Static task
static1
Behavioral task
behavioral1
Sample
NEAS.642a6316f7fe51efc3ba890d6f127410.exe
Resource
win7-20231023-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.642a6316f7fe51efc3ba890d6f127410.exe
Resource
win10v2004-20231020-en
windows10-2004-x64
General
-
Target
NEAS.642a6316f7fe51efc3ba890d6f127410.exe
-
Size
1.8MB
-
MD5
642a6316f7fe51efc3ba890d6f127410
-
SHA1
ca1da9daa8ef03a3a3a9c1ff2326fb7a0862cade
-
SHA256
4453167b959a8c2abdd1a7dc5d63cae35c1f9f585df7eccbd691e2fff5d95f8c
-
SHA512
64ebe1f5fc86aee2ab8d105b5203662bc56c929470b7b5ee281833218e15c5175cb1439f11ff5a97d3352e73b467599d318aadfc0ca45592d25e56ab8f32201b
-
SSDEEP
24576:lnIU+8S+jPL/y/8x8H/4PcTfP9qUyhSXB5fzMTx1dTSmis2qShX:e81/yUSgPcTfP9qUA45sTXF2qShX
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource NEAS.642a6316f7fe51efc3ba890d6f127410.exe
Files
-
NEAS.642a6316f7fe51efc3ba890d6f127410.exe.exe windows:4 windows x86
f37ee718f786a811b6c365514f25cf26
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
engine
??0PCFSystem@@QAE@XZ
?OurView@@3P6APAVView@@XZA
?OurGame@@3P6APAVEngineGame@@XZA
?GFileManAudio@@3VGFileManager@@A
?RegisterPack@GFileManager@@QAEPAVGPack@@PAV2@PBD1_N@Z
?GFileMan@@3VGFileManager@@A
??0GPack@@QAE@XZ
??1GPack@@UAE@XZ
?SetCallbackFunc@LogBuffer@@QAEXP6AXPBD@Z@Z
?ReloadTextures@MaterialSystem@@QAEHXZ
?FloorSelection@Pathfinder@@QAEXPAUtagRECT@@H@Z
?Selection@Pathfinder@@QAEHMPAUtagRECT@@H@Z
?FloorSelection@Pathfinder2@@QAEXABVViewport@@PAUtagRECT@@_N@Z
?Selection@Pathfinder2@@QAEHAAVViewport@@MPAUtagRECT@@_N@Z
?PrepareFloors@Pathfinder@@QAEXXZ
?PrepareFloors@Pathfinder2@@QAEXXZ
?SelectUnselectWaypointsOnSelectedFloors@Pathfinder@@QAEXH@Z
?Select_OnSelectedFloors@Pathfinder2@@QAEX_N@Z
?ConnectSelected@Pathfinder@@QAEXXZ
?Selected_ConnectDisconnect@Pathfinder2@@QAEXMMHH@Z
?DisconnectSelected@Pathfinder@@QAEXXZ
?CopySelected@Pathfinder@@QAEXXZ
?Selected_Copy@Pathfinder2@@QAEXABVVector@@@Z
?RemoveSelectedFloors@Pathfinder@@QAEXXZ
?RemoveSelected@Pathfinder@@QAEXXZ
?SelectedFloors_Remove@Pathfinder2@@QAEXXZ
?Selected_Remove@Pathfinder2@@QAEXXZ
?MoveSelectedToZoneTheyreIn@Pathfinder@@QAEXXZ
?GenerateAutomaticStructures@Pathfinder2@@QAEXXZ
?ClearAutomaticStructures@Pathfinder2@@QAEXXZ
?Print@LogBuffer@@QAAXPBDZZ
?SelectWaypointsNotConnectedToAnythingInCurrentRoom@Pathfinder@@QAEXXZ
?Select_NotConnectedToAnything@Pathfinder2@@QAEXXZ
?CleanStructures@Pathfinder@@QAEXXZ
?SetSelectedAsForSmallMonstersOnly@Pathfinder@@QAEXXZ
?SetSelectedAsForAllMonsters@Pathfinder@@QAEXXZ
?InvertSelection@Pathfinder@@QAEXXZ
?Select_Invert@Pathfinder2@@QAEXXZ
?ImportFromOldPathfinder@Pathfinder2@@QAEXXZ
?GetCurrentSetFromSelected@Pathfinder2@@QAEXXZ
?MakeNewSetFromSelected@Pathfinder2@@QAEXXZ
?ExpandCurrentSet@Pathfinder2@@QAEXXZ
