NEAS[.]d4c9f6f938bacf0bdf7e3ea60b9922f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d4c9f6f938bacf0bdf7e3ea60b9922f0.exe
Size

196KB
MD5

d4c9f6f938bacf0bdf7e3ea60b9922f0
SHA1

380163fd43b1c0bd81488b351e29947920a6bc87
SHA256

0a566fbf9334e048d684ff474a2690390eefb7bb182d5c19996652aa74c039a7
SHA512

f987b1c4ec575ca8236432a94583a7f76522877d10db55144eca7a2fa72c654b5370af7b0d303ef582c94328024be06119c30cc0d6cd33572f28effc2adffa9f
SSDEEP

3072:LgkjGtmnE/SGxmlhC82PODnu5Kxf9hmdzo1nphZuG9RfsSuvW1y8U:ckjOmEKGqAOaKxf9b/hUsfHue1y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d4c9f6f938bacf0bdf7e3ea60b9922f0.exe

Files

NEAS.d4c9f6f938bacf0bdf7e3ea60b9922f0.exe
.dll windows:4 windows x86

3da5bf3774f889352d603610d432e63d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

wininet

InternetConnectA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle

ws2_32

WSAStartup

rpcrt4

RpcStringFreeA
UuidToStringA

psapi

GetMappedFileNameW

ntdll

RtlImageNtHeader
LdrAddRefDll
wcscat
strchr
memcmp
sscanf
ZwOpenFile
ZwDeviceIoControlFile
ZwLoadDriver
ZwClose
RtlEqualUnicodeString
ZwOpenThread
ZwQuerySystemInformation
ZwImpersonateThread
strcmp
RtlTimeToSecondsSince1970
NtQuerySystemTime
_snprintf
tolower
strlen
strcpy
vsprintf
memcpy
RtlUnwind
memset
ZwOpenEvent
ZwCreateEvent
_snwprintf
RtlInitUnicodeString
ZwRaiseHardError
RtlAdjustPrivilege
NtQueryVirtualMemory

shlwapi

SHSetValueA
PathRemoveFileSpecA
PathRemoveExtensionW
StrStrIW
SHGetValueA
SHDeleteKeyA
PathFindFileNameW

imagehlp

CheckSumMappedFile

kernel32

MultiByteToWideChar
GetLastError
CreateFileW
WriteFile
SetFilePointer
GetFileSize
OpenMutexA
GetTempPathA
GetCurrentProcessId
VirtualAlloc
GetTempPathW
GetVersionExW
Sleep
GetSystemTimeAsFileTime
CreateThread
MoveFileExW
CopyFileW
GetModuleFileNameW
DeleteFileW
CreateFileA
VirtualFree
GetModuleHandleW
lstrcmpiW
DeviceIoControl
CreateFileMappingA
WaitForSingleObject
UnmapViewOfFile
MapViewOfFile
GetCommandLineW
ExitProcess
IsBadReadPtr
GetWindowsDirectoryW
GetSystemTime
SystemTimeToFileTime
SetEvent
DeleteFileA
GetCurrentProcess
CloseHandle
GetModuleHandleA
GetProcAddress

winspool.drv

AddPrintProvidorW

advapi32

OpenServiceA
OpenSCManagerW
GetTokenInformation
CloseServiceHandle
StartServiceA
QueryServiceStatusEx
OpenProcessToken

shell32

ShellExecuteW

ole32

CoCreateGuid
CoInitialize

Sections

.text
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1004B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.j00
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.i00
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.q00
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.w00
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.z00
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.m00
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.r00
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3da5bf3774f889352d603610d432e63d

Headers

File Characteristics

Imports

iphlpapi

wininet

ws2_32

rpcrt4

psapi

ntdll

shlwapi

imagehlp

kernel32

winspool.drv

advapi32

shell32

ole32

Sections

.text Size: 12KB - Virtual size: 11KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 4KB - Virtual size: 1004B

.j00 Size: 36KB - Virtual size: 33KB

.i00 Size: 28KB - Virtual size: 24KB

.q00 Size: 4KB - Virtual size: 1KB

.w00 Size: 4KB - Virtual size: 3KB

.z00 Size: 4KB - Virtual size: 3KB

.m00 Size: 52KB - Virtual size: 52KB

.r00 Size: 28KB - Virtual size: 26KB

.reloc Size: 4KB - Virtual size: 1KB

.text
Size: 12KB - Virtual size: 11KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 4KB - Virtual size: 1004B

.j00
Size: 36KB - Virtual size: 33KB

.i00
Size: 28KB - Virtual size: 24KB

.q00
Size: 4KB - Virtual size: 1KB

.w00
Size: 4KB - Virtual size: 3KB

.z00
Size: 4KB - Virtual size: 3KB

.m00
Size: 52KB - Virtual size: 52KB

.r00
Size: 28KB - Virtual size: 26KB

.reloc
Size: 4KB - Virtual size: 1KB