NEAS[.]5e8b86d99be0c55718b1ad38ef55c9e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5e8b86d99be0c55718b1ad38ef55c9e0.exe
Size

1.8MB
MD5

5e8b86d99be0c55718b1ad38ef55c9e0
SHA1

d9be2419c6428f2b50cc2033a20a957c6fa206e2
SHA256

2bb61c1a32a37cf46fb2a3b7c6871256be23e20d9086893319976164939490ed
SHA512

582d3c1b0abaded1adb7c9bde964b412596c5c66f8962273c75c41a5acbf58247002a2d6019871c61067d1aae3b215b53fb9403362f7b68cc1b78203e523d588
SSDEEP

24576:JIaHJyb0lYHA6JpVrn7Ji8w1O0FetGjhTqjNnfwyB5rAa0tRT5fjznDh4j:Hk0eHb5D0WGQNIyB5rq19nnDh4j

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5e8b86d99be0c55718b1ad38ef55c9e0.exe

Files

NEAS.5e8b86d99be0c55718b1ad38ef55c9e0.exe
.exe windows:5 windows x86

8af4798d091d3e5f7b02b06f448fe7e3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
OpenProcessToken
CreateProcessAsUserW
LogonUserA
ImpersonateLoggedOnUser
GetUserNameA
ReportEventA
LookupPrivilegeValueA
RegisterEventSourceA

shell32

SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHAppBarMessage
Shell_NotifyIconW
SHGetFolderPathW
SHGetDesktopFolder

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

psapi

EnumProcesses
EnumProcessModules
GetModuleBaseNameW

shlwapi

AssocQueryStringW

curllib

curl_easy_perform
curl_slist_append
curl_easy_setopt
curl_global_cleanup
curl_global_init
curl_easy_cleanup
curl_slist_free_all
curl_easy_init

nspr4

PR_Sleep
PR_IntervalNow
PR_CloseDirUTF16
PR_OpenDirUTF16
PR_ReadDirUTF16
PR_GetFileInfo64UTF16
PR_NewRWLock
PR_DestroyRWLock
PR_RWLock_Rlock
PR_RWLock_Wlock
PR_RWLock_Unlock
PR_NewCondVar
PR_NewLock
PR_DestroyLock
PR_DestroyCondVar
PR_Unlock
PR_NotifyCondVar
PR_WaitCondVar
PR_MillisecondsToInterval
PR_JoinThread
PR_Interrupt
PR_CreateThread
PR_GetError
PR_Lock

gdiplus

GdipGetDC
GdipSaveImageToFile
GdipGetImageGraphicsContext
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipReleaseDC
GdipCreateBitmapFromHICON
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipGetImageThumbnail
GdiplusStartup
GdiplusShutdown
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipCreateHBITMAPFromBitmap
GdipDisposeImage

kernel32

WriteConsoleA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LCMapStringW
LCMapStringA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
InterlockedExchange
HeapSize
GetModuleHandleA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetConsoleCtrlHandler
SetHandleCount
GetCurrentThread
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
VirtualAlloc
FatalAppExitA
VirtualFree
HeapDestroy
HeapCreate
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
MoveFileA
SetStdHandle
GetNumberOfConsoleInputEvents
PeekConsoleInputA
SetConsoleMode
ReadConsoleInputA
GetDriveTypeA
GetStdHandle
WriteConsoleW
FindFirstFileW
GetDriveTypeW
GetConsoleMode
GetConsoleCP
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
SetFileAttributesA
RemoveDirectoryW
HeapReAlloc
GetStartupInfoA
GetCommandLineA
GetLastError
Sleep
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
CreateDirectoryW
GetFileAttributesW
WTSGetActiveConsoleSessionId
GetConsoleOutputCP
GetCurrentProcessId
GetVersionExW
GetVersion
CloseHandle
GlobalUnlock
GlobalLock
GlobalAlloc
GetCurrentThreadId
OpenProcess
GetCurrentProcess
CreateProcessW
WideCharToMultiByte
MultiByteToWideChar
GetLongPathNameA
GetTempPathA
SetFileAttributesW
GetTempFileNameA
GetModuleFileNameA
FreeLibrary
DeleteFileA
FindClose
FindNextFileA
FindFirstFileA
CreateFileA
LoadLibraryA
SetUnhandledExceptionFilter
GetVersionExA
LockFileEx
UnlockFileEx
InitializeCriticalSection
InterlockedCompareExchange
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
AreFileApisANSI
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileW
LoadLibraryW
QueryPerformanceCounter
GetTickCount
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
LocalFree
FormatMessageA
FormatMessageW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileW
RaiseException
IsDebuggerPresent
TerminateProcess
GetDateFormatA
GetTimeFormatA
ExitProcess
HeapAlloc
UnhandledExceptionFilter
RtlUnwind
HeapFree
GetCurrentDirectoryA
SetCurrentDirectoryA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
GetProcessHeap
CompareStringA
CompareStringW
SetEnvironmentVariableA
RemoveDirectoryA
CreateDirectoryA
ProcessIdToSessionId

user32

EmptyClipboard
OpenClipboard
BringWindowToTop
GetLastActivePopup
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
EnumWindows
WaitForInputIdle
PostQuitMessage
SetClipboardData
MessageBoxA
GetWindowRect
GetCursorPos
TrackPopupMenu
GetMenuItemID
LoadMenuW
GetSubMenu
DestroyMenu
SetMenuDefaultItem
IsWindow
CloseClipboard
RegisterWindowMessageW
DestroyWindow
RegisterClassExW
DefWindowProcW
SetTimer
RedrawWindow
SetActiveWindow
DrawAnimatedRects
GetWindowLongW
SetWindowLongW
CreateWindowExW
SetParent
FindWindowW
EnumChildWindows
SystemParametersInfoW
LoadCursorW
GetClassNameW
SendMessageW
DrawIconEx
DestroyIcon
ReleaseDC
CreateIconIndirect
GetDC
DispatchMessageW
TranslateMessage
GetMessageW
UpdateWindow
ShowWindow
LoadIconW
PostMessageW
LoadImageW
KillTimer
LoadStringW
SetForegroundWindow

gdi32

CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
BitBlt
DeleteDC
CreateDCW
GetObjectW
DeleteObject

ole32

CoUninitialize
CoInitializeEx

ws2_32

getprotobyname
WSAGetLastError
WSACreateEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSACloseEvent
WSAStartup
gethostname
WSACleanup
gethostbyaddr
getsockname
ntohs
gethostbyname
connect
ioctlsocket
socket
listen
setsockopt
bind
htons
inet_addr
htonl
accept
select
send
recv
inet_ntoa
getpeername
closesocket
shutdown
getservbyname

winmm

timeSetEvent
timeBeginPeriod

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 478KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 113KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8af4798d091d3e5f7b02b06f448fe7e3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

rpcrt4

psapi

shlwapi

curllib

nspr4

gdiplus

kernel32

user32

gdi32

ole32

ws2_32

winmm

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 478KB - Virtual size: 477KB

.data Size: 113KB - Virtual size: 126KB

.rsrc Size: 16KB - Virtual size: 15KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 478KB - Virtual size: 477KB

.data
Size: 113KB - Virtual size: 126KB

.rsrc
Size: 16KB - Virtual size: 15KB