?ContractCurrentSet@Pathfinder2@@QAEXXZ
?ValidateSets@Pathfinder2@@QAEXXZ
?MergeSetsFromSelected@Pathfinder2@@QAEXXZ
?Selected_MoveToCurrentSet@Pathfinder2@@QAEXXZ
?Select_AllInSet@Pathfinder2@@QAEX_NG@Z
?ChangeViewLimits@Pathfinder2@@QAEX_N@Z
?ApplyUndo@Pathfinder2@@QAEXXZ
?EnableSets@Pathfinder2@@QAEX_N@Z
?RandomizeSets@Pathfinder2@@QAEXXZ
?Tick@PhysicsEngine@@QAEXM_N@Z
?ConnectDisconnectSelected@Pathfinder@@QAEXMMHH@Z
?SelectUnselectFloorsOfAreaLowerHigherThan@Pathfinder@@QAEXHHM@Z
?Select_FloorsOfAreaLowerHigherThan@Pathfinder2@@QAEX_N0M@Z
?LoadFloors@Pathfinder@@QAEHPBDM@Z
?LoadContents@Pathfinder@@QAEHPBDM_N@Z
?LoadFloors@Pathfinder2@@QAE_NPBDM@Z
?LoadContents@Pathfinder2@@QAE_NPBDM_N@Z
?SaveFloors@Pathfinder@@QAEHPBDM@Z
?SaveContents@Pathfinder@@QAEHPBDM@Z
?SaveFloors@Pathfinder2@@QAE_NPBDM@Z
?SaveContents@Pathfinder2@@QAE_NPBDM_N@Z
?SwitchToState@PCFSystem@@QAEXH@Z
?Activate@LoadingScreen@@QAEX_NHVString@@@Z
??YString@@QAEAAV0@PBD@Z
?RemoveConnectionsCollidingWithGeometryInSelected@Pathfinder@@QAEXXZ
?Selected_RemoveConnectionsCollidingWithGeometry@Pathfinder2@@QAEXM@Z
?PreparePortalNodes@Pathfinder@@QAEHM@Z
?AddGridOnSelectedFloors@Pathfinder@@QAEXM@Z
?SelectedFloors_AddGrid@Pathfinder2@@QAEXM@Z
?ScaleContents@Pathfinder@@QAEXM@Z
?ScaleContents@Pathfinder2@@QAEXM@Z
?SelectWaypointsOutsideOfCurrentZone@Pathfinder@@QAEXM@Z
?LevelWaypointsWithFloors@Pathfinder@@QAEXM@Z
?NetworkClientAndConnect@NetworkDevice@@QAE_NPBDVString@@G@Z
?LoadNewMap@NetworkDevice@@QAEXVString@@@Z
?NetworkServer@NetworkDevice@@QAE_NVString@@00G@Z
?SetCDKeyAndIsPublic@NetworkDevice@@QAEXVString@@_N@Z
??0?$DynamicArray@D@@QAE@ABV0@@Z
?MergeWaypointsBelowDistance@Pathfinder2@@QAEXM@Z
?SwitchMenu@EngineGame@@QAEX_N@Z
?BaseName@String@@SA?AV1@ABV1@@Z
?TickEngine@PCFSystem@@QAEX_N@Z
?Pop@Script@@QAEXH@Z
?GetType@Script@@QAEHH@Z
?Next@Script@@QAEHH@Z
?PushNil@Script@@QAEXXZ
?UpdateAllEmittersWithMaster@ParticleSystem@@QAEXPBVParticleEmitter@@@Z
?Restart@ParticleEffect@@QAEXXZ
?AddEntity@World@@QAEXPAVEntity@@@Z
?FreeAligned@MemoryManagerStd@@QAEXPAX@Z
?GMem@@3VMemoryManagerStd@@A
??1GFileManager@@QAE@XZ
?StripExtension@String@@SA?AV1@ABV1@@Z
?FindFiles@GFileManager@@QAEXPBDAAV?$DynamicArray@VString@@@@K@Z
??0GFileManager@@QAE@XZ
?Restart@ParticleEmitter@@QAEXXZ
?CreateTexture@MaterialSystem@@QAEPAVTexture@@PBDKH@Z
??YString@@QAEAAV0@ABV0@@Z
?GetMasterEmitter@ParticleSystem@@QAEPAVParticleEmitter@@PBD@Z
?GetPosition@Camera@@QBE?BVVector@@XZ
?GetForwardVector@Camera@@QBE?AVVector@@XZ
?CreateEntity@World@@QAEPAVEntity@@HPBD0M_N@Z
?DeleteEntity@World@@QAEXPAVEntity@@@Z
?LoadEmitter@ParticleSystem@@QAEHAAVParticleEmitter@@ABVString@@@Z
?SaveEmitter@ParticleSystem@@QAEHABVParticleEmitter@@ABVString@@@Z
??HString@@QBE?AV0@ABV0@@Z
