NEAS[.]be0550bed7d5c475073a4083d3d6cff0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.be0550bed7d5c475073a4083d3d6cff0.exe
Size

7.9MB
MD5

be0550bed7d5c475073a4083d3d6cff0
SHA1

2223525c03d1f5b65062dda97dda783a72061f60
SHA256

d247f2e7f86aa8f9f5f893fc1d168ac72501f122a38f0add2666f0e98d60bfb5
SHA512

0393defa6be34f80d388e49b0e6787e6e6022bd97a81e8f427506463f421f8ec12121fecd43aa4b52349c7cf47b0ac30784d674a9a30e74b0a3c4e3c9367b12d
SSDEEP

196608:r5vGeMW65ADhYZsAEGbK1e/FI2C2xg7DX:N/OUeF4X

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.be0550bed7d5c475073a4083d3d6cff0.exe

Files

NEAS.be0550bed7d5c475073a4083d3d6cff0.exe
.exe windows:5 windows x86

08e0f243b090289fb72c07d5a91166b3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXGetImageInfoFromFileInMemory
D3DXCreateFontA
D3DXCreateCubeTextureFromFileInMemoryEx
D3DXCreateVolumeTextureFromFileInMemoryEx
D3DXCreateTextureFromFileInMemoryEx
D3DXSaveSurfaceToFileA
D3DXCreateTextureFromFileInMemory

d3d9

Direct3DCreate9

kernel32

GetLocalTime
GetTickCount
GetACP
GetOEMCP
GetComputerNameA
FormatMessageA
GetFileTime
ReadFile
WriteFile
GetFileSize
CreateFileW
DeleteCriticalSection
GetTimeZoneInformation
FreeLibrary
SetEndOfFile
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetStdHandle
SetHandleCount
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetCPInfo
LCMapStringW
LCMapStringA
GetModuleHandleW
GetFileType
GetSystemTime
HeapAlloc
RaiseException
RtlUnwind
GetCommandLineA
SystemTimeToFileTime
FileTimeToLocalFileTime
CreateFileA
GetFileAttributesA
CreateDirectoryA
SetFileAttributesW
CreateDirectoryW
GetFileAttributesW
SetFilePointer
DeleteFileW
MoveFileW
GetTempPathA
GetTempPathW
GetCurrentDirectoryW
GetFullPathNameW
LocalFree
GetLastError
InterlockedIncrement
InitializeCriticalSection
SizeofResource
LockResource
LoadResource
HeapFree
ExitThread
FindResourceA
SetFileAttributesA
MoveFileA
DeleteFileA
GetSystemTimeAsFileTime
UnhandledExceptionFilter
InterlockedDecrement
GetUserDefaultLCID
SetConsoleTitleA
AllocConsole
SetUnhandledExceptionFilter
CreateFileMappingA
GetSystemInfo
MapViewOfFile
UnmapViewOfFile
MulDiv
DuplicateHandle
GetCurrentThread
TryEnterCriticalSection
InterlockedExchangeAdd
InterlockedExchange
GetCurrentThreadId
CreateThread
GlobalAlloc
Sleep
GetExitCodeThread
CreateRemoteThread
VirtualFreeEx
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
QueryPerformanceCounter
QueryPerformanceFrequency
GetProcessId
ReadProcessMemory
VirtualProtectEx
VirtualProtect
GetProcAddress
GetModuleHandleA
VirtualAllocEx
OpenProcess
ExitProcess
Process32Next
GetCurrentProcessId
VirtualQuery
FlushInstructionCache
GetLocaleInfoW
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetStringTypeW
GetStringTypeA
IsValidLocale
Process32First
CreateToolhelp32Snapshot
EnumSystemLocalesA
GetLocaleInfoA
GlobalUnlock
GlobalLock
TerminateProcess
GetCurrentDirectoryA
GetFullPathNameA
CreateEventA
SetEvent
OutputDebugStringA
OpenEventA
GetCurrentProcess
WriteProcessMemory
LeaveCriticalSection
EnterCriticalSection
CloseHandle
TerminateThread
WaitForSingleObject
GetVersionExA
CopyFileA
GetModuleFileNameA
MultiByteToWideChar
LoadLibraryA
GetProcessHeap
GetStartupInfoA

user32

PostQuitMessage
ShowCursor
ClientToScreen
GetClientRect
BeginPaint
SendMessageA
EndDialog
SetTimer
KillTimer
GetDlgItem
EnableWindow
SetFocus
DialogBoxParamA
MessageBoxA
LoadIconA
LoadCursorA
LoadStringW
SetRect
AdjustWindowRect
GetWindowLongA
SetWindowPos
ClipCursor
ReleaseCapture
GetCursorPos
GetWindowRect
SetCapture
DefWindowProcA
SetWindowLongA
SetWindowTextA
ShowWindow
RegisterClassA
CreateWindowExA
GetActiveWindow
InvalidateRect
UpdateWindow
SwitchToThisWindow
GetAsyncKeyState
CloseClipboard
GetClipboardData
OpenClipboard
GetKeyState
GetFocus
GetCaretBlinkTime
DispatchMessageA
TranslateMessage
GetMessageA
PeekMessageA
EndPaint

gdi32

SetBkColor
SetTextAlign
SetMapMode
CreatePen
SetTextColor
MoveToEx
LineTo
CreateFontA
GetStockObject
ExtTextOutA
DeleteObject
GetTextExtentPoint32A
SelectObject
CreateCompatibleDC
DeleteDC
GetDeviceCaps
CreateICA
CreateSolidBrush
CreateDIBSection

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExA
CryptGetUserKey
CryptEnumProvidersA
CryptGetProvParam
CryptAcquireContextW
CryptExportKey
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetUserNameA
AdjustTokenPrivileges
OpenProcessToken
CryptDestroyKey
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetFolderPathA

ole32

CoInitializeEx
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
SysAllocString

dbghelp

MiniDumpWriteDump
MakeSureDirectoryPathExists

ws2_32

ioctlsocket
WSAGetLastError
socket
WSAStartup
ntohs
inet_ntoa
getsockname
gethostbyname
setsockopt
htons
connect
select
__WSAFDIsSet
bind
closesocket
shutdown
send
recv
inet_addr

dinput8

DirectInput8Create

crypt32

CryptDecryptMessage
CertFreeCertificateContext
CryptEncodeObject
CryptEncryptMessage
CertNameToStrW
CertDuplicateCertificateContext
CryptMsgOpenToDecode
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 729KB - Virtual size: 728KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 811KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08e0f243b090289fb72c07d5a91166b3

Headers

DLL Characteristics

File Characteristics

Imports

d3dx9_43

d3d9

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

dbghelp

ws2_32

dinput8

crypt32

Sections

.text Size: 1.9MB - Virtual size: 1.9MB

.rdata Size: 729KB - Virtual size: 728KB

.data Size: 121KB - Virtual size: 811KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 5.1MB - Virtual size: 5.1MB

.reloc Size: 159KB - Virtual size: 159KB

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 729KB - Virtual size: 728KB

.data
Size: 121KB - Virtual size: 811KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 5.1MB - Virtual size: 5.1MB

.reloc
Size: 159KB - Virtual size: 159KB