NEAS[.]e4155330c1bbad81dbebd7097820f070[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e4155330c1bbad81dbebd7097820f070.exe
Size

701KB
MD5

e4155330c1bbad81dbebd7097820f070
SHA1

cee36b9ae76788cd2b750f897f4a4a591773f709
SHA256

90a7500632afe4b673e4609584ef0119ba8eb0391ee0c980b5e75ea7b33b2428
SHA512

b909695e2336b041cf581a5919c78d0e58d12ce863198fc99af339d25f8392cf53c6b561f72e329dfd88c15ba320f0507c34fa7f7fe872f4cb8c47157aa1f006
SSDEEP

12288:mMX1xnSiDQinIu6enWR1AcF3jIawMGM0Q8mYN3Tu:BxnCqnWR1HZjIfMR0Q2dq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e4155330c1bbad81dbebd7097820f070.exe

Files

NEAS.e4155330c1bbad81dbebd7097820f070.exe
.exe windows:4 windows x86

5030ecd5476133652affa8542a98a39e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

sdirectx

SDirect3DSetDisplayOrder
SDirect3DCreate
SDirect3DSurfaceCreate
SDirect3DSurfaceSetPresentationRect
SDirect3DSurfacePeekBufferPtr
SDirect3DSurfaceGetBufferPtr
SDirect3DLock
SDirect3DUnlockAndTrigger
SDirect3DUnlock

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegFlushKey

gdi32

CreateBitmap
DeleteObject
GetDeviceCaps
GetStockObject
DeleteDC
CreateICA
CreatePalette
RealizePalette
SelectPalette
AnimatePalette

kernel32

CopyFileA
CreateDirectoryA
CreateFileA
DeleteFileA
EnterCriticalSection
ExitProcess
ExpandEnvironmentStringsA
FindFirstFileA
GetFileAttributesA
GlobalMemoryStatusEx
HeapAlloc
HeapCreate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MoveFileA
QueryPerformanceCounter
QueryPerformanceFrequency
SetCurrentDirectoryA
Sleep
GlobalAlloc
IsBadReadPtr
SetUnhandledExceptionFilter
HeapSize
HeapReAlloc
GetStringTypeW
GetStringTypeA
GlobalUnlock
IsBadCodePtr
IsBadWritePtr
GetVersion
GetLastError
CreateMutexA
GetModuleFileNameA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
lstrcmpiA
lstrlenA
GlobalLock
SetFilePointer
FindClose
FindNextFileA
GetDriveTypeA
GetDiskFreeSpaceA
GetVolumeInformationA
WinExec
FreeLibrary
GetProcAddress
ResumeThread
SetThreadPriority
CreateThread
SuspendThread
DeleteCriticalSection
SetEnvironmentVariableA
SetStdHandle
LCMapStringA
LCMapStringW
SetEndOfFile
ReadFile
CompareStringA
CompareStringW
SetErrorMode
OutputDebugStringA
GetCommandLineA
GetModuleHandleA
RtlUnwind
HeapFree
TerminateProcess
GetCurrentProcess
GetFullPathNameA
GetCurrentDirectoryA
GetTimeZoneInformation
GetStartupInfoA
GetSystemTime
GetLocalTime
UnhandledExceptionFilter
FreeEnvironmentStringsA
MultiByteToWideChar
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
WriteFile
CloseHandle
FlushFileBuffers

user32

CreateIconIndirect
CreateWindowExA
DestroyIcon
GetCursorPos
GetSystemMetrics
MessageBoxA
RegisterClassA
SetCursor
ShowCursor
SetCursorPos
CreateCursor
ClientToScreen
ScreenToClient
LoadIconA
GetKeyState
TranslateMessage
DispatchMessageA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
FindWindowA
LoadCursorA
IsIconic
BringWindowToTop
SetWindowPlacement
GetWindowPlacement
MoveWindow
GetClientRect
AdjustWindowRect
SetWindowPos
DestroyWindow
ShowWindow
GetWindowRect
UpdateWindow
SetForegroundWindow
GetDC
GetKeyboardState
ToAscii
CharToOemBuffA
GetActiveWindow
WinHelpA
GetDlgItem
EndDialog
SetFocus
SendMessageA
OemToCharBuffA
ReleaseCapture
BeginPaint
EndPaint
SetCapture
DefWindowProcA
GetMessageA
GetFocus
PeekMessageA
DialogBoxParamA
DestroyCursor

winmm

timeGetTime
mciSendStringA
timeKillEvent
timeEndPeriod
timeBeginPeriod
timeSetEvent
waveOutGetPosition
waveOutWrite
waveOutUnprepareHeader
waveOutPrepareHeader
waveOutPause
waveOutReset
waveOutGetNumDevs
midiOutGetErrorTextA
midiStreamProperty
midiOutUnprepareHeader
midiOutPrepareHeader
midiStreamStop
midiStreamRestart
midiStreamPause
midiStreamOut
midiStreamClose
midiStreamOpen
midiOutSetVolume
midiOutShortMsg
mciGetErrorStringA
waveOutOpen
waveOutGetErrorTextA
waveOutClose

shell32

ShellExecuteA

s2sysr

?S2DLLInit@@YAXPAX0@Z
?Quit@S2Game@@QAEXXZ
??0S2Game@@QAE@XZ
?UnLoadRoom@S2RoomMgr@@QAEHXZ
?Init@S2Game@@QAEXXZ
?DisableBtns@S2Interface@@QAEXXZ
?LoadRoom@S2RoomMgr@@QAEHK@Z
?InitRoom@S2RoomMgr@@QAEXK@Z
??0S2MessageBox@@QAE@QADGVGLPoint@@H@Z
?CreateS2Dialog@S2Dialog@@QAE?AW4DLG_RETURN@@XZ
?Save@S2Game@@QAEHPAD@Z
?StopRobot@MovieMgr@@QAEXH@Z
?UnloadGlobalRoom@S2RoomMgr@@QAEXXZ
?DisposeRoom@S2RoomMgr@@QAEXK@Z

gamesysr

?Pause@GLSndManager@@QAEHHH@Z
?Resume@GLSndManager@@QAEHHH@Z
?DLLInit@@YAXPAX@Z
?GLDLLInit@@YAXPAX@Z
?Play@GLGame@@QAEXXZ

Exports

Exports

?testDlgProc@@YGHPAUHWND__@@FFJ@Z

Sections

.text
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 266KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 97B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5030ecd5476133652affa8542a98a39e

Headers

File Characteristics

Imports

sdirectx

advapi32

gdi32

kernel32

user32

winmm

shell32

s2sysr

gamesysr

Exports

Exports

Sections

.text Size: 479KB - Virtual size: 479KB

.data Size: 50KB - Virtual size: 49KB

.rdata Size: 22KB - Virtual size: 22KB

.bss Size: - Virtual size: 266KB

.edata Size: 512B - Virtual size: 97B

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 108KB - Virtual size: 107KB

.reloc Size: 31KB - Virtual size: 31KB

.text
Size: 479KB - Virtual size: 479KB

.data
Size: 50KB - Virtual size: 49KB

.rdata
Size: 22KB - Virtual size: 22KB

.bss
Size: - Virtual size: 266KB

.edata
Size: 512B - Virtual size: 97B

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 108KB - Virtual size: 107KB

.reloc
Size: 31KB - Virtual size: 31KB