NEAS[.]47699985238ac9c5cea0ea91e5161710[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.47699985238ac9c5cea0ea91e5161710.exe
Size

1.5MB
MD5

47699985238ac9c5cea0ea91e5161710
SHA1

c2b1e99b0d77275c64456249b69c32f8ecc235cd
SHA256

68b6ff6d51a5bb8ab9bc43206b7cdf4cf7df5f508aa9aa52e340c8d344bb4a5c
SHA512

27243178e14993fadb08e870b3bddc9a38bbe1aee49eae4227c09b9b337c9eee75dcc10684ba6957ff41e43c6574b02ec746d39bb4c0b3633f8d1757ce0ac97f
SSDEEP

24576:lCHHupaTryG8TjbhFMIuKI133Cgdh0y5H2M+tqzZFP:lwHuwT58bhF6n3bdh5+u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.47699985238ac9c5cea0ea91e5161710.exe

Files

NEAS.47699985238ac9c5cea0ea91e5161710.exe
.exe windows:5 windows x86

99bd51181e3605c3e7397f5452db7c23

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileW
GetCommandLineW
SetDllDirectoryW
ReleaseMutex
QueueUserAPC
SetWaitableTimer
ExitThread
CreateWaitableTimerW
CreateThread
ReadFile
GetFileSize
Sleep
GetTickCount
CreateProcessW
FindResourceW
WriteFile
FreeResource
LockResource
SizeofResource
LoadResource
SetFilePointer
OpenProcess
TerminateProcess
GetThreadLocale
GetSystemTime
FindResourceA
OutputDebugStringW
LoadLibraryA
GetSystemDirectoryA
InterlockedIncrement
InterlockedDecrement
GlobalAddAtomW
SetFileAttributesW
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
HeapSize
GetProcessHeap
SetEndOfFile
GetModuleFileNameA
SetStdHandle
GetStdHandle
SetHandleCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapReAlloc
VirtualAlloc
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
SetThreadLocale
GetModuleHandleW
GetProcAddress
GetCurrentProcess
LocalAlloc
LocalFree
GetLastError
GetTempFileNameW
WaitForSingleObject
GetExitCodeProcess
GetUserDefaultUILanguage
GetVersionExA
MoveFileExW
CreateFileW
GetModuleFileNameW
GetEnvironmentVariableW
ExitProcess
FreeLibrary
GetSystemDirectoryW
LoadLibraryW
GetFileAttributesW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
RemoveDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
CloseHandle
CreateMutexW
LeaveCriticalSection
DeleteCriticalSection
VirtualFree
HeapCreate
GetCurrentThreadId
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetCommandLineA
InterlockedExchange
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RaiseException
RtlUnwind
HeapFree
GetConsoleCP
GetConsoleMode
HeapAlloc
GetFileType
CreateFileA
DuplicateHandle

user32

LoadStringW
GetForegroundWindow
EndPaint
MessageBoxW
DrawTextW
ClientToScreen
SetRect
CreateWindowExW
SetPropW
GetParent
CallWindowProcW
MapWindowPoints
GetPropW
RegisterClassExW
SetForegroundWindow
SetTimer
GetMessageW
SetWindowPos
DispatchMessageW
DefWindowProcW
BeginPaint
TranslateMessage
SetWindowLongW
GetKeyState
LoadCursorW
SetCursor
InvalidateRect
ReleaseCapture
SetCapture
GetClientRect
GetWindowRect
MoveWindow
GetDC
ReleaseDC
PostQuitMessage
PostMessageW
FillRect
ShowWindow
SetWindowTextW
DestroyWindow
GetWindow
GetWindowLongW

gdi32

GetTextExtentExPointW
SetTextColor
SetBkMode
CreateFontA
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
StretchBlt
CreateSolidBrush
DeleteObject
CreateDIBSection
BitBlt

advapi32

RegDeleteValueW
RegSetValueExW
RegQueryValueExW
ControlService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
CryptHashData
CryptGetHashParam
CryptReleaseContext
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExA
RegOpenKeyExW
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

shell32

CommandLineToArgvW
SHGetFolderPathW
ShellExecuteExW
ord680
ShellExecuteW

ole32

StringFromGUID2
CoCreateGuid
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

VariantClear
VariantInit
SysFreeString
SysAllocString

Sections

.text
Size: 203KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 954KB - Virtual size: 954KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 267KB - Virtual size: 268KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

99bd51181e3605c3e7397f5452db7c23

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 203KB - Virtual size: 203KB

.rdata Size: 53KB - Virtual size: 53KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 954KB - Virtual size: 954KB

.reloc Size: 267KB - Virtual size: 268KB

.text
Size: 203KB - Virtual size: 203KB

.rdata
Size: 53KB - Virtual size: 53KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 954KB - Virtual size: 954KB

.reloc
Size: 267KB - Virtual size: 268KB