NEAS[.]b7af60a041b246eba4b91bb9707e0c90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b7af60a041b246eba4b91bb9707e0c90.exe
Size

289KB
MD5

b7af60a041b246eba4b91bb9707e0c90
SHA1

d09b6ce851b86883635d78ef8e2b36a7d97f4f0e
SHA256

15b70933e973219a986e210eebfccae2317fef9b7405a94ef7ec0992f27d120c
SHA512

f5dd5e8740549d291bc20b562aa6891034a702398a7d33e2e9091854671029eb908f569158e42607b0d4f6f4bbaa6ffe09289aac557f15ea2c66f9acff7b6c54
SSDEEP

3072:MicuxJkiPmjS4QG9tis6g/Y6E7N4VvFVfrJuVRmNqe5DjFEI20w+2RFEIC0w+2RB:uiOmvGXis6vyhFVgV7guoWYMWz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b7af60a041b246eba4b91bb9707e0c90.exe

Files

NEAS.b7af60a041b246eba4b91bb9707e0c90.exe
.exe windows:5 windows x86

e9487d6da285ce5013b2146fffa4309e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dppdll

ord193
ord95
ord18
ord9
ord503
ord88
ord365
ord297
ord93
ord513
ord362
ord99
ord321
ord201
ord336
ord200
ord72
ord204
ord338
ord523
ord519
ord55
ord50
ord363
ord364
ord385
ord141
ord192
ord189
ord23
ord409
ord135
ord191
ord137
ord130
ord175
ord218
ord410
ord49
ord332
ord110
ord52
ord51
ord44
ord292
ord251
ord32
ord30
ord28
ord325
ord324
ord31
ord178
ord27
ord16
ord14
ord412
ord430
ord404
ord221
ord507
ord431
ord411
ord426
ord505
ord508
ord131
ord407
ord406
ord205
ord408
ord900
ord506
ord902

kernel32

GetCommandLineA
LockResource
SetEvent
GetUserDefaultLangID
GlobalFree
GlobalHandle
WaitForSingleObject
SetThreadPriority
CreateThread
lstrlenW
CloseHandle
Sleep
LoadLibraryA
ReadFile
GetFileSize
CreateFileA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
HeapSize
GetStdHandle
WriteFile
ExitProcess
HeapCreate
GetModuleHandleA
TlsFree
TlsSetValue
GetConsoleMode
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapReAlloc
GetStartupInfoA
RtlUnwind
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualProtect
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
FlushFileBuffers
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
lstrcpyA
GetCurrentProcess
LoadLibraryExA
FindResourceA
LoadResource
SizeofResource
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
MulDiv
lstrcmpA
SetLastError
IsDBCSLeadByte
GetCurrentThreadId
lstrcmpiA
InterlockedDecrement
InterlockedIncrement
GetLastError
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
CreateEventA

user32

UpdateWindow
SetRect
LoadStringA
EnableWindow
SystemParametersInfoA
MapWindowPoints
SetDlgItemTextA
CreateDialogParamA
LoadImageA
CreateDialogIndirectParamA
PostMessageA
PostQuitMessage
MessageBoxA
SetForegroundWindow
IsWindowVisible
SetWindowPlacement
GetWindowPlacement
wsprintfA
SendDlgItemMessageA
KillTimer
SetTimer
ShowWindow
RegisterWindowMessageA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetWindowRect
GetSystemMetrics
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
IsDialogMessageA
TranslateMessage
DispatchMessageA
CreateAcceleratorTableA
IsWindow
GetDesktopWindow
GetFocus
SetFocus
DestroyAcceleratorTable
BeginPaint
EndPaint
CallWindowProcA
ReleaseCapture
GetClassNameA
GetDlgItem
GetParent
IsChild
SetCapture
RedrawWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
ScreenToClient
ClientToScreen
GetClientRect
MoveWindow
GetSysColor
DestroyWindow
MapDialogRect
SendMessageA
SetWindowContextHelpId
GetWindow
SetWindowPos
GetWindowLongA
CreateWindowExA
RegisterClassExA
CharNextA
DefWindowProcA
LoadCursorA
GetClassInfoExA
SetWindowLongA
FillRect
UnregisterClassA

gdi32

CreateFontA
SetStretchBltMode
StretchDIBits
CreatePen
MoveToEx
LineTo
ExcludeClipRect
GetStockObject
GetObjectA
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteDC
SelectClipRgn

comdlg32

GetOpenFileNameA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegEnumKeyExA
RegQueryInfoKeyA
RegSetValueExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

ole32

OleUninitialize
OleInitialize
CoInitialize
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
OleLockRunning
StringFromGUID2
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

VariantInit
LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
VarUI4FromStr

shlwapi

PathRemoveExtensionA

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e9487d6da285ce5013b2146fffa4309e

Headers

DLL Characteristics

File Characteristics

Imports

dppdll

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

shlwapi

Sections

.text Size: 170KB - Virtual size: 170KB

.rdata Size: 34KB - Virtual size: 33KB

.data Size: 9KB - Virtual size: 16KB

.rsrc Size: 74KB - Virtual size: 73KB

.text
Size: 170KB - Virtual size: 170KB

.rdata
Size: 34KB - Virtual size: 33KB

.data
Size: 9KB - Virtual size: 16KB

.rsrc
Size: 74KB - Virtual size: 73KB