NEAS[.]de7d6ec78048455d9179f8f73bc64a30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.de7d6ec78048455d9179f8f73bc64a30.exe
Size

650KB
MD5

de7d6ec78048455d9179f8f73bc64a30
SHA1

1f9d1f213fb6a4c53dc0d179fc9c1d8fb74f5e9b
SHA256

36e7968462fbb175ee6fd78efaf26fb670bb2360cb05e3832e1776328481b103
SHA512

472723576a294409f650dc7791b82d1f1a9c0f9ebe66164508a63f42b92090b521686596d71f776d8645038259895f1faf833b10d75ab68becd6b1de01fd32c2
SSDEEP

12288:n1hpZ3l1YPBgNMzbw6gtypGPVmPFQqsgqMrqgJjw2ZXsw0f7:7/3cmtypGPo9hsgXrBjwuXsF7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.de7d6ec78048455d9179f8f73bc64a30.exe

Files

NEAS.de7d6ec78048455d9179f8f73bc64a30.exe
.exe windows:5 windows x86

f2c88fa143009035013c548c883c410b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetPrivateProfileStringW
WritePrivateProfileStringW
WritePrivateProfileStringA
GetFullPathNameW
RemoveDirectoryW
GetOverlappedResult
CancelIo
GetFileSize
GetLastError
HeapFree
GetProcessHeap
SetEnvironmentVariableA
CompareStringW
WriteConsoleW
GetPrivateProfileStringA
HeapAlloc
SetLastError
QueryPerformanceCounter
GetModuleFileNameW
ExpandEnvironmentStringsW
InitializeCriticalSection
GetCurrentProcessId
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetTickCount
CreateFileW
Sleep
SetFilePointer
WriteFile
CloseHandle
OutputDebugStringW
GetCurrentThreadId
OpenProcess
GetFileAttributesExW
GetCommandLineW
GetTempFileNameW
GetLongPathNameW
SearchPathW
FormatMessageW
LocalFree
CreateMutexW
WaitForSingleObject
CreateFileMappingW
MapViewOfFile
ReleaseMutex
UnmapViewOfFile
LoadLibraryW
GetProcAddress
FreeLibrary
QueryPerformanceFrequency
GetVersionExW
CreateProcessW
GetTempPathW
GetDiskFreeSpaceExW
CreateThread
GetExitCodeThread
GetExitCodeProcess
GetCurrentProcess
TerminateThread
CreateEventW
OpenEventW
ResetEvent
SetEvent
GetLocalTime
GetSystemTime
GetFileAttributesW
OpenMutexW
CreateDirectoryW
GetShortPathNameW
GetFileSizeEx
PeekNamedPipe
GetEnvironmentVariableW
TryEnterCriticalSection
WaitForMultipleObjects
CreatePipe
GetStartupInfoW
GlobalMemoryStatusEx
OpenFileMappingW
FlushViewOfFile
GetSystemDefaultLCID
GetSystemDefaultUILanguage
GetUserDefaultLCID
GetLocaleInfoW
FindFirstFileW
FindNextFileW
FindClose
DeleteFileW
WideCharToMultiByte
GetComputerNameExW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetUserDefaultLangID
LocalAlloc
GlobalAlloc
ProcessIdToSessionId
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
LoadResource
LockResource
SizeofResource
GetFileTime
DeviceIoControl
GetSystemDirectoryW
MoveFileExW
CopyFileW
SetFileAttributesW
ReadFile
SetEndOfFile
InterlockedIncrement
InterlockedDecrement
lstrcmpiW
GetSystemDirectoryA
LoadLibraryA
FormatMessageA
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
HeapSetInformation
GetSystemTimeAsFileTime
GetTimeFormatW
GetDateFormatW
ExitThread
GetCPInfo
GetTimeZoneInformation
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
SetStdHandle
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapReAlloc
GetConsoleCP
GetConsoleMode
FlushFileBuffers

ws2_32

listen
gethostbyaddr
WSAStartup
WSACleanup
WSAWaitForMultipleEvents
WSAResetEvent
WSACloseEvent
WSACreateEvent
WSAEventSelect
setsockopt
getsockopt
getservbyport
ntohs
htonl
getservbyname
htons
gethostbyname
WSASetLastError
WSAGetLastError
inet_ntoa
inet_addr
WSAStringToAddressW
WSASocketW
WSAConnect
WSAEnumNetworkEvents
send
closesocket
__WSAFDIsSet
socket
bind
recv
sendto
shutdown
select
recvfrom
connect
ioctlsocket
WSAAddressToStringW
freeaddrinfo
getaddrinfo
WSADuplicateSocketW
accept

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

shlwapi

PathFindFileNameW
PathIsFileSpecW
PathFindExtensionW
PathRemoveFileSpecW

psapi

EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW
EnumProcessModules

iphlpapi

GetAdaptersInfo
GetIfEntry
GetInterfaceInfo
IpReleaseAddress
IpRenewAddress
AddIPAddress
DeleteIPAddress
IcmpCreateFile
GetAdaptersAddresses
IcmpSendEcho
NotifyAddrChange
IcmpCloseHandle

user32

SetProcessWindowStation
GetThreadDesktop
SetThreadDesktop
OpenDesktopW
CloseDesktop
ExitWindowsEx
GetProcessWindowStation
GetDesktopWindow
OpenWindowStationW
MsgWaitForMultipleObjects
GetSystemMetrics
SystemParametersInfoW
LoadIconW
DestroyIcon
AllowSetForegroundWindow
MsgWaitForMultipleObjectsEx
WaitForInputIdle
GetKeyState
SendMessageCallbackW
GetMessageW
CloseWindowStation
GetAsyncKeyState
PeekMessageW
SetTimer
RegisterWindowMessageW

advapi32

AllocateAndInitializeSid
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
GetUserNameW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
OpenProcessToken
CheckTokenMembership

shell32

ShellExecuteExW
ExtractIconW
SHGetFolderPathW
ShellExecuteW
SHGetSpecialFolderPathW

ole32

OleInitialize
CoInitializeEx
CoCreateGuid
CoCreateInstance
CLSIDFromString
CoInitialize
CreateStreamOnHGlobal
CoUninitialize
PropVariantClear
OleUninitialize

oleaut32

SysStringLen
SysFreeString
VariantClear
VariantCopy
SysAllocString

wininet

InternetQueryOptionW
InternetConnectW
InternetOpenW
InternetCloseHandle
HttpOpenRequestW
InternetSetOptionW
HttpSendRequestW
HttpQueryInfoW
HttpQueryInfoA
InternetReadFileExA
HttpAddRequestHeadersW
InternetErrorDlg

setupapi

SetupFindFirstLineW
CM_Get_DevNode_Status
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiRemoveDevice
SetupDiDestroyDriverInfoList
SetupOpenInfFileW
CM_Get_Device_IDW
SetupGetLineTextW
SetupCloseInfFile
CMP_WaitNoPendingInstallEvents
SetupDiSetClassInstallParamsW
CM_Get_DevNode_Registry_PropertyW
CM_Set_DevNode_Registry_PropertyW
CM_Disable_DevNode
SetupDiGetClassDevsW
SetupDiBuildDriverInfoList
SetupDiOpenDevRegKey
SetupDiCreateDevRegKeyW
SetupDiOpenClassRegKey
SetupDiCallClassInstaller
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiCreateDeviceInfoW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
CM_Locate_DevNodeW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winspool.drv

EnumPrintersW
DocumentPropertiesW
FindClosePrinterChangeNotification
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterW
EnumPortsW
OpenPrinterW
ClosePrinter
DeletePrinter
EnumMonitorsW
GetPrinterDataExW
SetPrinterDataExW
GetPrinterDriverW
XcvDataW
GetPrinterW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
SetPrinterW
SetJobW
GetJobW
EnumJobsW
ord204
ord203
AddMonitorW
DeleteMonitorW

secur32

GetUserNameExW

Sections

.text
Size: 449KB - Virtual size: 449KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f2c88fa143009035013c548c883c410b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

ws2_32

rpcrt4

shlwapi

psapi

iphlpapi

user32

advapi32

shell32

ole32

oleaut32

wininet

setupapi

version

winspool.drv

secur32

Sections

.text Size: 449KB - Virtual size: 449KB

.rdata Size: 148KB - Virtual size: 148KB

.data Size: 12KB - Virtual size: 30KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 37KB - Virtual size: 36KB

.text
Size: 449KB - Virtual size: 449KB

.rdata
Size: 148KB - Virtual size: 148KB

.data
Size: 12KB - Virtual size: 30KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 37KB - Virtual size: 36KB