NEAS[.]752b4467131b6caab211f9b677d5b750[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.752b4467131b6caab211f9b677d5b750.exe
Size

664KB
MD5

752b4467131b6caab211f9b677d5b750
SHA1

9b2f2dd77a0a30d21f05764c8d411e3ab1926dd3
SHA256

d142829608972324c7ba5727c403ed32a90d3d5acd06d3e6666af213fd92c636
SHA512

c7607f5ebf89de145d1f9e16944b44c126c3667548a115eb2f4978dcc70d32857bc08ce7f028794e9d7e26c8cdcf2c8fbc577d5259a6435a79f239ff4d6b684c
SSDEEP

12288:Z778P7FZX/o4EKKlLTJ9xyAd4AxAg8Z3/Lb62bXqn6m9:ZfuX/o4TKlLjxjdPP81+6m9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.752b4467131b6caab211f9b677d5b750.exe

Files

NEAS.752b4467131b6caab211f9b677d5b750.exe
.dll regsvr32 windows:4 windows x86

b62b9555ad48c1429446e24f9bd8d03a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

isdigit
atoi
_beginthreadex
wcstombs
memmove
mbstowcs
wcscmp
wcscpy
_CxxThrowException
_beginthread
_strcmpi
srand
rand
_open
_close
_read
_lseeki64
_itoa
_stat
_mbsnbcat
_mbsnbcpy
sscanf
toupper
_stricmp
_except_handler3
_endthread
??1type_info@@UAE@XZ
?terminate@@YAXXZ
strncmp
wcslen
clock
_ftol
strstr
_strnicmp
atol
time
swprintf
sprintf
_purecall
strncpy
_vsnprintf
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

InterlockedIncrement
WaitForSingleObject
SetEvent
GetModuleFileNameA
MultiByteToWideChar
lstrcatA
lstrlenA
ReadFile
GetVersionExA
DisableThreadLibraryCalls
GetLastError
ResetEvent
GetCurrentProcess
GetCurrentThreadId
WaitForMultipleObjects
CreateSemaphoreA
ReleaseSemaphore
InterlockedDecrement
VirtualAlloc
VirtualFree
SetErrorMode
CreateThread
GetModuleHandleA
WideCharToMultiByte
SetThreadPriority
GetCurrentThread
lstrcatW
HeapFree
HeapReAlloc
EnterCriticalSection
Sleep
LeaveCriticalSection
GetCurrentProcessId
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
GetEnvironmentVariableA
CreateEventA
LoadLibraryA
GetProcAddress
FreeLibrary
CreateFileA
ExitProcess
GetFileTime
CloseHandle
OpenMutexA
lstrlenW
CreateMutexA
ReleaseMutex
SystemTimeToFileTime
FindClose
FindFirstFileA
GetVolumeInformationA
WriteFile
SetFilePointer
ResumeThread
GetFileSize
GetFileAttributesA
GetTimeZoneInformation
GetSystemDirectoryA
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
lstrcpyA
GetDriveTypeA
DeviceIoControl
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableA
GetProcessHeap
HeapAlloc

user32

SetTimer
SetWindowTextA
GetDlgItem
KillTimer
GetWindowTextA
SendMessageA
PostMessageA
GetMessageA
SetRect
FindWindowA
EnumDisplaySettingsA
OffsetRect
IntersectRect
EnableWindow
IsWindow
GetWindowTextLengthA
ScreenToClient
GetClientRect
SetWindowPos
SetFocus
LoadImageA
LoadBitmapA
GetSystemMetrics
MessageBoxA
ChangeDisplaySettingsA
SystemParametersInfoA
GetWindowPlacement
IsIconic
wvsprintfA
GetWindowLongA
PostThreadMessageA
DispatchMessageA
PeekMessageA
GetDesktopWindow
GetWindowRect
LoadStringW
LoadStringA
wsprintfA
DefWindowProcA
DestroyWindow
ShowWindow
InvalidateRect
MoveWindow
CreateDialogParamA
SetWindowLongA

advapi32

GetTokenInformation
RegCreateKeyA
RegSetValueA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
OpenProcessToken
RegCreateKeyExA
AllocateAndInitializeSid
EqualSid
FreeSid
RegEnumValueA
RegQueryValueExA

ole32

CoUninitialize
CoFreeUnusedLibraries
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoCreateInstance
StringFromGUID2
CreateStreamOnHGlobal

oleaut32

OleCreatePropertyFrame

winmm

timeBeginPeriod
timeEndPeriod
mciSendCommandA
timeGetTime

gdi32

CreateICA
CreateDCA
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
ExtEscape
GetDeviceCaps
DeleteDC

ddraw

DirectDrawCreate

ws2_32

htons
htonl
WSACleanup
WSAStartup
closesocket
select
getsockname
bind
socket
setsockopt
ntohl
ntohs
WSACloseEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
accept
connect
send
WSAGetLastError
recv
listen
sendto
recvfrom
WSASocketA
WSARecvFrom
WSASetEvent
WSAResetEvent
WSAWaitForMultipleEvents

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 488KB - Virtual size: 484KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b62b9555ad48c1429446e24f9bd8d03a

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

advapi32

ole32

oleaut32

winmm

gdi32

ddraw

ws2_32

Exports

Exports

Sections

.text Size: 488KB - Virtual size: 484KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 68KB - Virtual size: 87KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 488KB - Virtual size: 484KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 68KB - Virtual size: 87KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 36KB - Virtual size: 32KB