??HString@@QBE?AV0@PBD@Z
?RemoveEmitter@ParticleEffect@@QAEXH@Z
?SetupTransform@EmitterDef@ParticleEffect@@QAEXXZ
?Call@Script@@QAAXPBDH0ZZ
?AddEmitter@ParticleEffect@@QAEHPAVParticleEmitter@@@Z
?CreateEmitter@ParticleSystem@@QAEPAVParticleEmitter@@PBD@Z
?Sprintf@String@@SA?AV1@PBDZZ
??0?$DynamicArray@D@@QAE@XZ
?GetLastUpdateStats@NetworkDevice@@QAEXAAK0@Z
?GetTextInfo@SimpleProfiler@@QAE?AVString@@XZ
?GProfiler@@3VSimpleProfiler@@A
?EnumerateTextures@MaterialSystem@@QAEXAAV?$DynamicArray@VString@@@@@Z
??AScript@@QAE?AV0@H@Z
?GetCount@Script@@QAEHH@Z
?IsTable@Script@@QAE_NXZ
?IsString@Script@@QAE_NXZ
?GetFloat@Script@@QAEMHM@Z
?GetMetatable@Script@@QAEHH@Z
?ReAllocAligned@MemoryManagerStd@@QAEPAXPAXII@Z
?FileExist@GFileManager@@QAE_NPBD@Z
??0Script@@QAE@XZ
??0String@@QAE@ABV0@@Z
?Initialize@PCFSystem@@QAEHPAUHINSTANCE__@@PBD@Z
?GLog@@3VLogBuffer@@A
?Close@LogBuffer@@QAEXXZ
?ErrorMessageBox@StackTracer@@SAXXZ
?OpenPack@GPack@@UAE_NPBD0@Z
?GetFile@GPack@@UAEPAVGFile@@PBD@Z
??1View@@UAE@XZ
??0String@@QAE@PBD@Z
?IsNil@Script@@QAE_NH@Z
?Resize@?$DynamicArray@D@@QAEXH@Z
??1?$DynamicArray@D@@QAE@XZ
?DoStringA@Script@@QAAXPBDZZ
??1String@@QAE@XZ
??0View@@QAE@XZ
??_7EngineGame@@6B@
??0EngineGame@@QAE@XZ
?RegisterFunction@Script@@QAEXPBDP6AHPAUlua_State@@@Z@Z
?RegisterLibrary@Script@@QAEXPBDPBUluaL_reg@@@Z
?Release@Script@@QAEXXZ
?GetInt@Script@@QAEHHH@Z
??1PCFSystem@@QAE@XZ
?GetBool@Script@@QAE_NH_N@Z
?DoFile@Script@@QAE_NPBD_N@Z
??0Script@@QAE@PAUlua_State@@H@Z
?ResetTimer@SystemDriver@@QAEXXZ
?FullScreenHWND@GraphicsDevice@@QBEPAUHWND__@@XZ
?GEngine@@3PAVPCFSystem@@A
?GScript@@3VScript@@A
?DoString@Script@@QAAXPBDZZ
?SwitchConsole@EngineGame@@QAEXXZ
?GetTop@Script@@QAEHXZ
?Globals@Script@@QAE?AV1@XZ
??AScript@@QAE?AV0@PBD@Z
?GetString@Script@@QAEPBDHPBD@Z
??1Script@@QAE@XZ
?ShowMenu@EngineGame@@QAEXXZ
?PauseSounds@PainMenu@@QAEXXZ
?Init@Script@@QAE_NXZ
?SetTop@Script@@QAEXH@Z
kernel32
SetEnvironmentVariableA
SetStdHandle
IsBadCodePtr
IsBadReadPtr
GetDriveTypeA
GetTimeZoneInformation
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
HeapSize
HeapReAlloc
GetStartupInfoA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapFree
HeapAlloc
ExitProcess
RtlUnwind
GetTickCount
TerminateProcess
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetLastError
CreateMutexA
GetCommandLineA
SetCurrentDirectoryA
GetModuleFileNameA
Sleep
CreateProcessA
MultiByteToWideChar
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrcmpiA
lstrlenA
CompareStringA
CompareStringW
LeaveCriticalSection
EnterCriticalSection
FindClose
FindNextFileA
SetFileAttributesA
DeleteFileA
FindFirstFileA
FindResourceExA
RemoveDirectoryA
GetFileTime
GetFileAttributesA
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
MoveFileA
