NEAS[.]4d2b8713150950ac7d0e299721101560[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.4d2b8713150950ac7d0e299721101560.exe
Size

1.1MB
MD5

4d2b8713150950ac7d0e299721101560
SHA1

e35da256fa3d8460b74c0063be4fc78879bddbce
SHA256

dee588faaa4f82ee52560d2718bbcfdee779e4e5361565471fffebead7bbf026
SHA512

06bb9fd92ba4158d951315421df7bcde459e386dcc7affa1b206ccec252b38c2f7c43ad423c0f4cb0f1f30bd76a0acb00add05cc743f2a4d41644bb786bdcbeb
SSDEEP

24576:ZVXsFW5X8JCVMW+X3bnD8LHgZSJ873huT2rr6LzLBZ:ZVXplyW2rnD8LHHJ8zhuersLz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4d2b8713150950ac7d0e299721101560.exe

Files

NEAS.4d2b8713150950ac7d0e299721101560.exe
.exe windows:6 windows x86

213855c1afe1a9636c3c70cb223546d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
VerQueryValueA
VerQueryValueW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WinVerifyTrust

advapi32

RegCreateKeyExW
RegQueryInfoKeyW
RegEnumValueW
EventUnregister
GetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegSetValueExW
SetNamedSecurityInfoW
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetUserNameA
RegEnumKeyExA
RegEnumValueA
RegQueryInfoKeyA
DeregisterEventSource
RegisterEventSourceW
ReportEventA
ReportEventW
OpenProcessToken
AddAccessAllowedAce
AddAccessDeniedAce
AllocateAndInitializeSid
CheckTokenMembership
CopySid
CreateWellKnownSid
EqualSid
FreeSid
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
RegOpenKeyExW
EventWrite
RegEnumKeyW
RegGetValueW
EventRegister

comctl32

ord17
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create

cabinet

ord22
ord23
ord10
ord21
ord11
ord13
ord12
ord14
ord20

gdi32

CreateFontIndirectW
GetTextFaceA
CreateFontIndirectA
CreateFontA
DeleteDC
DeleteObject
GetDeviceCaps
GetTextExtentPoint32W
RestoreDC
SaveDC
SelectObject
SetBkMode
SetMapMode
SetTextColor
SetTextAlign
GetTextMetricsA
GetObjectA
GetObjectW
ExtTextOutW

kernel32

GetShortPathNameA
GetLastError
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetCommandLineW
DeleteFileW
CloseHandle
SetUnhandledExceptionFilter
SetErrorMode
ReleaseMutex
WaitForSingleObject
Sleep
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
CreateThread
GetModuleHandleA
GetProcAddress
SetProcessWorkingSetSize
WaitForMultipleObjects
MapViewOfFile
GetProcessHeap
InitializeCriticalSection
DeleteCriticalSection
GetVersionExA
GetVersionExW
FreeLibrary
GetModuleFileNameW
MultiByteToWideChar
FindClose
FindFirstFileW
FindNextFileW
WriteFile
SetLastError
GetSystemTimeAsFileTime
GetTickCount
GetSystemWindowsDirectoryW
LocalFree
MoveFileW
GetDateFormatW
GetTimeFormatW
GetFileSize
ReadFile
SetFilePointer
RaiseException
ExitThread
SuspendThread
SetPriorityClass
GetTickCount64
UnmapViewOfFile
CreateFileMappingA
GetComputerNameA
GetModuleFileNameA
GetModuleHandleW
LoadLibraryExA
MulDiv
GetACP
GetSystemDefaultUILanguage
GetSystemDefaultLangID
GetSystemDefaultLCID
SetEnvironmentVariableA
ExpandEnvironmentStringsW
CreateDirectoryW
GetFileAttributesW
SetEndOfFile
GetTempPathW
SetEvent
CreateRemoteThread
SetThreadPriority
CreateProcessW
OpenProcess
GetSystemInfo
IsWow64Process
VirtualQueryEx
ReadProcessMemory
WideCharToMultiByte
IsDBCSLeadByte
GetStringTypeExW
IsValidCodePage
CreateFileA
CreateFileW
GetFileType
CreateMutexA
CreateEventA
OpenEventA
OpenMutexA
CreateSemaphoreA
OpenSemaphoreA
HeapAlloc
HeapFree
GlobalFree
LocalAlloc
GetCurrentThread
GlobalAlloc
GetLocaleInfoEx
InitializeCriticalSectionEx
GetCurrentThreadId
LocaleNameToLCID
GetUserDefaultLocaleName
IsValidLocale
CompareStringW
GetUserDefaultLCID
CompareStringEx
LCIDToLocaleName
GetSystemDefaultLocaleName
EnumSystemLocalesEx
GetDateFormatEx
GetCalendarInfoEx
GetThreadUILanguage
LoadResource
SetFileAttributesW
RaiseFailFastException
OutputDebugStringA
GetVersion
LoadLibraryW
WaitForSingleObjectEx
GetDiskFreeSpaceExW
GetFileAttributesExW
GlobalMemoryStatusEx
GetSystemDirectoryW
GetNativeSystemInfo
GetProductInfo
GetTimeZoneInformation
GetUserGeoID
GetUserDefaultUILanguage
GetCommandLineA
HeapSetInformation
GetStartupInfoW
UnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
DecodePointer
RtlUnwind
HeapReAlloc
HeapSize
ExitProcess
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetCPInfo
GetOEMCP
IsProcessorFeaturePresent
LCMapStringW
GetStringTypeW
InterlockedExchange
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLongPathNameW
GetShortPathNameW
lstrcmpiW
FindResourceW
SizeofResource
LoadLibraryExW
LoadLibraryA
RtlCaptureStackBackTrace
GetUserDefaultLangID
GetSystemDirectoryA

ole32

CoCreateGuid
CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromIID
CoTaskMemFree

oleacc

CreateStdAccessibleObject
LresultFromObject

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToDosDateTime
SysAllocString
SysFreeString

Sections

.text
Size: 473KB - Virtual size: 473KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 300KB - Virtual size: 304KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 332KB - Virtual size: 332KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

213855c1afe1a9636c3c70cb223546d6

Headers

DLL Characteristics

File Characteristics

Imports

version

wintrust

advapi32

comctl32

cabinet

gdi32

kernel32

ole32

oleacc

oleaut32

Sections

.text Size: 473KB - Virtual size: 473KB

.data Size: 300KB - Virtual size: 304KB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 332KB - Virtual size: 332KB

.text
Size: 473KB - Virtual size: 473KB

.data
Size: 300KB - Virtual size: 304KB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 332KB - Virtual size: 332KB