NEAS[.]61fb4f24f9edf728f3df04ff685b16f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.61fb4f24f9edf728f3df04ff685b16f0.exe
Size

1.2MB
MD5

61fb4f24f9edf728f3df04ff685b16f0
SHA1

6a859beae1c4e41a1d582f13b621414f95e7f2b4
SHA256

7560a18718f6519c97a3b6fc4bde043f76b17f9d800d780ed7761a143e6d83ab
SHA512

f80a1e8ce7e098d05145d0aecbf88575c3ae5632d224776140a3f1c22b6ea674243ddb791ef528a861e04575d3fc5356a6001563f0cf0a990cffb35fc0b83fb6
SSDEEP

24576:74IdU8jJxV7WXiDkr3R0uclpR3Jm7wvw6:7r+XCkr3R0NnQ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.61fb4f24f9edf728f3df04ff685b16f0.exe

Files

NEAS.61fb4f24f9edf728f3df04ff685b16f0.exe
.exe windows:4 windows x86

a48eb26d9d99fc6265dcdf4da1774dad

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

shlwapi

PathCompactPathA
PathRemoveFileSpecA
StrToIntA
SHEnumValueA
PathRenameExtensionA
PathAddExtensionA
PathFindExtensionA
PathStripToRootA
PathGetDriveNumberA
PathAddBackslashA
PathRemoveExtensionA
PathIsRootA
PathIsSameRootA
PathIsDirectoryA
PathStripPathA
PathFileExistsA
SHGetValueA
StrRChrA

shfolder

SHGetFolderPathA

msvfw32

DrawDibClose

winmm

mciSendStringA

wsock32

ord1111

mfc42

ord4160
ord6197
ord4299
ord4786
ord5037
ord5495
ord4456
ord3571
ord3797
ord3138
ord3996
ord4277
ord2763
ord3522
ord686
ord613
ord640
ord2453
ord2862
ord6172
ord2818
ord5789
ord2860
ord5875
ord5785
ord1640
ord323
ord289
ord2096
ord384
ord1641
ord6696
ord4284
ord6126
ord4129
ord861
ord3998
ord539
ord6905
ord2097
ord6907
ord5260
ord3910
ord4042
ord4220
ord2584
ord3654
ord3216
ord3286
ord2438
ord2863
ord1270
ord1644
ord1175
ord4508
ord2970
ord6403
ord940
ord939
ord6329
ord5610
ord2408
ord6144
ord2504
ord2148
ord3293
ord5862
ord786
ord603
ord2461
ord1969
ord2740
ord273
ord2289
ord4241
ord4133
ord4297
ord5788
ord2859
ord472
ord941
ord519
ord2528
ord5903
ord1706
ord430
ord2801
ord2457
ord5510
ord1652
ord429
ord5981
ord6270
ord922
ord535
ord2122
ord6880
ord6885
ord4720
ord2754
ord5791
ord4480
ord5281
ord2884
ord3370
ord2582
ord4402
ord3640
ord693
ord4243
ord6762
ord4694
ord2575
ord4396
ord3574
ord3706
ord609
ord2614
ord6170
ord5787
ord283
ord4275
ord6662
ord755
ord2753
ord470
ord2152
ord1233
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2301
ord2817
ord3317
ord3499
ord355
ord4224
ord6283
ord6282
ord1200
ord3874
ord6154
ord4364
ord4056
ord5471
ord5989
ord6007
ord1709
ord5234
ord6369
ord5279
ord5248
ord2444
ord3583
ord620
ord298
ord1716
ord1711
ord4230
ord5873
ord2078
ord926
ord4121
ord5440
ord6383
ord5450
ord6394
ord1907
ord5161
ord5162
ord5160
ord4905
ord4742
ord4948
ord5287
ord4835
ord768
ord489
ord4258
ord4854
ord6028
ord4377
ord4976
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord1746
ord5577
ord3172
ord4420
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord801
ord652
ord541
ord338
ord5731
ord4823
ord3303
ord1601
ord2652
ord5683
ord1669
ord2764
ord536
ord2515
ord1835
ord1884
ord1789
ord4083
ord1944
ord6883
ord6143
ord3521
ord833
ord793
ord4614
ord4613
ord1871
ord1945
ord4273
ord2688
ord4341
ord4349
ord4890
ord4543
ord4526
ord4529
ord4524
ord4964
ord4961
ord1726
ord813
ord560
ord4723
ord1114
ord2975
ord6402
ord3566
ord1113
ord1090
ord5910
ord3481
ord3916
ord6120
ord2252
ord4464
ord4287
ord5949
ord3089
ord542
ord802
ord1085
ord1148
ord4204
ord923
ord6008
ord5601
ord6569
ord396
ord698
ord3790
ord5852
ord1008
ord2814
ord3810
ord1574
ord2813
ord6467
ord1154
ord6320
ord3301
ord6242
ord6379
ord3742
ord2452
ord816
ord562
ord5076
ord3692
ord2846
ord6157
ord1942
ord4272
ord5259
ord3399
ord3734
ord2389
ord5710
ord341
ord303
ord654
ord2841
ord3287
ord2107
ord1265
ord2149
ord3296
ord3914
ord1642
ord3174
ord4000
ord797
ord602
ord804
ord5858
ord4507
ord6140
ord6741
ord4358
ord809
ord6508
ord556
ord2358
ord1088
ord4055
ord6919
ord6766
ord2298
ord6928
ord784
ord6199
ord3476
ord1908
ord1690
ord5288
ord4439
ord2054
ord4431
ord771
ord496
ord4259
ord2882
ord2646
ord4715
ord5856
ord4278
ord2737
ord5272
ord6241
ord6567
ord859
ord3873
ord1140
ord2645
ord2393
ord1849
ord4244
ord5253
ord3371
ord3641
ord2583
ord4403
ord6142
ord3701
ord772
ord5606
ord500
ord5148
ord1158
ord3567
ord2586
ord4405
ord3723
ord2587
ord4406
ord3394
ord3729
ord2118
ord5307
ord1105
ord5860
ord2299
ord6740
ord6502
ord4125
ord6784
ord6649
ord773
ord5607
ord6705
ord998
ord501
ord3525
ord6093
ord4612
ord4274
ord6375
ord4486
ord2554
ord2512
ord3922
ord1089
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5714
ord4622
ord3738
ord815
ord561
ord4611
ord4609
ord4485
ord3471
ord2002
ord5729
ord5196
ord5502
ord3446
ord3195
ord985
ord3602
ord1267
ord617
ord5214
ord296
ord2635
ord2256
ord5716
ord4465
ord4159
ord6117
ord2621
ord1134
ord1205
ord334
ord648
ord2725
ord986
ord520
ord5289
ord3447
ord3196
ord5199
ord4476
ord6605
ord750
ord2459
ord2183
ord458
ord6378
ord4595
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord674
ord366
ord6195
ord5871
ord4457
ord5252
ord5054
ord4499
ord3870
ord4776
ord4701
ord5805
ord4875
ord5030
ord4910

