NEAS[.]24388fa8b913519662eefe32ae27eab0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.24388fa8b913519662eefe32ae27eab0.exe
Size

7.7MB
MD5

24388fa8b913519662eefe32ae27eab0
SHA1

dbddca14fc88e8c1b0a3ba8ddcd8c2e0a9dc900b
SHA256

a4dfee207defc11f01ea806c44f030f89f11ba0972fa66dfbec18038aa5ce18e
SHA512

bfae1db7757c6bb590940cb9481af198402502b29ec54fdb26c5c9ff2b7f50f95f7c788f0d75807d16a7d8194409b3adb19cb32b3d06a008ed52ec941f329d43
SSDEEP

196608:NhCuKxkcYjADs0oT8q0t/x8XIotmOrKBJ:/sDdxssl

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.24388fa8b913519662eefe32ae27eab0.exe

Files

NEAS.24388fa8b913519662eefe32ae27eab0.exe
.exe windows:4 windows x86

f180d4f38d1f68696e03b7714ade9b8c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
DeregisterEventSource
RegCloseKey
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegisterEventSourceA
ReportEventA

comctl32

InitCommonControls

comdlg32

GetOpenFileNameW
GetSaveFileNameW

gdi32

BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreatePen
DeleteDC
DeleteObject
GetBitmapBits
GetDeviceCaps
GetObjectA
GetStockObject
Rectangle
SelectObject
SetBkMode
SetROP2
SetTextColor
StretchDIBits
TextOutA

kernel32

AddAtomA
CloseHandle
CreateFileA
CreateFileMappingW
CreateFileW
CreateIoCompletionPort
CreateMutexA
CreateRemoteThread
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
ExitProcess
ExitThread
FindAtomA
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FormatMessageA
FreeLibrary
GetAtomNameA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesW
GetFileSize
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetQueuedCompletionStatus
GetStdHandle
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetVersion
GetVersionExA
GlobalAlloc
GlobalFree
GlobalMemoryStatus
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InterlockedExchange
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFlags
LocalFree
LocalLock
LocalSize
LocalUnlock
MapViewOfFile
MoveFileW
MultiByteToWideChar
OpenMutexA
OpenProcess
PostQueuedCompletionStatus
QueryPerformanceCounter
ReadFile
ReadProcessMemory
ReleaseSemaphore
RemoveDirectoryW
ResumeThread
SetCurrentDirectoryW
SetFilePointer
SetLastError
SetThreadPriority
SetUnhandledExceptionFilter
Sleep
SuspendThread
TerminateProcess
TerminateThread
TryEnterCriticalSection
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile
WriteProcessMemory

msvcrt

_stat
_stricmp
_unlink
__getmainargs
__lc_codepage
__mb_cur_max
__p__environ
__p__fmode
__set_app_type
_assert
_beginthread
_cexit
_close
_endthread
_errno
_exit
_fstati64
_ftime
_getch
_getpid
_iob
_isctype
_onexit
_open
_pctype
_read
_setmode
_snprintf
_stat
_strdup
_stricmp
_strnicmp
_vsnprintf
_wfopen
abort
atexit
atof
atoi
calloc
ceil
exit
exp
fclose
fflush
fgets
fopen
fprintf
fputc
fputs
fread
free
fseek
ftell
fwrite
getenv
gmtime
localeconv
localtime
log
malloc
memchr
memcpy
memmove
memset
mktime
pow
printf
qsort
raise
rand
realloc
remove
signal
sprintf
srand
sscanf
strcat
strchr
strcmp
strcpy
strerror
strftime
strlen
strncmp
strncpy
strrchr
strspn
strstr
strtol
strtoul
time
tolower
toupper
vfprintf
wcslen
wcsstr

shell32

SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetSpecialFolderPathA
Shell_NotifyIconA

user32

AppendMenuA
AppendMenuW
BringWindowToTop
CallWindowProcA
CheckDlgButton
CheckMenuItem
ClientToScreen
CreateDialogParamW
CreatePopupMenu
DestroyMenu
DestroyWindow
DialogBoxParamW
EnableWindow
EndDialog
EnumWindows
FindWindowExA
GetCapture
GetClassLongA
GetClientRect
GetCursorPos
GetDC
GetDesktopWindow
GetDlgItem
GetDlgItemInt
GetDlgItemTextA
GetDlgItemTextW
GetForegroundWindow
GetParent
GetProcessWindowStation
GetScrollPos
GetScrollRange
GetUserObjectInformationW
GetWindowDC
GetWindowLongA
GetWindowPlacement
GetWindowRect
GetWindowTextW
GetWindowThreadProcessId
InsertMenuA
InsertMenuW
InvalidateRect
InvertRect
IsDlgButtonChecked
IsIconic
IsWindowEnabled
IsWindowVisible
IsZoomed
KillTimer
LoadCursorA
LoadIconA
MessageBoxA
MessageBoxW
MoveWindow
PostMessageA
RedrawWindow
RegisterHotKey
ReleaseCapture
ReleaseDC
ScreenToClient
SendDlgItemMessageA
SendDlgItemMessageW
SendMessageA
SendMessageW
SetCapture
SetClassLongA
SetCursor
SetDlgItemInt
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetScrollPos
SetScrollRange
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
SetWindowTextW
ShowScrollBar
ShowWindow
TrackPopupMenu
UnregisterHotKey
WindowFromPoint

ws2_32

WSACleanup
WSAGetLastError
WSAIoctl
WSASetLastError
WSAStartup
accept
bind
closesocket
connect
gethostbyname
gethostname
getservbyname
getsockname
getsockopt
htonl
htons
inet_addr
ioctlsocket
listen
ntohl
ntohs
recv
recvfrom
select
send
sendto
setsockopt
shutdown
socket

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 570KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f180d4f38d1f68696e03b7714ade9b8c

Headers

File Characteristics

Imports

advapi32

comctl32

comdlg32

gdi32

kernel32

msvcrt

shell32

user32

ws2_32

Sections

.text Size: 6.9MB - Virtual size: 6.9MB

.data Size: 130KB - Virtual size: 130KB

.rdata Size: 570KB - Virtual size: 570KB

.bss Size: - Virtual size: 33KB

.idata Size: 10KB - Virtual size: 9KB

.rsrc Size: 81KB - Virtual size: 81KB

.text
Size: 6.9MB - Virtual size: 6.9MB

.data
Size: 130KB - Virtual size: 130KB

.rdata
Size: 570KB - Virtual size: 570KB

.bss
Size: - Virtual size: 33KB

.idata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 81KB - Virtual size: 81KB