NEAS[.]8048dca38b57b6c4a1b43f662c2bc150[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.8048dca38b57b6c4a1b43f662c2bc150.exe
Size

1.7MB
MD5

8048dca38b57b6c4a1b43f662c2bc150
SHA1

68f8de7b1c8846ac87b080b0be007ba6b5e16b90
SHA256

22db2f14115312e6d2332b4d1b66518c966384215a7a546e140ba3a963f61ce5
SHA512

156e993ae20c98f5d045dc5c72d817bb96f31ddfb3f842e7721f3372907aeac1f094a65870c803e5f57ec68360286f474d391fe58c9e73408a86f4612af5478b
SSDEEP

49152:Vnxgwjo0XoaevRVDzsRUjpec16CmGXhNeJP:Vnhezf9ec1JXhs

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8048dca38b57b6c4a1b43f662c2bc150.exe

Files

NEAS.8048dca38b57b6c4a1b43f662c2bc150.exe
.exe windows:5 windows x64

d1336272de28db5e7c18478e20ceb27e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

HeapFree
HeapAlloc
HeapReAlloc
GetSystemTimeAsFileTime
SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
UnhandledExceptionFilter
RtlCaptureContext
RaiseException
RtlPcToFileHeader
HeapSize
TerminateProcess
IsDebuggerPresent
RtlVirtualUnwind
WideCharToMultiByte
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
CloseHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
RtlUnwindEx
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleHandleExW
GetLongPathNameW
FindFirstFileW
CreateDirectoryW
GetFileAttributesW
FileTimeToSystemTime
GetCurrentDirectoryW
MoveFileW
FindClose
RemoveDirectoryW
FindNextFileW
GetFileAttributesExW
GetDiskFreeSpaceExW
CreateThread
OpenEventW
CreateEventW
CreateFileMappingW
GetLastError
FlushConsoleInputBuffer
GetVersionExW
LoadLibraryW
GlobalMemoryStatus
GetVersion
DeleteFileA
GetProcessHeap
SetEndOfFile
CreateFileW
ReadFile
MoveFileA
GetVolumeInformationW
SetEvent
WaitForSingleObject
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
GlobalUnlock
GlobalAlloc
GlobalLock
GetCurrentThreadId
GetTimeZoneInformation
Sleep
RtlLookupFunctionEntry
GetStartupInfoW
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
ReadConsoleInputA
SetConsoleMode
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
GetTickCount
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
SetCurrentDirectoryW

user32

CloseClipboard
EmptyClipboard
OpenClipboard
SetClipboardData
ClientToScreen
DestroyWindow
SetCursor
GetWindowTextLengthW
UnregisterClassW
FrameRect
GetWindowLongPtrW
GetDC
RegisterClassExW
InvalidateRect
GetWindowTextW
BeginPaint
DrawTextW
EndPaint
SetWindowTextW
wsprintfW
PostQuitMessage
SetActiveWindow
SetWindowPos
ShowWindow
GetWindowLongW
GetWindowPlacement
SendMessageW
GetClientRect
LoadCursorW
DispatchMessageW
TranslateMessage
GetMessageW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
GetParent
DefWindowProcW
PeekMessageW
PostMessageW
CallWindowProcW
ReleaseDC
SetWindowLongW
GetSysColor
CreateWindowExW
MessageBoxW
SetWindowLongPtrW
GetSystemMetrics
RegisterClassW

shell32

ShellExecuteW
SHFileOperationW

comctl32

ord17

ws2_32

WSAAsyncSelect
gethostbyname
connect
ntohs
getsockname
shutdown
setsockopt
recv
send
bind
listen
accept
recvfrom
WSAStartup
WSACleanup
WSAGetLastError
htons
sendto
WSASetLastError
socket
closesocket
inet_addr
gethostname
inet_ntoa

iphlpapi

GetAdaptersInfo
GetNetworkParams

gdi32

GetTextExtentPoint32W
PatBlt
SetTextColor
CreateFontIndirectW
SetBkColor
SetBkMode
DeleteObject
CreateSolidBrush
GetStockObject
GetClipBox
SelectObject
GetObjectW

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
QueryServiceConfigW
ControlService
RegisterServiceCtrlHandlerW
SetServiceStatus
ChangeServiceConfigW
StartServiceW
OpenServiceW
StartServiceCtrlDispatcherW
CreateServiceW
CloseServiceHandle
DeleteService
OpenSCManagerW
RegisterEventSourceW
ReportEventW
DeregisterEventSource

mmcode

audio_codec_list

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 243KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 270KB - Virtual size: 8.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d1336272de28db5e7c18478e20ceb27e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

comctl32

ws2_32

iphlpapi

gdi32

advapi32

mmcode

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 243KB - Virtual size: 242KB

.data Size: 270KB - Virtual size: 8.3MB

.pdata Size: 60KB - Virtual size: 59KB

.rsrc Size: 67KB - Virtual size: 66KB

.reloc Size: 42KB - Virtual size: 42KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 243KB - Virtual size: 242KB

.data
Size: 270KB - Virtual size: 8.3MB

.pdata
Size: 60KB - Virtual size: 59KB

.rsrc
Size: 67KB - Virtual size: 66KB

.reloc
Size: 42KB - Virtual size: 42KB