NEAS[.]8fda7f32146244990c5b2fcf5112ef20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8fda7f32146244990c5b2fcf5112ef20.exe
Size

64KB
MD5

8fda7f32146244990c5b2fcf5112ef20
SHA1

f7c5d75baf75af85ba9038931b658e230d61ecd8
SHA256

5cf8f9da849b7bae2687277f719d1cbab483112cd0459575af4a54aeac712c10
SHA512

71e23b06463ea02b18c9513960247510e3432b792cb267ea041e6ca315d2bce1c78002e79bbc9850c9b0d776ee76d8ec8a1979ae4a88adb180c650576bac8c76
SSDEEP

768:VLYIrFyRKd8WMlII82XIjCnimg6OOACjCO2rfkSs/hC7PJgBX5mqoGWHpPnBPvyF:PrF6KhWOOVjOkS4hmRfqoGWJ/Z6D8b+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8fda7f32146244990c5b2fcf5112ef20.exe

Files

NEAS.8fda7f32146244990c5b2fcf5112ef20.exe
.dll windows:6 windows x86

f9d318456e9be81a2637fe01bf87cf9e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

qt5widgets

?activeWindow@QApplication@@SAPAVQWidget@@XZ
?focusWidget@QApplication@@SAPAVQWidget@@XZ
?activePopupWidget@QApplication@@SAPAVQWidget@@XZ
?windowHandle@QWidget@@QBEPAVQWindow@@XZ
?focusWidget@QWidget@@QBEPAV1@XZ
?keyboardGrabber@QWidget@@SAPAV1@XZ
?mapToGlobal@QWidget@@QBE?AVQPoint@@ABV2@@Z
?rect@QWidget@@QBE?AVQRect@@XZ
?qWaitForWindowExposed@QTest@@YA_NPAVQWidget@@H@Z
?qWaitForWindowActive@QTest@@YA_NPAVQWidget@@H@Z

qt5gui

?qWaitForWindowExposed@QTest@@YA_NPAVQWindow@@H@Z
?focusWindow@QGuiApplication@@SAPAVQWindow@@XZ
?setPos@QCursor@@SAXHH@Z
?geometry@QWindow@@QBE?AVQRect@@XZ
?mapToGlobal@QWindow@@QBE?AVQPoint@@ABV2@@Z
?count@QKeySequence@@QBEHXZ
?qWaitForWindowActive@QTest@@YA_NPAVQWindow@@H@Z
??0QMouseEvent@@QAE@W4Type@QEvent@@ABVQPointF@@W4MouseButton@Qt@@V?$QFlags@W4MouseButton@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
??0QMouseEvent@@QAE@W4Type@QEvent@@ABVQPointF@@1W4MouseButton@Qt@@V?$QFlags@W4MouseButton@Qt@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
??1QMouseEvent@@UAE@XZ
??4QMouseEvent@@QAEAAV0@ABV0@@Z
??0QKeyEvent@@QAE@W4Type@QEvent@@HV?$QFlags@W4KeyboardModifier@Qt@@@@ABVQString@@_NG@Z
??1QKeyEvent@@UAE@XZ
??AQKeySequence@@QBEHI@Z
??0TouchPoint@QTouchEvent@@QAE@H@Z
??0TouchPoint@QTouchEvent@@QAE@ABV01@@Z
??4TouchPoint@QTouchEvent@@QAEAAV01@$$QAV01@@Z
??1TouchPoint@QTouchEvent@@QAE@XZ
??4TouchPoint@QTouchEvent@@QAEAAV01@ABV01@@Z
?setState@TouchPoint@QTouchEvent@@QAEXV?$QFlags@W4TouchPointState@Qt@@@@@Z
?setScreenPos@TouchPoint@QTouchEvent@@QAEXABVQPointF@@@Z
?qt_handleTouchEvent@@YAXPAVQWindow@@PAVQTouchDevice@@ABV?$QList@VTouchPoint@QTouchEvent@@@@V?$QFlags@W4KeyboardModifier@Qt@@@@@Z
?qt_handleMouseEvent@@YAXPAVQWindow@@ABVQPointF@@1V?$QFlags@W4MouseButton@Qt@@@@W4MouseButton@Qt@@W4Type@QEvent@@V?$QFlags@W4KeyboardModifier@Qt@@@@H@Z
?qt_sendShortcutOverrideEvent@@YA_NPAVQObject@@KHV?$QFlags@W4KeyboardModifier@Qt@@@@ABVQString@@_NG@Z
?qt_handleKeyEvent@@YAXPAVQWindow@@W4Type@QEvent@@HV?$QFlags@W4KeyboardModifier@Qt@@@@ABVQString@@_NG@Z