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetOEMCP
GetCurrentDirectoryA
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
TlsGetValue
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedIncrement
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
GetPrivateProfileStringA
WritePrivateProfileStringA
GetPrivateProfileIntA
FreeResource
GlobalFindAtomA
lstrcmpW
GlobalGetAtomNameA
GlobalAddAtomA
GetCurrentThread
FreeLibrary
GlobalDeleteAtom
lstrcmpA
GetModuleHandleA
GetProcAddress
ConvertDefaultLocale
EnumResourceLanguagesA
lstrcpyA
LoadLibraryA
InterlockedDecrement
lstrcatA
GetCurrentThreadId
CloseHandle
SetLastError
GlobalFree
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrcpynA
LocalFree
GetCurrentProcess
FlushInstructionCache
CreateDirectoryA
GetCPInfo
user32
ClientToScreen
ShowOwnedPopups
IsZoomed
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
MoveWindow
SetWindowTextA
IsDialogMessageA
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetClassLongA
GetClassInfoExA
SetPropA
GetPropA
RemovePropA
PostMessageA
MessageBoxA
SetForegroundWindow
SetFocus
WindowFromPoint
UpdateWindow
ShowWindow
GetWindow
GetParent
OffsetRect
GetWindowDC
BeginPaint
EndPaint
GetMenuItemInfoA
GetWindowRect
SendDlgItemMessageA
IsChild
GetWindowTextLengthA
BeginDeferWindowPos
EndDeferWindowPos
DestroyWindow
GetMessageTime
MapWindowPoints
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
ShowScrollBar
DeferWindowPos
SetScrollInfo
SetWindowPlacement
DeleteMenu
DestroyIcon
GetDCEx
GetWindowPlacement
LoadMenuA
DestroyMenu
GetClassNameA
WinHelpA
EqualRect
UnpackDDElParam
ReuseDDElParam
GetCapture
LoadAcceleratorsA
SetActiveWindow
InsertMenuItemA
IntersectRect
IsClipboardFormatAvailable
MessageBeep
GetTabbedTextExtentA
GetSystemMenu
GetDesktopWindow
IsWindowVisible
RedrawWindow
SendMessageA
LoadIconA
GetWindowTextA
GetSystemMetrics
EnumChildWindows
ShowWindowAsync
ShowCursor
EnableWindow
IsIconic
GetForegroundWindow
RegisterClipboardFormatA
PostThreadMessageA
GetLastActivePopup
SetMenu
PostQuitMessage
UnhookWindowsHookEx
wsprintfA
AdjustWindowRectEx
SetWindowPos
TranslateAcceleratorA
TranslateMDISysAccel
CreateWindowExA
BringWindowToTop
DrawMenuBar
DefMDIChildProcA
GetMenu
DefFrameProcA
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
PeekMessageA
ValidateRect
GetMenuState
GetMenuStringA
GetMenuItemID
InsertMenuA
GetSubMenu
RemoveMenu
GetTopWindow
GetWindowLongA
SetWindowLongA
GetDlgItem
CallWindowProcA
KillTimer
GetScrollInfo
SendMessageW
GetCaretPos
RegisterWindowMessageA
GetKeyState
GetClassInfoA
GrayStringA
DrawTextExA
TabbedTextOutA
GetFocus
DrawFrameControl
SetRectEmpty
GetSysColorBrush
DrawEdge
SystemParametersInfoA
PtInRect
IsRectEmpty
GetDlgCtrlID
RegisterClassA
SetScrollPos
GetScrollPos
