NEAS[.]a6e7e8e5108efc227b9bdc8feefe1d90[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a6e7e8e5108efc227b9bdc8feefe1d90.exe
Size

1.5MB
MD5

a6e7e8e5108efc227b9bdc8feefe1d90
SHA1

2453db0a7a118f2cac7cb5f04464ad092c0ea356
SHA256

efb56bcf06e9b50884f5c884ca5035ad938946f8ade74051ba86ef8bdc4de05a
SHA512

1aa099d000be520fa57025a044f721d943e47adc93bd17c396eb6f212239709289eb420a665c5a748437443153381c2191623a995d62d571ae17d9d3e4d41513
SSDEEP

12288:oDnHzYl/2m5uXc3ajG+hjQKymY8efKCpD7Gj9G6G1qT8nQkCu83L3Wl/np9DBDtL:o7T1mEsqjnhMgeiCl7G0nehbGZpbD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a6e7e8e5108efc227b9bdc8feefe1d90.exe

Files

NEAS.a6e7e8e5108efc227b9bdc8feefe1d90.exe
.exe windows:6 windows x64

80849098618215f3328db6e43bd83743

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msi

ord159
ord160
ord32
ord45
ord92
ord246
ord74
ord8
ord70
ord118

comctl32

PropertySheetW
CreatePropertySheetPageW

kernel32

GetFileAttributesW
GetLocaleInfoW
GetSystemDefaultLangID
GetLastError
WaitForSingleObject
Sleep
GetNativeSystemInfo
GetExitCodeProcess
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
WriteFile
GetCommandLineW
FindClose
FindFirstFileW
GetShortPathNameW
GetModuleFileNameW
LocalFree
FormatMessageW
RaiseException
InitializeCriticalSectionEx
DeleteCriticalSection
GetCurrentProcess
GetProcAddress
GetFileType
FindFirstFileExW
WideCharToMultiByte
LCMapStringW
HeapFree
HeapAlloc
GetStdHandle
GetModuleHandleExW
ExitProcess
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
SetLastError
RtlUnwindEx
RtlPcToFileHeader
LeaveCriticalSection
EnterCriticalSection
OutputDebugStringW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetConsoleMode
SetFilePointerEx
MultiByteToWideChar
CreateProcessW
CloseHandle
CreateFileW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP

user32

CreateWindowExW
ExitWindowsEx
LoadCursorW
GetWindowRect
GetSystemMetrics
RegisterClassExW
PostQuitMessage
LoadIconW
LoadBitmapW
GetParent
SetWindowLongPtrW
ReleaseDC
GetDC
EnableWindow
SendDlgItemMessageW
GetWindowLongPtrW
IsDialogMessageW
CreateDialogParamW
DestroyWindow
IsWindow
PeekMessageW
DispatchMessageW
TranslateMessage
MessageBoxW
GetDesktopWindow
GetClientRect
GetWindowTextW
SetWindowTextW
EndPaint
BeginPaint
UpdateWindow
GetDlgItem
EndDialog
DialogBoxParamW
SetWindowPos
ShowWindow
SendMessageW
LoadStringW
DefWindowProcW
GetSysColor

gdi32

CreateFontIndirectW
GetObjectW
StretchBlt
SelectObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateCompatibleDC

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegGetValueW
RegSetValueExW
RegDeleteValueW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
ControlService
ChangeServiceConfigW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteExW
CommandLineToArgvW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

80849098618215f3328db6e43bd83743

Headers

DLL Characteristics

File Characteristics

Imports

msi

comctl32

kernel32

user32

gdi32

advapi32

shell32

Sections

.text Size: 123KB - Virtual size: 123KB

.rdata Size: 99KB - Virtual size: 98KB

.data Size: 29KB - Virtual size: 39KB

.pdata Size: 7KB - Virtual size: 6KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.text
Size: 123KB - Virtual size: 123KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 29KB - Virtual size: 39KB

.pdata
Size: 7KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 1.3MB - Virtual size: 1.3MB