NEAS[.]d8abbeedefdd0116784d3c3c4b44cde0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d8abbeedefdd0116784d3c3c4b44cde0.exe
Size

4.0MB
MD5

d8abbeedefdd0116784d3c3c4b44cde0
SHA1

0cfed6fe513d429b712cfae00db659a942adf755
SHA256

5ad4338a97e2aad44eed5bd8cedd6b645a98284d1029dd9c0587a486edfbde1c
SHA512

dfb05551a74f370923c7b5acefe515232d8389a5d9d43c64a48b13354fc6a6d5b39843a8083098551b439a8944fa340c9b4a8a88805eab5cb7788dc87d3df0ec
SSDEEP

98304:bqlq+aaT8+O7ogqWlvEr+NbncScsfHs/nwipe:erXEXqC7NbYsfHwnw7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d8abbeedefdd0116784d3c3c4b44cde0.exe

Files

NEAS.d8abbeedefdd0116784d3c3c4b44cde0.exe
.exe windows:5 windows x86

1c50de187f5d61504730cab3d5282eed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenW
GetLastError
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
FlushInstructionCache
GetCurrentProcess
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
InterlockedExchange
InitializeCriticalSectionAndSpinCount
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringA
LCMapStringW
GetCurrentProcessId
GetTickCount
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetModuleFileNameA
GetStdHandle
ExitProcess
TlsFree
GetCurrentThreadId
TlsAlloc
TlsGetValue
HeapCreate
GetSystemTimeAsFileTime
LoadLibraryW
TerminateProcess
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
lstrcatW
CreateMutexW
OpenMutexW
ReleaseMutex
CreateThread
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateProcessW
RtlUnwind
GetFileInformationByHandle
CreateSemaphoreW
GetFileSizeEx
ReleaseSemaphore
SetFilePointerEx
SetEndOfFile
GetSystemTime
DeviceIoControl
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
DeleteFileW
GetFileAttributesW
lstrcpyW
GetModuleHandleA
QueryPerformanceCounter
GetVersionExW
CreateFileW
WriteFile
SetFilePointer
SwitchToThread
SetFileAttributesW
CreateDirectoryW
CreateFileA
GetFileSize
GetPrivateProfileIntW
GetPrivateProfileStringW
ReadFile
GetVersion
GetModuleHandleW
TlsSetValue
VirtualFree
HeapSize
HeapReAlloc
WaitForSingleObject
CloseHandle
WritePrivateProfileStringW
Sleep
FreeResource
lstrlenA
WideCharToMultiByte
FindResourceExW
LockResource
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
SetLastError
GetModuleFileNameW
MulDiv
lstrcmpW
HeapDestroy
VirtualAlloc
GetProcAddress
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
InterlockedCompareExchange
HeapFree
GetProcessHeap

user32

ScreenToClient
ClientToScreen
RegisterClassExW
GetDC
RegisterWindowMessageW
SetForegroundWindow
BringWindowToTop
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
SetWindowLongW
GetWindowLongW
DefWindowProcW
CharNextW
DestroyWindow
GetSysColor
MoveWindow
SetWindowPos
PostMessageW
SetRect
PtInRect
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
AdjustWindowRectEx
GetMenu
OffsetRect
SetWindowRgn
GetWindowRect
KillTimer
SetTimer
FindWindowW
ShowWindow
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
CreateAcceleratorTableW
CreateWindowExW
GetClientRect
LoadCursorW
GetClassInfoExW
IsWindow
SendMessageW
SetFocus
GetFocus
GetWindow
DestroyAcceleratorTable
GetDesktopWindow
BeginPaint
EndPaint
CallWindowProcW
UnregisterClassA
IsRectEmpty
SetActiveWindow
EnableWindow
IsWindowEnabled
GetActiveWindow
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
PeekMessageW
UpdateLayeredWindow
IsIconic
GetCursorPos
GetCapture
CreateCaret
GetCaretBlinkTime
HideCaret
ShowCaret
SetCaretPos
GetWindowDC
CopyRect
UnionRect
SetCursor
EqualRect
InflateRect
IntersectRect
GetMessagePos
DestroyCursor
GetKeyState
UpdateWindow
LoadImageW
DrawIconEx
DestroyIcon
DrawTextA
IsWindowVisible
LoadBitmapW
LoadImageA
LoadIconW
DrawTextW
GetDlgCtrlID
SetPropW
AnimateWindow
SystemParametersInfoW
SetRectEmpty
wsprintfW
wsprintfA
FillRect
ReleaseCapture
GetClassNameW
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC

gdi32

GetObjectA
MoveToEx
LineTo
GetTextColor
GetTextMetricsW
GetClipBox
RectInRegion
GetClipRgn
CreateFontIndirectW
TextOutW
CreateDIBSection
CreateBitmap
OffsetViewportOrgEx
SetBkMode
SelectClipRgn
GetCurrentObject
Rectangle
StretchBlt
RoundRect
GetViewportOrgEx
CreatePen
ExtTextOutW
SetBkColor
CreateRectRgnIndirect
GetRgnBox
ExcludeClipRect
SaveDC
RestoreDC
SetTextColor
ExtSelectClipRgn
GetTextExtentPointW
GetTextExtentPoint32W
OffsetRgn
CombineRgn
SetRectRgn
CreateRectRgn
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
DeleteDC
SelectObject
DeleteObject

advapi32

RegOpenKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyW
RegQueryValueExW
RegDeleteKeyW

shell32

ShellExecuteW
SHGetPathFromIDListW
SHGetFileInfoA
ShellExecuteExW
SHFileOperationW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHCreateDirectoryExW

ole32

CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc
CLSIDFromString
CreateStreamOnHGlobal
OleInitialize
OleUninitialize
CoCreateGuid
RevokeDragDrop
RegisterDragDrop
CoInitialize
CoUninitialize

oleaut32

SysAllocString
DispCallFunc
SysFreeString
SysStringLen
SysAllocStringLen
VarUI4FromStr
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantCopy

shlwapi

StrToIntExA
PathAppendW
PathFileExistsW
StrToIntA
StrToIntW
PathFileExistsA

comctl32

_TrackMouseEvent
InitCommonControlsEx

riched20

ord4

imm32

ImmGetContext
ImmReleaseContext

gdiplus

GdipDrawImageRectRectI
GdipSetImageAttributesColorMatrix
GdipCreateImageAttributes
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDisposeImageAttributes
GdipCreateBitmapFromHICON
GdipAlloc
GdipFree
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipCreateBitmapFromScan0
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdiplusStartup
GdiplusShutdown
GdipDisposeImage

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wininet

InternetOpenUrlW
InternetCloseHandle
InternetConnectW
HttpOpenRequestW
HttpSendRequestExW
InternetWriteFile
HttpEndRequestW
InternetOpenW

Sections

.text
Size: 612KB - Virtual size: 611KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3.3MB - Virtual size: 3.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1c50de187f5d61504730cab3d5282eed

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

riched20

imm32

gdiplus

psapi

version

wininet

Sections

.text Size: 612KB - Virtual size: 611KB

.rdata Size: 94KB - Virtual size: 93KB

.data Size: 17KB - Virtual size: 98KB

.rsrc Size: 3.3MB - Virtual size: 3.3MB

.text
Size: 612KB - Virtual size: 611KB

.rdata
Size: 94KB - Virtual size: 93KB

.data
Size: 17KB - Virtual size: 98KB

.rsrc
Size: 3.3MB - Virtual size: 3.3MB