NEAS[.]96979344663633298c490705f46d6e70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.96979344663633298c490705f46d6e70.exe
Size

232KB
MD5

96979344663633298c490705f46d6e70
SHA1

99a49e0787e6c1ba32c0299c91cb05bf87eadb4c
SHA256

f3387c30ab7554dc1922ff8c3e41d7e060b1ff6550907212278cc87e1590dab2
SHA512

57a41671951e0641b09c0eaf87b6e924c9546955934cfd34edbce478f362e7d09f721215d6840723f2ce0b7bb6c97b51b98c4643fba3a4dfe68b102857e0e386
SSDEEP

6144:e0zVHLoQqceYSjjquw4J9lT5MhYlVTni0YemS0Xwj:e0zVrqfWuB955Mhmpi0qnXwj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.96979344663633298c490705f46d6e70.exe

Files

NEAS.96979344663633298c490705f46d6e70.exe
.exe windows:5 windows x86

9456700d8d9ed0483ebb998a9b3a9711

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

netapi32

NetWkstaGetInfo
NetShareEnum
NetServerEnum
NetApiBufferFree
NetShareGetInfo

mpr

WNetGetConnectionW
WNetAddConnection3W

kernel32

LoadLibraryW
GetModuleHandleW
GetProcAddress
SetLastError
GetLastError
GetDriveTypeW
LocalFree
FormatMessageW
GetVolumeInformationW
FindNextFileW
MultiByteToWideChar
FindClose
CloseHandle
GetFileSize
CreateFileW
GetFileAttributesExW
GetStringTypeExW
FreeLibrary
LCMapStringW
LoadLibraryA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
GetSystemTime
GetLocaleInfoW
GetUserDefaultLCID
CreateProcessW
lstrlenW
GetTimeFormatW
lstrlenA
lstrcpyW
GetModuleFileNameW
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
FindFirstFileW
lstrcpynW
ReadFile
GetLogicalDriveStringsW
SetCalendarInfoA
BuildCommDCBAndTimeoutsW
GetExitCodeProcess
SetFilePointerEx
SetEndOfFile
CommConfigDialogW
GetConsoleTitleW
CreateMemoryResourceNotification
SetCommState
GetSystemWow64DirectoryW
FatalAppExitA
BeginUpdateResourceA
GetComPlusPackageInstallStatus
LoadLibraryExW
WriteConsoleInputA
GetStringTypeW
AddRefActCtx
Process32NextW
CloseProfileUserMapping
VirtualAllocEx
GetLongPathNameW
lstrcpyA
QueryDosDeviceA
GetNamedPipeHandleStateA
GetThreadSelectorEntry
SetFirmwareEnvironmentVariableA
_lwrite
BaseFlushAppcompatCache
CreateTapePartition
InterlockedFlushSList
Module32Next
CreateMailslotA
ResetWriteWatch
OpenProcess
RegisterConsoleVDM
MapUserPhysicalPages
GetSystemWow64DirectoryA
SleepEx
GetCommState
SetConsoleCursorMode
GetConsoleSelectionInfo
GetDefaultCommConfigW
MulDiv
GetSystemInfo
GetNumaNodeProcessorMask
ReplaceFileA
FindFirstVolumeMountPointA
DeleteTimerQueueTimer
HeapReAlloc
ReplaceFile
ExpungeConsoleCommandHistoryW
TzSpecificLocalTimeToSystemTime
GetDateFormatW
SetSystemTime
GetExpandedNameA
GetWriteWatch
CreateDirectoryExA
GetCPInfoExW
EnumResourceTypesW
GetShortPathNameA
GetSystemDefaultLangID
VerLanguageNameA
DebugBreak
GetConsoleNlsMode
GlobalReAlloc
SetFileAttributesA
GetModuleHandleExA
InitializeSListHead
HeapCompact
GetModuleHandleA
LocalAlloc
GetACP
GetCommandLineA
LoadLibraryExA

