NEAS[.]424d19011444e97d15ebfbf9805da670[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.424d19011444e97d15ebfbf9805da670.exe
Size

784KB
MD5

424d19011444e97d15ebfbf9805da670
SHA1

bf2652971135cace42df4c6eddbfae2fa7b15db3
SHA256

d7d703704e8aa0db3ef474b6c521ef9f961757b0092f2aabc8a998b181845b84
SHA512

29e2a305a3eac3d3f198ccbf414da6cd7de92fa25a5d3ff2d2a82bcdcc4db57c36eff8c0f801cc3c6edd796ff280ce4bf63d9e738d2c8358e0cf99b34f111dbc
SSDEEP

24576:9WoEzL7EWPcvPe219JmCHtwdmsm+mwmVmMmgmLm+9TPk:EvEWkv/Htwdmsm+mwmVmMmgmLmQTPk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.424d19011444e97d15ebfbf9805da670.exe

Files

NEAS.424d19011444e97d15ebfbf9805da670.exe
.exe windows:4 windows x86

9a0b33ae4bf1228e2f013a73642f7e53

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetLastError
GetSystemDirectoryA
CompareStringA
SetErrorMode
GetModuleHandleA
VirtualProtectEx
GlobalMemoryStatus
SetEvent
SetThreadPriority
WaitForSingleObject
TerminateThread
IsBadCodePtr
DeleteFileA
LoadLibraryA
GetTempPathA
ResetEvent
DuplicateHandle
ResumeThread
CreateFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetFileAttributesA
GetExitCodeThread
LoadResource
LockResource
SizeofResource
GetLastError
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetCurrentProcess
FreeLibrary
GetCurrentProcessId
GetWindowsDirectoryA
GetVersionExA
Sleep
FindClose
GetModuleFileNameA
MapViewOfFile
UnmapViewOfFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
OpenProcess
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetCurrentThreadId
GetCurrentThread
SuspendThread
FreeResource
GlobalFree
GlobalUnlock
lstrlenA
LocalFree
MulDiv
InterlockedDecrement
RaiseException
FileTimeToSystemTime
LocalAlloc
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
InterlockedIncrement
GlobalFlags
GetFileTime
GetTickCount
RtlUnwind
ExitProcess
HeapFree
HeapAlloc
GetFileType
GetSystemTimeAsFileTime
TerminateProcess
ExitThread
CreateThread
HeapReAlloc
HeapSize
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
GetCommandLineA
GetCommandLineW
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
SetUnhandledExceptionFilter
QueryPerformanceCounter
IsBadWritePtr
LCMapStringA
GetTimeZoneInformation
GetOEMCP
IsBadReadPtr
GetStringTypeA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDriveTypeA
GetCurrentDirectoryA
SetEnvironmentVariableA
SetFileAttributesA
DeviceIoControl

advapi32

RegGetKeySecurity
RegSetKeySecurity
FreeSid
SetSecurityDescriptorDacl
AllocateAndInitializeSid
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
BuildTrusteeWithNameW
BuildTrusteeWithSidW
RegQueryValueExA
GetUserNameA
RegOpenKeyA
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceConfigW
EnumServicesStatusW
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
LookupAccountNameW

user32

GetLastActivePopup
GetParent
ValidateRect
GetKeyState
IsWindowVisible
GetActiveWindow
CallNextHookEx
GetMenuCheckMarkDimensions
CheckMenuItem
EnableMenuItem
GetMenuState
GetFocus
SetMenuItemBitmaps
EndDialog
GetNextDlgTabItem
GetDlgItem
IsWindow
DestroyWindow
SetActiveWindow
GetDesktopWindow
SetWindowPos
MapDialogRect
SetWindowContextHelpId
GetWindow
PtInRect
CopyRect
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
GetDlgCtrlID
EqualRect
AdjustWindowRectEx
GetSysColor
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenu
UpdateWindow
SetForegroundWindow
IsWindowEnabled
GetMessagePos
GetMessageTime
UnhookWindowsHookEx
GetTopWindow
GetForegroundWindow
IsChild
SetFocus
SendDlgItemMessageA
GetCapture
MoveWindow
ShowWindow
ClientToScreen
GetDC
ReleaseDC
GetWindowDC
BeginPaint
SetCursor
SetCapture
ReleaseCapture
GetSysColorBrush
IsRectEmpty
SetRect
InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
DestroyMenu
EndPaint
GetCursorPos
TranslateMessage
PostQuitMessage
GetSystemMetrics
GetClientRect
GetWindowRect
IsIconic
DrawIcon
MapWindowPoints

comctl32

ord17

shlwapi

StrTrimA
StrTrimW
PathStripToRootW
PathFindFileNameW
PathFindExtensionW
PathRemoveFileSpecA
PathRemoveFileSpecW
PathIsUNCW

ole32

CoUninitialize
CoTaskMemFree
CoCreateInstance
CLSIDFromProgID
CLSIDFromString
CoTaskMemAlloc
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
StringFromGUID2
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
SysStringLen
OleCreateFontIndirect
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayDestroy
SysAllocString
VariantCopy

iphlpapi

GetNetworkParams
GetAdaptersInfo
GetIpAddrTable

wininet

InternetReadFile
HttpEndRequestW
HttpSendRequestExW
InternetConnectW
InternetWriteFile
HttpOpenRequestW
HttpAddRequestHeadersW
HttpQueryInfoW
InternetCloseHandle
InternetGetLastResponseInfoW
InternetQueryDataAvailable
InternetSetFilePointer
InternetSetStatusCallbackW
InternetOpenW

gdi32

GetMapMode
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetDeviceCaps
SetBkColor
SetTextColor
GetClipBox
CreateBitmap

shell32

SHGetMalloc

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

winspool.drv

ClosePrinter

ws2_32

WSCGetProviderPath
inet_ntoa
ntohs
WSACleanup
WSAStartup
WSCEnumProtocols
WSAEnumNameSpaceProvidersW

netapi32

Netbios

Sections

.text
Size: 600KB - Virtual size: 599KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 129KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9a0b33ae4bf1228e2f013a73642f7e53

Headers

File Characteristics

Imports

kernel32

advapi32

user32

comctl32

shlwapi

ole32

oleaut32

iphlpapi

wininet

gdi32

shell32

version

winspool.drv

ws2_32

netapi32

Sections

.text Size: 600KB - Virtual size: 599KB

.rdata Size: 132KB - Virtual size: 129KB

.data Size: 24KB - Virtual size: 39KB

.rsrc Size: 24KB - Virtual size: 21KB

.text
Size: 600KB - Virtual size: 599KB

.rdata
Size: 132KB - Virtual size: 129KB

.data
Size: 24KB - Virtual size: 39KB

.rsrc
Size: 24KB - Virtual size: 21KB