NEAS[.]9c2b19f63b8b7a4caae186a6ea66d970[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9c2b19f63b8b7a4caae186a6ea66d970.exe
Size

116KB
MD5

9c2b19f63b8b7a4caae186a6ea66d970
SHA1

c610330693c0e1b28bfea8a998b307e70b8920ac
SHA256

78ebb3e7f66af9bca600a974c222d4db5694f70b3d91c18301bc8025ffc32ae6
SHA512

5a2bf23bc7eee6ed12ab7af0c5ffd9dc54c25816f29986e29ff966f7790879a171496ead8f3a6c44d0a3f74f8b9db3d37ea643cd1867a2aa046ba7ccbdcb32e4
SSDEEP

1536:h8gH82WzPwb473f2SxYWzRjG4qW6VAAXCqJ23jBHJGKto3iZ8WirllbzzfOhZ:jH8VPZ7vxRc4yAGCqU3jPG/iZ81lhzs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9c2b19f63b8b7a4caae186a6ea66d970.exe

Files

NEAS.9c2b19f63b8b7a4caae186a6ea66d970.exe
.dll windows:4 windows x86

f4ef310d84dacd3cbf86d56b8437c58d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameA
PathFindExtensionA

kernel32

GetModuleHandleA
SetErrorMode
RaiseException
InterlockedIncrement
lstrcmpW
FreeLibrary
LoadLibraryA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GlobalFlags
GetCPInfo
GetOEMCP
WriteFile
SetFilePointer
FlushFileBuffers
GetProcAddress
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
RtlUnwind
ExitProcess
GetCommandLineA
HeapSize
HeapReAlloc
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetModuleFileNameA
GetCurrentThreadId
InterlockedDecrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
TlsGetValue
EnterCriticalSection
GlobalHandle
GlobalReAlloc
LeaveCriticalSection
LocalAlloc
SetLastError
GlobalFree
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentProcess
lstrcatA
lstrcpyA
lstrcmpA
CreateToolhelp32Snapshot
Process32First
CloseHandle
OpenProcess
GetPriorityClass
Process32Next
TerminateProcess
lstrlenA
lstrcmpiA
GetVersion
GetLastError
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange

user32

DestroyMenu
PostQuitMessage
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
SetWindowTextA
RegisterWindowMessageA
WinHelpA
GetCapture
CreateWindowExA
GetClassLongA
GetClassInfoExA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
LoadIconA
MapWindowPoints
SetForegroundWindow
GetClientRect
GetMenu
PostMessageA
AdjustWindowRectEx
GetClassInfoA
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
GetSubMenu
GetMenuItemCount
SetMenuItemBitmaps
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
MessageBoxA
GetMenuItemID
GetMenuState
UnhookWindowsHookEx
ValidateRect
PeekMessageA
GetKeyState
SendMessageA
DispatchMessageA
CallNextHookEx
SetWindowsHookExA
GetParent
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
IsIconic

comctl32

ord17

oleacc

CreateStdAccessibleObject
LresultFromObject

gdi32

CreateBitmap
GetClipBox
SetTextColor
SetBkColor
GetStockObject
DeleteDC
GetDeviceCaps
DeleteObject
SaveDC
RestoreDC
SetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

KillAcroRd32

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f4ef310d84dacd3cbf86d56b8437c58d

Headers

File Characteristics

Imports

shlwapi

kernel32

user32

comctl32

oleacc

gdi32

winspool.drv

oleaut32

Exports

Exports

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 8KB - Virtual size: 19KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 8KB - Virtual size: 19KB

.reloc
Size: 16KB - Virtual size: 15KB