NEAS[.]927535fc0202a40ce6a5343630af84c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.927535fc0202a40ce6a5343630af84c0.exe
Size

197KB
MD5

927535fc0202a40ce6a5343630af84c0
SHA1

8c1fc8e0b0a29e2857d9121e399eec604b357f50
SHA256

2503e1124f4ef86f7e06bdaf254dcaab9fd3d8f3e1bc3d2fc7692e72f667d07f
SHA512

020e317884709982e7358ba7b74f3af7d655f1bf47b9de63de17d1cd5347b8334b10987b09702052ab6de032581e3e055d660d8d198fe98456d226dd3230a04e
SSDEEP

6144:J5pHIQ+WbgiBGxFM1LXerRRbsJUtfYnUROvy3:JXIQ+QgiBGxiLXerYn14

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.927535fc0202a40ce6a5343630af84c0.exe

Files

NEAS.927535fc0202a40ce6a5343630af84c0.exe
.exe windows:5 windows x86

103abbef609de26d7ef4a861745059bf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msi

ord173

kernel32

GetEnvironmentVariableW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
GetCurrentProcess
Sleep
lstrcmpiW
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
SetThreadLocale
GetSystemDefaultLCID
lstrlenW
CreateThread
DecodePointer
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringW
GetLocalTime
FlushFileBuffers
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetExitCodeThread
WaitForSingleObject
OpenProcess
GetExitCodeProcess
CreateProcessW
GetCommandLineW
CreateEventW
SetEvent
GlobalMemoryStatus
SetEnvironmentVariableW
SetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
GetUserDefaultLangID
GetVersionExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetFileType
GetACP
GetCommandLineA
GetModuleFileNameA
GetStdHandle
GetModuleHandleExW
ExitProcess
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
SetEnvironmentVariableA
ResetEvent
LoadLibraryExA
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
IsDebuggerPresent
WriteFile
FindFirstFileExA
FindNextFileA
RemoveDirectoryW
FindNextFileW
DeleteFileW
SetLastError
GetFullPathNameW
ExpandEnvironmentStringsW
ReadFile
GetFileSize
GetLastError
GetCPInfo
CreateDirectoryW
FindFirstFileW
FindClose
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
RaiseException
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CompareStringW

user32

GetFocus
GetSysColor
IsWindowEnabled
DrawFocusRect
SetCursor
SetFocus
SetCapture
GetCapture
FillRect
EndPaint
BeginPaint
DestroyWindow
ReleaseCapture
GetDlgCtrlID
GetCursorPos
ScreenToClient
PtInRect
UpdateWindow
InvalidateRect
SetRectEmpty
GetClassNameW
LoadCursorW
SystemParametersInfoW
CreateWindowExW
GetWindowTextLengthW
GetDC
ReleaseDC
DrawTextW
OffsetRect
IsWindow
CallWindowProcW
DefWindowProcW
SendMessageW
EndDialog
GetWindow
GetWindowLongW
MonitorFromWindow
GetMonitorInfoW
GetWindowRect
GetParent
GetClientRect
MapWindowPoints
SetWindowPos
EnableWindow
SetWindowTextW
GetDlgItem
SetWindowLongW
DialogBoxParamW
PeekMessageW
GetActiveWindow
GetMessageW
RegisterWindowMessageW
PostThreadMessageW
UnregisterClassW
CharNextW
GetWindowTextW

gdi32

DeleteObject
SetTextColor
CreateFontIndirectW
SelectObject
GetObjectW
GetStockObject
SetBkMode

advapi32

SystemFunction036
CryptAcquireContextW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
StartServiceCtrlDispatcherW
SetServiceStatus
CloseServiceHandle
CryptHashData
CryptDestroyKey
CryptDeriveKey
CryptCreateHash
CryptReleaseContext
CryptGetHashParam
CryptDecrypt
CryptDestroyHash

shell32

ShellExecuteW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

VarUI4FromStr

comctl32

_TrackMouseEvent

Sections

.text
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

103abbef609de26d7ef4a861745059bf

Headers

DLL Characteristics

File Characteristics

Imports

msi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

comctl32

Sections

.text Size: 141KB - Virtual size: 141KB

.rdata Size: 36KB - Virtual size: 36KB

.data Size: 2KB - Virtual size: 5KB

.tls Size: 512B - Virtual size: 9B

.gfids Size: 512B - Virtual size: 256B

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 7KB - Virtual size: 6KB

.text
Size: 141KB - Virtual size: 141KB

.rdata
Size: 36KB - Virtual size: 36KB

.data
Size: 2KB - Virtual size: 5KB

.tls
Size: 512B - Virtual size: 9B

.gfids
Size: 512B - Virtual size: 256B

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 7KB - Virtual size: 6KB