user32

PtInRect
DrawFrameControl
SendMessageW
GetClientRect
GetDC
ReleaseDC
GetFocus
GetParent
EnableWindow
GetSysColor
DrawTextW
SetCursor
GetWindow
FillRect
LoadCursorW
LoadIconW
LoadStringW
IsWindow
PostMessageW
DispatchMessageW
TranslateMessage
SetRectEmpty
LoadImageW
MapWindowPoints
GetKeyState
MsgWaitForMultipleObjectsEx
MessageBoxW
GetWindowRect
InflateRect
CopyRect
GetKeyboardState
DrawFocusRect
GetCursorPos
DestroyCursor
GetSystemMetrics
InvalidateRect
UpdateWindow
ScreenToClient
DrawStateA
GetMouseMovePointsEx
ReleaseCapture
GetProgmanWindow
TrackMouseEvent
DrawMenuBar
RemovePropA
AllowForegroundActivation
EnumDisplayDevicesW
GetWindowTextW
IntersectRect
IMPQueryIMEA
ShowWindow
EnableScrollBar
GetWindowDC
ReuseDDElParam
TranslateAcceleratorW
EnumDisplayDevicesA
CharLowerBuffW
GetWindowRgn
OpenIcon
CharNextExA
InSendMessage
CreateAcceleratorTableW
SetMenuItemInfoA
DestroyMenu
MB_GetString
MapVirtualKeyW
LoadMenuIndirectW
CloseClipboard
ChangeDisplaySettingsA
GetRawInputDeviceInfoW
GetProcessWindowStation
WinHelpA
KillTimer
EnumWindowStationsW
GetKBCodePage
FreeDDElParam
MenuItemFromPoint
NotifyWinEvent
LoadKeyboardLayoutEx
CharToOemBuffA
GetDlgItemInt
RegisterRawInputDevices
GetIconInfo
SetClassLongA
GetClassInfoExW
EnumPropsExA
UnregisterHotKey
DeregisterShellHookWindow
SetWindowWord
LoadKeyboardLayoutW
MapVirtualKeyExA
SetMenuContextHelpId
RedrawWindow
RegisterClassExW
FlashWindowEx
DefWindowProcW
RealGetWindowClassA
GetWindowTextLengthA
EnumChildWindows
RecordShutdownReason
ToAscii
BroadcastSystemMessageA
WindowFromPoint

gdi32

GetBkColor
BitBlt
CreatePen
GetStockObject
DeleteObject
CreateSolidBrush
SelectObject
GetCurrentObject
SetTextColor
GetTextExtentPoint32W
SetBkColor
LineTo
MoveToEx
SetBkMode
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
TextOutW
CreateFontIndirectW
TranslateCharsetInfo
DdEntry54
CombineTransform
GdiCreateLocalMetaFilePict
AnyLinkedFonts
DdEntry16
EngTextOut
GdiValidateHandle
GetPixel
StretchBlt
UpdateColors
GdiAddFontResourceW
GetEnhMetaFileHeader
GetBkMode
GdiEndPageEMF
GdiTransparentBlt
GetDIBits
GetFontLanguageInfo
CreateRoundRectRgn
GdiEntry13
FlattenPath
EngDeleteSurface
EngWideCharToMultiByte
SetEnhMetaFileBits
RemoveFontResourceExW
CreateDIBPatternBrush
GdiSetLastError
GdiIsMetaPrintDC
DdEntry24
SetLayoutWidth
EngEraseSurface
CLIPOBJ_ppoGetPath
GdiSwapBuffers
SelectClipPath
PolylineTo
GdiConvertBrush
GetArcDirection
ScaleWindowExtEx
ArcTo
GetEnhMetaFileW
GdiDllInitialize
GetCurrentPositionEx
EngLoadModule
SetROP2
CreateEnhMetaFileA
DdEntry44
SetGraphicsMode

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW

shell32

ShellExecuteW
ShellExecuteExW

shlwapi

PathCompactPathW
PathFindExtensionW
PathMatchSpecW

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 11KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.odata
Size: 16KB - Virtual size: 4.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.data
Size: 157KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9456700d8d9ed0483ebb998a9b3a9711

Headers

DLL Characteristics

File Characteristics

Imports

netapi32

mpr

kernel32

user32

gdi32

advapi32

shell32

shlwapi

Sections

.text Size: 22KB - Virtual size: 21KB

.idata Size: 11KB - Virtual size: 1.3MB

.rdata Size: 8KB - Virtual size: 8KB

.odata Size: 16KB - Virtual size: 4.7MB

.data Size: 157KB - Virtual size: 320KB

.rsrc Size: 1024B - Virtual size: 668B

.reloc Size: 1024B - Virtual size: 784B

.text
Size: 22KB - Virtual size: 21KB

.idata
Size: 11KB - Virtual size: 1.3MB

.rdata
Size: 8KB - Virtual size: 8KB

.odata
Size: 16KB - Virtual size: 4.7MB

.data
Size: 157KB - Virtual size: 320KB

.rsrc
Size: 1024B - Virtual size: 668B

.reloc
Size: 1024B - Virtual size: 784B