qt5test

?qtestMouseButtons@QTestPrivate@@3V?$QFlags@W4MouseButton@Qt@@@@A
?lastMouseButton@QTest@@3W4MouseButton@Qt@@A
?lastMouseTimestamp@QTest@@3HA
?qWarn@QTest@@YAXPBD0H@Z
?asciiToKey@QTest@@YA?AW4Key@Qt@@D@Z
?keyToAscii@QTest@@YADW4Key@Qt@@@Z
?qSleep@QTest@@YAXH@Z
?defaultKeyDelay@QTest@@YAHXZ
?defaultMouseDelay@QTest@@YAHXZ
?staticMetaObject@QAbstractItemModelTester@@2UQMetaObject@@B
?enterLoopMSecs@QTestEventLoop@@QAEXH@Z
?exitLoop@QTestEventLoop@@QAEXXZ
??0QTestEventLoop@@QAE@XZ
?metaObject@QAbstractItemModelTester@@UBEPBUQMetaObject@@XZ
?qt_metacast@QAbstractItemModelTester@@UAEPAXPBD@Z
?qt_metacall@QAbstractItemModelTester@@UAEHW4Call@QMetaObject@@HPAPAX@Z
??0QAbstractItemModelTester@@QAE@PAVQAbstractItemModel@@PAVQObject@@@Z
??0QAbstractItemModelTester@@QAE@PAVQAbstractItemModel@@W4FailureReportingMode@0@PAVQObject@@@Z
?model@QAbstractItemModelTester@@QBEPAVQAbstractItemModel@@XZ
?failureReportingMode@QAbstractItemModelTester@@QBE?AW4FailureReportingMode@1@XZ

