NEAS[.]2adae3212fcc9f25b9c47a4b954e1730[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2adae3212fcc9f25b9c47a4b954e1730.exe
Size

416KB
MD5

2adae3212fcc9f25b9c47a4b954e1730
SHA1

681437dcdf1cc3e2273835d1903f7d66bf5ac868
SHA256

d9e502448d295834e431f4108b761328ce429251430e4a2fa9e33f27b1a40b18
SHA512

609b4d08648d80f02949f9030f27a9b6bcc83eb29a6321e4b4f1b154d8f7ee60505234d37c13a39281d583467993e210e5443092f8378312c44ef882e2d4e849
SSDEEP

6144:2PHgO5jQoMiGZW1RDUNKSUNKoAGKYAjmCt1AU4kzlexyUdA91jX:6go3GZW1x4OAGKtjxtGvGjX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2adae3212fcc9f25b9c47a4b954e1730.exe

Files

NEAS.2adae3212fcc9f25b9c47a4b954e1730.exe
.exe windows:5 windows x86

316d6d85e86cfdd2555d6780e0136d83

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

free
??3@YAXPAX@Z
wcslen
??2@YAPAXI@Z
__CxxFrameHandler
realloc
memmove
_except_handler3
malloc
_purecall
_wtoi
wcscmp
memset
_ftol
_CxxThrowException
_controlfp
_onexit
__dllonexit
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit

advapi32

GetAclInformation
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
GetLengthSid
RegQueryInfoKeyW
RegOpenKeyExA
RegQueryValueExA
ControlService
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ConvertSidToStringSidW
LookupAccountNameW
GetSecurityInfo
ConvertStringSidToSidW
EqualSid
GetAce
SetSecurityInfo
InitializeAcl
AddAce
CopySid
IsValidSid
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegDeleteKeyW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegOpenKeyExW

kernel32

LocalFree
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
GetModuleFileNameW
GetLastError
FreeLibrary
MultiByteToWideChar
LoadLibraryExW
lstrcmpiW
lstrcpynW
OpenEventW
CreateThread
ResetEvent
WaitForMultipleObjects
SetLastError
CreateEventW
lstrcpynA
CompareStringW
MulDiv
lstrlenW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleA
GetStartupInfoW
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetProcAddress
LoadLibraryA
VirtualFree
VirtualAlloc
CloseHandle
GetCurrentProcess
FlushInstructionCache
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetVersionExW
GetThreadLocale
GetLocaleInfoA
GetACP
lstrcpyW
InterlockedExchange
FormatMessageW
GetComputerNameW
GlobalUnlock
GetCurrentThreadId

gdi32

GetStockObject
CreateFontIndirectW
DeleteDC
LineTo
MoveToEx
CreatePen
SetTextColor
SelectObject
GetObjectW
DeleteObject
GetTextExtentPoint32W
SetROP2
SetBkColor
GetTextMetricsW
ExtTextOutW
SetMapMode
SetBkMode
CreateFontW

user32

DestroyMenu
SetForegroundWindow
GetSubMenu
GetCursorPos
DefWindowProcW
PostQuitMessage
CreateDialogParamW
CallWindowProcW
GetSystemMetrics
AdjustWindowRect
SendMessageW
SetFocus
LoadStringA
TrackPopupMenuEx
IsWindow
MessageBeep
GetMenuItemInfoW
GetMenuItemCount
CreatePopupMenu
PtInRect
RemoveMenu
DrawIconEx
DrawIcon
GetWindowTextW
GetWindowTextLengthW
MoveWindow
InvalidateRect
RedrawWindow
EnableWindow
GetDlgItem
IsDialogMessageW
CopyRect
InflateRect
LoadIconW
FillRect
DrawTextW
DestroyIcon
GetSysColor
SetMenuDefaultItem
ReleaseDC
OffsetRect
SetRectEmpty
GetClassNameW
UpdateWindow
ReleaseCapture
GetCapture
SetCapture
SetCursor
ScreenToClient
GetDlgCtrlID
BeginPaint
EndPaint
DrawFocusRect
GetFocus
IsWindowEnabled
DialogBoxParamW
GetActiveWindow
wvsprintfW
EndDialog
GetKeyState
AppendMenuW
TrackPopupMenu
KillTimer
SetTimer
IsWindowVisible
GetSystemMenu
SetWindowTextW
PostMessageW
TranslateAcceleratorW
RegisterWindowMessageW
CharNextW
LoadMenuW
LoadAcceleratorsW
GetClassInfoExW
LoadCursorW
wsprintfW
GetDC
EnableMenuItem
LoadImageW
RegisterClassExW
CreateWindowExW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
LoadStringW
MessageBoxW
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
MapWindowPoints
SetWindowPos
ShowWindow
GetWindowLongW
SetWindowLongW
UnregisterClassW
GetClientRect

oleaut32

VariantChangeType
SysAllocStringLen
VariantClear
SysStringByteLen
VariantInit
SysAllocString
VarUI4FromStr
SysAllocStringByteLen
SysFreeString

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitializeEx

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_LoadImageW
ImageList_Destroy

shell32

SHGetPathFromIDListW
SHGetFolderPathW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW
SHBrowseForFolderW

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipGetPropertySize
GdipGetAllPropertyItems
GdipSetPropertyItem
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromScan0
GdipCreateFromHDC
GdipGetImageGraphicsContext
GdipSetInterpolationMode
GdipSetSmoothingMode
GdipDrawImageRectI
GdipCloneImage
GdiplusStartup
GdipFree
GdipDeleteGraphics
GdipAlloc
GdiplusShutdown

urlmon

IsValidURL

shlwapi

PathIsUNCW
SHCreateStreamOnFileW
PathRemoveBackslashW
ord191

secur32

GetUserNameExW

mpr

WNetGetConnectionW

Sections

.text
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 812B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 201KB - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

316d6d85e86cfdd2555d6780e0136d83

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

advapi32

kernel32

gdi32

user32

oleaut32

ole32

comctl32

shell32

gdiplus

urlmon

shlwapi

secur32

mpr

Sections

.text Size: 156KB - Virtual size: 156KB

.data Size: 512B - Virtual size: 812B

.rsrc Size: 201KB - Virtual size: 201KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 156KB - Virtual size: 156KB

.data
Size: 512B - Virtual size: 812B

.rsrc
Size: 201KB - Virtual size: 201KB

.rmnet
Size: 56KB - Virtual size: 60KB