NEAS[.]254eb47abca468d7b9ba3f7946d69900[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.254eb47abca468d7b9ba3f7946d69900.exe
Size

359KB
MD5

254eb47abca468d7b9ba3f7946d69900
SHA1

8e92a8a7fe69e93531117a9fa9492fea7d0c9f31
SHA256

eaa6dc51c6b2cff02f4b8b454bcbd21c6bfaa17a686d39ef46559c0b7db8c55e
SHA512

d771b29538a1ac68087c5ef1fc7d04bbd1a0ffe44a73da0efc98d6cebefb900ad94f850555965003692c8b722d09f6fe71598bdb62fd6169042584218a324bbe
SSDEEP

6144:xUE8QGHFbh2LbhTZR5Cvxje5m7eV+wGedvbp7ixqcCz:xUE8/YL+vsqeVTG8vbViYZz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.254eb47abca468d7b9ba3f7946d69900.exe

Files

NEAS.254eb47abca468d7b9ba3f7946d69900.exe
.exe windows:4 windows x86

1e698859a4e68bfdc399348c4961c26b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesExW
DeleteFileW
MoveFileW
WideCharToMultiByte
CreateFileW
SetFilePointer
WriteFile
GetCommandLineW
LocalFree
OpenMutexW
GetTempPathW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedCompareExchange
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
lstrlenW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocalTime
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoW
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentProcessId
QueryPerformanceCounter
HeapCreate
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
RtlUnwind
CreateThread
ExitThread
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
GetLastError
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
SetLastError
GetCurrentThreadId
FlushInstructionCache
GetCurrentProcess
Sleep
GetModuleHandleW
GetProcAddress
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WaitForSingleObject
UnhandledExceptionFilter
VirtualFreeEx
ReadProcessMemory
CloseHandle
VirtualAllocEx
OpenProcess
GetVersionExW
InterlockedIncrement
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
InterlockedDecrement
GetTickCount
MulDiv
IsValidLocale
MultiByteToWideChar

user32

UnregisterClassA
GetPropW
GetDesktopWindow
SetPropW
DispatchMessageW
TranslateMessage
GetMessageW
BringWindowToTop
SetForegroundWindow
GetWindow
RedrawWindow
WindowFromPoint
PostQuitMessage
SetWindowTextW
CreateDialogParamW
GetClientRect
GetDlgItem
CopyRect
OffsetRect
DrawTextW
SystemParametersInfoW
GetWindowThreadProcessId
GetClassNameW
EnumChildWindows
FindWindowW
LoadImageW
LoadIconW
DestroyIcon
SetWindowRgn
SendMessageW
GetWindowRgn
DrawIconEx
GetMonitorInfoW
MonitorFromPoint
UpdateLayeredWindow
GetParent
TrackMouseEvent
GetDlgCtrlID
GetSystemMetrics
EndPaint
BeginPaint
MoveWindow
PostMessageW
DefWindowProcW
IsWindowVisible
SetWindowPos
GetWindowLongW
SetWindowLongW
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
GetClassInfoExW
GetKeyState
UnregisterClassW
DestroyWindow
ScreenToClient
LoadCursorW
SetCursor
ReleaseCapture
GetCapture
KillTimer
GetWindowRect
GetCursorPos
SetTimer
InvalidateRect
IsWindow
PtInRect
SetRect
LoadBitmapW
ReleaseDC
GetDC
MapWindowPoints

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
CommandLineToArgvW
SHCreateDirectoryExW

shlwapi

PathFileExistsW

gdi32

GetDeviceCaps
BitBlt
DeleteObject
SetBkMode
SetTextColor
Rectangle
DeleteDC
ExtCreateRegion
CombineRgn
CreateSolidBrush
CreateDIBSection
CreateCompatibleDC
GetObjectW
CreateFontIndirectW
PatBlt
SetBkColor
CreateRectRgn
PtInRegion
CreateFontW
SelectObject

ws2_32

htons
htonl

imm32

ImmDisableIME

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

1e698859a4e68bfdc399348c4961c26b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

shlwapi

gdi32

ws2_32

imm32

Sections

.text Size: 156KB - Virtual size: 153KB

.rdata Size: 32KB - Virtual size: 30KB

.data Size: 8KB - Virtual size: 16KB

.rsrc Size: 152KB - Virtual size: 152KB

.text
Size: 156KB - Virtual size: 153KB

.rdata
Size: 32KB - Virtual size: 30KB

.data
Size: 8KB - Virtual size: 16KB

.rsrc
Size: 152KB - Virtual size: 152KB