msvcrt

__setusermatherr
__p__fmode
_adjust_fdiv
__p__commode
?terminate@@YAXXZ
__set_app_type
_except_handler3
_CxxThrowException
atoi
sscanf
_snprintf
??0exception@@QAE@XZ
_setmbcp
_itoa
??0exception@@QAE@ABV0@@Z
_controlfp
??1exception@@UAE@XZ
getenv
sprintf
_vsnprintf
_strnicmp
free
malloc
ceil
_splitpath
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
strncpy
strncat
wcslen
_strdup
_makepath
__CxxFrameHandler
memmove
atof
strtoul
_stricmp
_ftol

kernel32

GetLastError
GetProcAddress
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
ResetEvent
GetTempFileNameA
GetVolumeInformationA
TerminateThread
WaitForSingleObject
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetFileTime
CreateEventA
FindFirstChangeNotificationA
WaitForMultipleObjects
FindNextChangeNotification
FindCloseChangeNotification
GetPrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
WriteFile
FindResourceA
LoadResource
LockResource
SizeofResource
LoadLibraryExA
GlobalAlloc
GlobalReAlloc
GetSystemDefaultLangID
GetLongPathNameA
FreeLibrary
LoadLibraryA
OpenMutexA
CloseHandle
CreateMutexA
CompareFileTime
lstrcmpiA
GetThreadLocale
GetNumberFormatA
GetSystemDirectoryA
GetVersionExA
GetCPInfoExA
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrcpynA
GetWindowsDirectoryA
GetTickCount
GetShortPathNameA
lstrlenW
Sleep
FindNextFileA
CompareStringA
GlobalLock
GetFileAttributesA
GetUserDefaultLCID
GetLocaleInfoA
InterlockedIncrement
GetSystemPowerStatus
GetProfileStringA
GetTempPathA
GetSystemTimeAsFileTime
SetFileAttributesA
CopyFileA
DeleteFileA
FindFirstFileA
FindClose
GetLogicalDrives
GetDriveTypeA
lstrcpyA
MulDiv
lstrlenA
InterlockedDecrement
GlobalUnlock
GlobalFree
GetModuleFileNameA
OutputDebugStringA
SetCommState
GetCommState
LocalFree
LocalAlloc
FormatMessageA
GetModuleHandleA
GetStartupInfoA
GetDiskFreeSpaceA
CreateDirectoryA

