NEAS[.]380168b4842f83e9ead4411efe352dd0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.380168b4842f83e9ead4411efe352dd0.exe
Size

433KB
MD5

380168b4842f83e9ead4411efe352dd0
SHA1

3f23e2196f99869dfe33feca74aaf4a2ec3d8238
SHA256

29f978b892c39d71c83d090bc8e42726c37a8ef1dc150551f0728faaa8500605
SHA512

527a72f47f21656431f6e961b35ec7dcfe869c9864f423049701606aa1a46af807fd58b34a0c29bd796360474ef993e92e23e5a817cf006ecabfeac604579525
SSDEEP

12288:9dkTZEkpvUpcHRuIsIfs27NOSm+f3mcirQxrnlUh:vkTZEkpvUpcHRuIsIf37EO3m/rQ5lUh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.380168b4842f83e9ead4411efe352dd0.exe

Files

NEAS.380168b4842f83e9ead4411efe352dd0.exe
.exe windows:4 windows x86

00779b0ee272034b759df1f2d812b274

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineW
DeviceIoControl
GetDiskFreeSpaceExW
FindFirstFileW
FindClose
CopyFileW
GetLogicalDrives
GetDriveTypeW
QueryDosDeviceW
LocalFree
lstrlenW
GlobalAlloc
GlobalFree
ProcessIdToSessionId
MulDiv
GetFullPathNameW
GetCPInfo
MapViewOfFileEx
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
GetDriveTypeA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetCurrentDirectoryA
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
GetStdHandle
ExitProcess
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
IsValidCodePage
GetOEMCP
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
CreateDirectoryW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
Sleep
InitializeCriticalSection
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetLastError
FlushInstructionCache
WideCharToMultiByte
ReadProcessMemory
GetCurrentProcess
GetModuleFileNameA
GetCurrentThread
CloseHandle
GetThreadSelectorEntry
GetCurrentThreadId
SetUnhandledExceptionFilter
CreateFileA
GetVersionExW
WritePrivateProfileStringW
VirtualQueryEx
FreeLibrary
VirtualQuery
GetCurrentProcessId
DeleteFileW
CreateFileMappingW
SystemTimeToFileTime
InterlockedIncrement
UnmapViewOfFile
MapViewOfFile
GetTickCount
OpenFileMappingW
GetLocalTime
GetProcAddress
LoadLibraryW
GetModuleFileNameW
FindResourceW
MultiByteToWideChar
ReadFile
GetFileSize
SetFilePointer
FindResourceExW
CreateFileW
GetLastError
LoadResource
LockResource
WriteFile
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
SizeofResource
QueryPerformanceCounter

user32

EndPaint
DestroyWindow
PtInRect
SetWindowPos
IsWindowVisible
ScreenToClient
SetTimer
ReleaseDC
MonitorFromPoint
IsWindow
GetMonitorInfoW
GetCursorPos
GetDlgItem
FillRect
PostQuitMessage
CreateDialogParamW
InvalidateRect
CreateWindowExW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
ShowWindow
MoveWindow
SetWindowLongW
GetWindowRect
KillTimer
UpdateLayeredWindow
PostMessageW
DefWindowProcW
UpdateWindow
RegisterClassExW
GetClassInfoExW
UnregisterClassW
GetSystemMetrics
RedrawWindow
GetParent
TrackMouseEvent
LoadCursorW
SetCursor
GetWindowLongW
DispatchMessageW
TranslateMessage
GetMessageW
LoadImageW
GetDC
BeginPaint
SendMessageW
DrawTextW
SetWindowTextW
LoadBitmapW
UnregisterClassA

gdi32

CreateDIBSection
Rectangle
PatBlt
CreateFontIndirectW
GetDeviceCaps
CreateFontW
DeleteDC
BitBlt
SelectObject
CreateCompatibleDC
GetStockObject
SetBkMode
SetBkColor
SetTextColor
TextOutW
DeleteObject
CreateSolidBrush
GetObjectW

advapi32

RegSetValueExW
RegOpenKeyExW
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityInfo
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetSecurityInfo
RegCloseKey
LookupAccountSidW
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
LookupAccountNameW
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegQueryValueExW

shell32

ShellExecuteExW
ShellExecuteW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoUninitialize
CoInitialize
CreateBindCtx
CoCreateGuid
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

shlwapi

PathFileExistsW

comctl32

ord17

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

ws2_32

closesocket
WSACleanup
sendto
gethostbyname
htonl
ntohl
socket
WSAStartup
htons

urlmon

RegisterBindStatusCallback
CreateURLMoniker

netapi32

NetApiBufferFree
Netbios
NetWkstaTransportEnum

Sections

.text
Size: 228KB - Virtual size: 227KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Shared
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

00779b0ee272034b759df1f2d812b274

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

wtsapi32

version

ws2_32

urlmon

netapi32

Sections

.text Size: 228KB - Virtual size: 227KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 8KB - Virtual size: 18KB

Shared Size: 4KB - Virtual size: 4B

.rsrc Size: 144KB - Virtual size: 144KB

.text
Size: 228KB - Virtual size: 227KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 8KB - Virtual size: 18KB

Shared
Size: 4KB - Virtual size: 4B

.rsrc
Size: 144KB - Virtual size: 144KB