NEAS[.]2f72512c98fcea46edd9e5408c20b4f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2f72512c98fcea46edd9e5408c20b4f0.exe
Size

515KB
MD5

2f72512c98fcea46edd9e5408c20b4f0
SHA1

37d9d63dfea6c3bacffc23675836a3bb41358ff6
SHA256

7c36875ef4546e129c2a9dc671c2b08d497c024fde2b2bbb98534145500e88c8
SHA512

e5d9056756a00925abac7bb4cdc65c1a472beaacd0c278d070581ab178fb820a306861b656b37f9541c6dc6a0bf557dae91f7eb866a61efb1b3b768f3957489f
SSDEEP

12288:3ZpeRb6cLS1/Ys2xKaFOWMbrbViEUP8iZk25:JcRb1StYs0KKKbViEUPR5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2f72512c98fcea46edd9e5408c20b4f0.exe

Files

NEAS.2f72512c98fcea46edd9e5408c20b4f0.exe
.exe windows:1 windows x86

3a0745284907535c3af7bf46e74205a0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA

comctl32

ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Remove
ImageList_GetIcon
ImageList_LoadImageA

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontIndirectA
CreateSolidBrush
DeleteDC
DeleteObject
GetDeviceCaps
GetDIBits
GetStockObject
GetTextMetricsA
MoveToEx
SelectObject
SetBkColor
SetBkMode
SetDIBits
SetTextAlign
SetTextColor

kernel32

CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
EnumResourceNamesA
ExitProcess
FindClose
FindFirstFileA
FindNextFileA
GetCommandLineA
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStartupInfoA
GetStringTypeA
GetThreadPriority
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
GlobalReAlloc
GlobalSize
GlobalUnlock
LoadLibraryA
MultiByteToWideChar
OpenProcess
ReadFile
ResumeThread
SetEndOfFile
SetErrorMode
SetFilePointer
SetLastError
SetThreadPriority
Sleep
SuspendThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
WaitForSingleObject
WideCharToMultiByte
WriteFile
CreateRemoteThread
DeviceIoControl
FileTimeToSystemTime
GetPrivateProfileStringA
ReadProcessMemory
SystemTimeToFileTime
TerminateThread
VirtualAllocEx
VirtualFreeEx
WinExec
WritePrivateProfileStringA
WriteProcessMemory
lstrlenA
RtlMoveMemory
CloseHandle

ole32

CLSIDFromProgID
CoCreateInstance
CoInitialize
CoTaskMemFree
CoUninitialize
ProgIDFromCLSID

oleaut32

GetActiveObject
SafeArrayCreate
SysAllocStringByteLen
SysFreeString
SysStringByteLen
VariantClear
VariantCopy

shell32

Shell_NotifyIconA

user32

CallWindowProcA
CharLowerBuffA
CharNextA
CharUpperBuffA
CheckRadioButton
ClientToScreen
CloseClipboard
CreateDialogIndirectParamA
CreateDialogParamA
CreateMenu
CreatePopupMenu
CreateWindowExA
DeleteMenu
DestroyIcon
DestroyWindow
DialogBoxIndirectParamA
DispatchMessageA
DrawMenuBar
EmptyClipboard
EnableWindow
FillRect
GetClientRect
GetClipboardData
GetCursorPos
GetDC
GetDlgItem
GetKeyState
GetMenu
GetMenuItemInfoA
GetSysColor
GetSysColorBrush
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
InsertMenuItemA
InvalidateRect
IsClipboardFormatAvailable
IsDialogMessageA
IsWindow
KillTimer
LoadIconA
LoadImageA
MapDialogRect
MessageBoxA
OpenClipboard
PeekMessageA
PostMessageA
RedrawWindow
ReleaseDC
ScreenToClient
SendMessageA
SetClipboardData
SetFocus
SetForegroundWindow
SetMenu
SetMenuItemInfoA
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
TranslateMessage
UpdateWindow
DestroyMenu
DialogBoxParamA
EnumWindows
GetClassNameA
GetPropA
GetWindow
GetWindowThreadProcessId
IsWindowVisible
RemovePropA
SetPropA

winmm

timeGetTime

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile

Exports

Exports

ACTIVENPCFUNC
ACTIVEROLEFUNC
AJTFUNC
BUYIMTEFUNC
JIHUOWP
MOUSEFUNC
OPENCKFUNC
PC1DEC
PC1ENC
RWCKFUNC
SELLIMTEFUNC
SWHCFUNC
SelectFunc
SendPacket
UNNPCFUNC
USECKFUNC
WRITESCREENFUNC
XLFUNC
mvs_widget

Sections

.text
Size: 433KB - Virtual size: 433KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 30KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.link
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a0745284907535c3af7bf46e74205a0

Headers

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

oleaut32

shell32

user32

winmm

wininet

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 433KB

.data Size: 30KB - Virtual size: 42KB

.link Size: 6KB - Virtual size: 5KB

.rsrc Size: 16KB - Virtual size: 16KB

.rloc Size: 27KB - Virtual size: 27KB

.text
Size: 433KB - Virtual size: 433KB

.data
Size: 30KB - Virtual size: 42KB

.link
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 16KB - Virtual size: 16KB

.rloc
Size: 27KB - Virtual size: 27KB