qt5core

?methodIndex@QMetaMethod@@QBEHXZ
?methodType@QMetaMethod@@QBE?AW4MethodType@1@XZ
?parameterNames@QMetaMethod@@QBE?AV?$QList@VQByteArray@@@@XZ
?parameterTypes@QMetaMethod@@QBE?AV?$QList@VQByteArray@@@@XZ
?parameterType@QMetaMethod@@QBEHH@Z
?parameterCount@QMetaMethod@@QBEHXZ
?name@QMetaMethod@@QBE?AVQByteArray@@XZ
?methodSignature@QMetaMethod@@QBE?AVQByteArray@@XZ
??0QVariant@@QAE@ABV0@@Z
??0QVariant@@QAE@HPBX@Z
??1QVariant@@QAE@XZ
?currentThread@QThread@@SAPAV1@XZ
?disconnectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?connectNotify@QObject@@MAEXABVQMetaMethod@@@Z
?customEvent@QObject@@MAEXPAVQEvent@@@Z
?childEvent@QObject@@MAEXPAVQChildEvent@@@Z
?timerEvent@QObject@@MAEXPAVQTimerEvent@@@Z
?isSignalConnected@QObject@@IBE_NABVQMetaMethod@@@Z
?receivers@QObject@@IBEHPBD@Z
?senderSignalIndex@QObject@@IBEHXZ
?sender@QObject@@IBEPAV1@XZ
?deleteLater@QObject@@QAEXXZ
?thread@QObject@@QBEPAVQThread@@XZ
?eventFilter@QObject@@UAE_NPAV1@PAVQEvent@@@Z
?event@QObject@@UAE_NPAVQEvent@@@Z
??1QObject@@UAE@XZ
??0QObject@@QAE@PAV0@@Z
?qt_metacall@QObject@@UAEHW4Call@QMetaObject@@HPAPAX@Z
?qt_metacast@QObject@@UAEPAXPBD@Z
?metaObject@QObject@@UBEPBUQMetaObject@@XZ
?dynamicMetaObject@QObjectData@@QBEPAUQMetaObject@@XZ
?remove@QListData@@QAEXH@Z
??1Connection@QMetaObject@@QAE@XZ
?shared_null@QMapDataBase@@2U1@B
?shared_null@QListData@@2UData@1@B
?qt_assert@@YAXPBD0H@Z
??1QByteArray@@QAE@XZ
?data@QByteArray@@QAEPADXZ
?constData@QByteArray@@QBEPBDXZ
??0QChar@@QAE@UQLatin1Char@@@Z
??0QString@@QAE@XZ
??0QString@@QAE@VQChar@@@Z
??0QString@@QAE@ABV0@@Z
??1QString@@QAE@XZ
??4QString@@QAEAAV0@$$QAV0@@Z
?at@QString@@QBE?BVQChar@@H@Z
?arg@QString@@QBE?AV1@HHHVQChar@@@Z
?arg@QString@@QBE?AV1@ABV1@HVQChar@@@Z
?toLatin1@QString@@QHAE?AVQByteArray@@XZ
?toLocal8Bit@QString@@QHAE?AVQByteArray@@XZ
?fromLatin1@QString@@SA?AV1@PBDH@Z
?detach@QListData@@QAEPAUData@1@H@Z
?detach_grow@QListData@@QAEPAUData@1@PAHH@Z
?realloc@QListData@@QAEXH@Z
?dispose@QListData@@SAXPAUData@1@@Z
?append@QListData@@QAEPAPAXXZ
?inherits@QObject@@QBE_NPBD@Z
?nextNode@QMapNodeBase@@QBEPBU1@XZ
?recalcMostLeftNode@QMapDataBase@@QAEXXZ
?createNode@QMapDataBase@@QAEPAUQMapNodeBase@@HHPAU2@_N@Z
?freeTree@QMapDataBase@@QAEXPAUQMapNodeBase@@H@Z
?createData@QMapDataBase@@SAPAU1@XZ
?freeData@QMapDataBase@@SAXPAU1@@Z
?getAndRef@ExternalRefCountData@QtSharedPointer@@SAPAU12@PBVQObject@@@Z
?instance@QCoreApplication@@SAPAV1@XZ
?processEvents@QCoreApplication@@SAXV?$QFlags@W4ProcessEventsFlag@QEventLoop@@@@@Z
?qWait@QTest@@YAXH@Z
?center@QRect@@QBE?AVQPoint@@XZ
?staticMetaObject@QObject@@2UQMetaObject@@B
??0QMessageLogger@@QAE@PBDH0@Z
?warning@QMessageLogger@@QBAXPBDZZ
?allocate@QArrayData@@SAPAU1@IIIV?$QFlags@W4AllocationOption@QArrayData@@@@@Z
?deallocate@QArrayData@@SAXPAU1@II@Z
?sharedNull@QArrayData@@SAPAU1@XZ
??0QByteArray@@QAE@XZ
??0QByteArray@@QAE@ABV0@@Z
??4QByteArray@@QAEAAV0@ABV0@@Z
??4QByteArray@@QAEAAV0@$$QAV0@@Z
?methodCount@QMetaObject@@QBEHXZ
?indexOfMethod@QMetaObject@@QBEHPBD@Z
?method@QMetaObject@@QBE?AVQMetaMethod@@H@Z
?normalizedSignature@QMetaObject@@SA?AVQByteArray@@PBD@Z
?isConnected_helper@Connection@QMetaObject@@ABE_NXZ
?metacall@QMetaObject@@SAHPAVQObject@@W4Call@1@HPAPAX@Z
?connect@QMetaObject@@SA?AVConnection@1@PBVQObject@@H0HHPAH@Z

python3

_Py_NoneStruct
_Py_Dealloc
PyBool_FromLong
PyDict_GetItemString
PyModule_GetDict
PyCapsule_GetPointer
PyErr_SetString
Py_FatalError
PyModule_Create2
PyEval_SaveThread
PyEval_RestoreThread
PyImport_ImportModule
PyCapsule_Type
PyExc_AttributeError
PyLong_FromLong
PyGILState_Ensure
PyGILState_Release

kernel32

SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
DisableThreadLibraryCalls
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead

vcruntime140

__std_type_info_destroy_list
memset
_CxxThrowException
__std_exception_destroy
__std_exception_copy
memcpy
_except_handler4_common

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e
_seh_filter_dll
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_narrow_environment
_cexit
_configure_narrow_argv

Exports

Exports

PyInit_QtTest

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9d318456e9be81a2637fe01bf87cf9e

Headers

DLL Characteristics

File Characteristics

Imports

qt5widgets

qt5gui

qt5test

qt5core

python3

kernel32

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

Exports

Exports

Sections

.text Size: 35KB - Virtual size: 34KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 9KB - Virtual size: 9KB

.reloc Size: 4KB - Virtual size: 4KB

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 9KB - Virtual size: 9KB

.reloc
Size: 4KB - Virtual size: 4KB