user32

DrawTextA
GetMenuStringA
ModifyMenuA
EnableMenuItem
GetDlgItem
SendDlgItemMessageA
SetWindowPos
GetWindow
GetClassNameA
GetLastActivePopup
InflateRect
GetSystemMenu
GetDlgCtrlID
GetMenu
RegisterWindowMessageA
SetForegroundWindow
MessageBoxA
CallWindowProcA
IsZoomed
IsMenu
IsIconic
SetClipboardData
FindWindowA
SetActiveWindow
ScreenToClient
GetSystemMetrics
GetCursor
DestroyCursor
MessageBeep
GetKeyState
IsWindow
PostThreadMessageA
GetCursorPos
ShowWindow
DrawIconEx
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageA
CharNextA
FrameRect
DrawIcon
LoadIconA
GetWindowLongA
SetWindowRgn
AppendMenuA
RegisterClipboardFormatA
BringWindowToTop
wsprintfA
SetCursor
LoadCursorA
SetParent
DestroyIcon
CheckMenuItem
EnableWindow
GetParent
DeleteMenu
InsertMenuA
GetMenuItemCount
GetMenuItemID
GetWindowDC
LoadImageA
ShowScrollBar
ValidateRect
PeekMessageA
PostQuitMessage
CharPrevA
CharUpperA
CreatePopupMenu
FillRect
SetRectEmpty
ReleaseCapture
SetCapture
GetCapture
PtInRect
DrawFocusRect
SetRect
SystemParametersInfoA
UpdateWindow
SendMessageA
CloseClipboard
CopyRect
IsWindowVisible
SetWindowLongA
GetWindowRect
GetDesktopWindow
SetMenuDefaultItem
KillTimer
SetTimer
IsClipboardFormatAvailable
GetSysColor
GetDC
ReleaseDC
OpenClipboard
EmptyClipboard
SetMenuItemInfoA
GetFocus
PostMessageA
GetClientRect
LoadMenuA
GetSubMenu
GetMenuItemInfoA
ClientToScreen
TrackPopupMenu
RedrawWindow
LoadBitmapA
OffsetRect
MapWindowPoints
InvalidateRect

gdi32

CreateCompatibleBitmap
UnrealizeObject
BitBlt
GetTextColor
CreateCompatibleDC
GetObjectA
GetStockObject
RealizePalette
GetTextMetricsA
Rectangle
CreateSolidBrush
CreateRoundRectRgn
CreateFontIndirectA
GetDeviceCaps
GetTextExtentPoint32A
CreatePatternBrush
SelectObject
ExtTextOutA
GetSystemPaletteEntries
GetBkMode
StretchBlt
CreateHalftonePalette
CreatePalette
GetDIBColorTable
CreateBitmap
DeleteObject
SelectPalette
SetStretchBltMode
DeleteDC
CombineRgn
ExtCreateRegion
CreateDIBSection
PtInRegion
CreateRectRgn
CreateRectRgnIndirect
PatBlt

advapi32

RegCreateKeyExA
RegCloseKey
RegOpenKeyA
RegOpenKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegEnumValueA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

ExtractIconExA
SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
DragQueryFileA
SHGetFileInfoA
ShellExecuteA
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExA

comctl32

ImageList_Destroy
ImageList_DragShowNolock
ImageList_DragEnter
ImageList_AddMasked
ImageList_GetDragImage
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Draw
ImageList_GetImageInfo
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_SetBkColor
ord17
ImageList_DragMove
ImageList_DragLeave

ole32

OleRun
OleSetClipboard
CoCreateInstance
CoTaskMemFree
RevokeDragDrop
CoTaskMemAlloc

oleaut32

VariantInit
SetErrorInfo
VariantClear
SysFreeString
SysAllocString
SafeArrayAccessData
SafeArrayUnaccessData
VariantCopy
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
GetErrorInfo
VariantChangeType
CreateErrorInfo

msvcp60

?ends@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?_Xran@std@@YAXXZ
?_Split@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_istream@DU?$char_traits@D@std@@@1@@
??_8?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@7B?$basic_ostream@DU?$char_traits@D@std@@@1@@
??0ios_base@std@@IAE@XZ
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??_7?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@6B@
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?find_last_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??1?$basic_ofstream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
?clog@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?_Copy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?_Xlen@std@@YAXXZ

Sections

.text
Size: 648KB - Virtual size: 646KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 388KB - Virtual size: 385KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a48eb26d9d99fc6265dcdf4da1774dad

Headers

File Characteristics

Imports

version

shlwapi

shfolder

msvfw32

winmm

wsock32

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

comctl32

ole32

oleaut32

msvcp60

Sections

.text Size: 648KB - Virtual size: 646KB

.rdata Size: 140KB - Virtual size: 136KB

.data Size: 12KB - Virtual size: 13KB

.rsrc Size: 388KB - Virtual size: 385KB

.text
Size: 648KB - Virtual size: 646KB

.rdata
Size: 140KB - Virtual size: 136KB

.data
Size: 12KB - Virtual size: 13KB

.rsrc
Size: 388KB - Virtual size: 385KB