameExW

winmm

timeBeginPeriod
timeEndPeriod
timeGetTime

shlwapi

UrlCanonicalizeW

kernel32

GetOEMCP
IsValidCodePage
WriteConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
ReadConsoleW
GetTickCount
SetDllDirectoryW
GetLastError
SetLastError
WaitForSingleObject
OpenProcess
Sleep
GetCurrentProcessId
GetCurrentThreadId
ExpandEnvironmentStringsW
CloseHandle
GetCurrentProcess
TerminateProcess
ResumeThread
CreateProcessW
SetPriorityClass
GetPriorityClass
WriteProcessMemory
GetModuleHandleW
GetProcAddress
FreeLibrary
LoadLibraryW
ReleaseMutex
CreateMutexW
GetCommandLineW
LocalFree
GetModuleFileNameW
CreateFileW
FindFirstVolumeW
FindNextVolumeW
FindVolumeClose
GetDriveTypeW
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
DecodePointer
RaiseException
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
DeviceIoControl
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WideCharToMultiByte
CreateFileA
GetVersionExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
CreateEventW
RtlCaptureContext
SetUnhandledExceptionFilter
SetErrorMode
GetSystemDirectoryW
LoadLibraryExW
FlushInstructionCache
GetExitCodeProcess
GetFileAttributesW
GetFileAttributesExW
GetShortPathNameW
MoveFileExW
CompareStringW
DuplicateHandle
GetEnvironmentStringsW
GetDateFormatW
ReadFile
SetFilePointer
SetFileTime
WriteFile
RemoveDirectoryW
GetSystemTimeAsFileTime
WTSGetActiveConsoleSessionId
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
OutputDebugStringA
DeleteFileW
FormatMessageA
SetThreadPriority
FileTimeToSystemTime
GetCurrentThread
QueryPerformanceFrequency
GetThreadPriority
SystemTimeToTzSpecificLocalTime
QueryPerformanceCounter
CreateThread
IsDebuggerPresent
GetUserDefaultLangID
CreateDirectoryW
GetLongPathNameW
GetTempPathW
SetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
ReplaceFileW
CopyFileW
GetTempFileNameW
MoveFileW
SetHandleInformation
GetStdHandle
AssignProcessToJobObject
GetModuleHandleExA
HeapSetInformation
GetModuleHandleA
GetNativeSystemInfo
GetUserDefaultUILanguage
GetLocaleInfoW
FindFirstFileW
FindFirstFileExW
FindNextFileW
FindClose
GetEnvironmentVariableW
EnterCriticalSection
LeaveCriticalSection
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
ReadProcessMemory
GetVersion
SetEnvironmentVariableW
RtlCaptureStackBackTrace
GetModuleHandleExW
GetProcessId
GetWindowsDirectoryW
VirtualQuery
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetEvent
ResetEvent
GetSystemInfo
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetCommandLineA
GetACP
PeekNamedPipe
GetFileType
SetStdHandle
GetFullPathNameW
GetConsoleMode
GetConsoleCP
ExitProcess
RtlUnwind
OutputDebugStringW
GetCPInfo
GetStringTypeW
LCMapStringW
EncodePointer
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
LoadLibraryExA
VirtualProtect
GetFileInformationByHandle

gdi32

GetTextFaceW
SelectObject
DeleteObject
CreateFontW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoTaskMemFree
CoCreateGuid
CoTaskMemAlloc
CoUninitialize
CoInitializeEx
CoCreateInstance
CoAllowSetForegroundWindow
PropVariantClear
StringFromGUID2

oleaut32

SysAllocString
SysStringLen
VariantClear
VariantInit
SysFreeString

user32

KillTimer
TranslateMessage
GetQueueStatus
CallMsgFilterW
MsgWaitForMultipleObjectsEx
PeekMessageW
SetTimer
DispatchMessageW
RegisterClassExW
WaitMessage
CharUpperW
PostQuitMessage
GetMonitorInfoW
MonitorFromWindow
SetForegroundWindow
ReleaseDC
GetDC
GetParent
PostMessageW
GetWindowThreadProcessId
FindWindowW
IsWindow
UnregisterClassW
DefWindowProcW
MoveWindow
DestroyWindow
CreateWindowExW
SendMessageTimeoutW
MessageBoxW
LoadIconW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowLongW
GetWindowLongW
SendMessageW
GetClassNameA

urlmon

CreateURLMonikerEx

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

wininet

InternetReadFile
InternetOpenW
InternetOpenUrlW
InternetCloseHandle

Exports

Exports

GetHandleVerifier

Sections

.text
Size: 761KB - Virtual size: 761KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

e99c84442244fd531bf52f115210a3aa

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

version

ws2_32

psapi

winmm

shlwapi

kernel32

gdi32

ole32

oleaut32

user32

urlmon

wtsapi32

userenv

wininet

Exports

Exports

Sections

.text Size: 761KB - Virtual size: 761KB

.rdata Size: 126KB - Virtual size: 126KB

.data Size: 5KB - Virtual size: 28KB

.gfids Size: 1024B - Virtual size: 820B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 188KB - Virtual size: 187KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 761KB - Virtual size: 761KB

.rdata
Size: 126KB - Virtual size: 126KB

.data
Size: 5KB - Virtual size: 28KB

.gfids
Size: 1024B - Virtual size: 820B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 188KB - Virtual size: 187KB

.reloc
Size: 592KB - Virtual size: 596KB