ReleaseDC
GetDC
DefWindowProcA
SetRect
GetSysColor
SetScrollRange
GetScrollRange
LockWindowUpdate
DrawFocusRect
FrameRect
FillRect
InvalidateRect
DrawTextA
CopyRect
IsWindowEnabled
InflateRect
GetAsyncKeyState
GetCursorPos
IsWindow
SetParent
ScreenToClient
GetMenuItemCount
SetMenuDefaultItem
AppendMenuA
CreatePopupMenu
SetTimer
LoadBitmapA
ReleaseCapture
SetCursor
LoadCursorA
SetCapture
GetClientRect
UnregisterClassA
CharUpperA
CloseWindow
DestroyCursor
GetIconInfo
LoadStringA
DrawStateA
DrawIconEx
IsMenu
LoadImageA
GetCursor
SetMenuItemInfoA
keybd_event
EnableScrollBar
CreateIconIndirect
CopyIcon
DragDetect
CopyAcceleratorTableA
DestroyAcceleratorTable
CreateAcceleratorTableA
SetWindowRgn
MapDialogRect
CreateMenu
GetMessagePos
gdi32
DeleteObject
SetPixel
PatBlt
SelectObject
GetTextCharsetInfo
EnumFontFamiliesA
GetStockObject
GetTextExtentPoint32A
CreateRectRgnIndirect
CreateFontIndirectA
BitBlt
CreateCompatibleDC
GetObjectA
GetPixel
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
CreatePatternBrush
SetRectRgn
CombineRgn
GetMapMode
StretchDIBits
Rectangle
CreatePen
SelectClipRgn
CreateRectRgn
CreateBitmap
GetDeviceCaps
CreateSolidBrush
CreateCompatibleBitmap
GetBkColor
Polygon
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
SetTextColor
SetBkColor
GetTextMetricsA
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
SetPixelV
FloodFill
CreateDIBSection
GetTextColor
GetTextAlign
GetGraphicsMode
SetGraphicsMode
EnumFontFamiliesExA
Polyline
comdlg32
GetFileTitleA
GetOpenFileNameA
GetSaveFileNameA
ChooseColorA
winspool.drv
OpenPrinterA
DocumentPropertiesA
ClosePrinter
advapi32
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
shell32
SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
DragFinish
SHGetFileInfoA
SHGetMalloc
DragQueryFileA
comctl32
ImageList_SetBkColor
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
CreatePropertySheetPageA
DestroyPropertySheetPage
PropertySheetA
_TrackMouseEvent
ImageList_AddMasked
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_GetImageCount
InitCommonControlsEx
ImageList_Draw
ord17
shlwapi
PathRemoveExtensionA
PathFindFileNameA
PathStripToRootA
PathFindExtensionA
PathIsUNCA
ole32
OleLockRunning
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
oleaut32
VariantClear
VariantChangeType
VariantInit
Sections
.text Size: 804KB - Virtual size: 803KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rdata Size: 184KB - Virtual size: 183KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.data Size: 12KB - Virtual size: 32KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 696KB - Virtual size: 695KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 104KB - Virtual size: 139KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE