NEAS[.]efe47a8f22b6bb368cfe35692adeed80[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.efe47a8f22b6bb368cfe35692adeed80.exe
Size

2.6MB
MD5

efe47a8f22b6bb368cfe35692adeed80
SHA1

b618c9992cf6aa0403d9f42f7eee146703a367ef
SHA256

656857f9986dcd2bd7e3cdc679c1070d9b79574d269dab20e348a13cbe3cc315
SHA512

eb48682b5fea7cad4d602166af1c457c1f02bf9bf99acf13d97fdf8c7309a47bc10c360359f4be2cce8f8fa2a206d59d5fe4c561b3244e129a41568697937bb4
SSDEEP

49152:ABLW4c7Mv75c/XxWZFNkuNu9NNGWE4MdiY4z55JzSh3GbFAWDX:ABLWujQxWeoeLGWhpYCJzp1

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.efe47a8f22b6bb368cfe35692adeed80.exe

Files

NEAS.efe47a8f22b6bb368cfe35692adeed80.exe
.dll windows:5 windows x86

663e25f17b33d6d403e3c0a3d06d8ef3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wintrust

OpenPersonalTrustDBDialog

kernel32

PeekConsoleInputW
GetSystemTimeAsFileTime
WriteProcessMemory
PulseEvent
SetFileApisToOEM
GetACP
GetModuleHandleA
SetTimeZoneInformation
OutputDebugStringA
GetProcAddress
GetModuleFileNameA
GetBinaryTypeA
GetFileAttributesExW

shlwapi

PathQuoteSpacesA
StrRetToBufA
PathIsDirectoryEmptyW
PathBuildRootW
PathMakeSystemFolderW
SHGetValueA

advapi32

ClearEventLogW
BackupEventLogW
ReadEncryptedFileRaw
CryptSetProviderA
SetPrivateObjectSecurity
AddAccessDeniedAce

clusapi

ClusterResourceEnum

ole32

RevokeDragDrop
StgIsStorageILockBytes
CoGetClassObject

mprapi

MprConfigInterfaceTransportAdd
MprAdminConnectionEnum

gdi32

SetViewportExtEx
GetSystemPaletteEntries
GetViewportExtEx
CreateCompatibleDC
SetSystemPaletteUse

comctl32

ImageList_Destroy

user32

PostThreadMessageW
GetScrollPos
NotifyWinEvent
GetWindowContextHelpId
GetMessageTime
WaitMessage

shell32

SHBindToParent

crypt32

CryptEnumOIDInfo
CryptSignAndEncodeCertificate

msacm32

acmStreamClose

rpcrt4

RpcBindingInqObject
NdrSimpleTypeMarshall
RpcServerInqBindings

rasapi32

RasGetErrorStringA

ws2_32

select

comdlg32

GetOpenFileNameW

version

GetFileVersionInfoA

secur32

InitSecurityInterfaceW

netapi32

NetGroupAdd

msvcrt

strcmp

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.data
Size: 60KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

j
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

6-8eOr_K
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

n5BC=Q
Size: 88KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H|d
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

663e25f17b33d6d403e3c0a3d06d8ef3

Headers

DLL Characteristics

File Characteristics

Imports

wintrust

kernel32

shlwapi

advapi32

clusapi

ole32

mprapi

gdi32

comctl32

user32

shell32

crypt32

msacm32

rpcrt4

rasapi32

ws2_32

comdlg32

version

secur32

netapi32

msvcrt

Sections

.text Size: 36KB - Virtual size: 32KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 60KB - Virtual size: 61KB

j Size: 1.2MB - Virtual size: 1.2MB

DATA Size: 8KB - Virtual size: 4KB

6-8eOr_K Size: 8KB - Virtual size: 5KB

PACK Size: 8KB - Virtual size: 4KB

n5BC=Q Size: 88KB - Virtual size: 84KB

H|d Size: 1.1MB - Virtual size: 1.1MB

.rsrc Size: 4KB - Virtual size: 816B

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 36KB - Virtual size: 32KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 60KB - Virtual size: 61KB

j
Size: 1.2MB - Virtual size: 1.2MB

DATA
Size: 8KB - Virtual size: 4KB

6-8eOr_K
Size: 8KB - Virtual size: 5KB

PACK
Size: 8KB - Virtual size: 4KB

n5BC=Q
Size: 88KB - Virtual size: 84KB

H|d
Size: 1.1MB - Virtual size: 1.1MB

.rsrc
Size: 4KB - Virtual size: 816B

.reloc
Size: 28KB - Virtual size: 24KB