NEAS[.]b9c3ab5a61755e6946ae803667ea7b20[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.b9c3ab5a61755e6946ae803667ea7b20.exe
Size

401KB
MD5

b9c3ab5a61755e6946ae803667ea7b20
SHA1

371397235c444764ced619743b3bdc2c2166dedd
SHA256

718c60d0d23af9695fd1628715e69fbc8e461e28d1fca5cc4cbc765459f5da1a
SHA512

9117be7993ca3d382681bc6cf7a61bec7500c1ca1509e9adc05f3f4645faff24939c87c25f9f46b1d589fcb9bc0bc429f420bf900d3e6ef4adc8171e035bf7f8
SSDEEP

6144:QK7RqIL5mxxEYbyK8m68zluz5yJwfIyBV+UdvrEFp7hK7n:nRXL4rbF0hBjvrEH74n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b9c3ab5a61755e6946ae803667ea7b20.exe

Files

NEAS.b9c3ab5a61755e6946ae803667ea7b20.exe
.exe windows:5 windows x86

6d5392508a934d937070e8ea0244bc5b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord2755
ord6195
ord2810
ord1771
ord940
ord942
ord2286
ord2354
ord755
ord470
ord2281
ord2362
ord6153
ord5147
ord4225
ord2371
ord5784
ord5790
ord5783
ord4358
ord5244
ord3578
ord298
ord620
ord4753
ord3687
ord3867
ord2066
ord1257
ord1196
ord4470
ord5947
ord5977
ord3090
ord4768
ord4532
ord858
ord922
ord5579
ord4124
ord5679
ord5706
ord536
ord4199
ord5641
ord4315
ord816
ord562
ord4018
ord6115
ord6190
ord1941
ord4270
ord5286
ord818
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord3133
ord567
ord1230
ord3747
ord6124
ord6266
ord3490
ord3016
ord4357
ord5083
ord4444
ord4665
ord4679
ord1878
ord4246
ord4940
ord3249
ord2433
ord1688
ord5000
ord4464
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord5006
ord975
ord5472
ord3398
ord2874
ord2873
ord4149
ord4072
ord5233
ord5281
ord2641
ord1658
ord4430
ord5248
ord4421
ord739
ord747
ord736
ord4407
ord5728
ord5491
ord2096
ord4454
ord5652
ord5028
ord439
ord450
ord442
ord4237
ord4787
ord3345
ord5468
ord4146
ord5278
ord674
ord366
ord2084
ord4451
ord5048
ord5092
ord4614
ord4612
ord1886
ord4249
ord4010
ord4951
ord4855
ord4820
ord3182
ord4944
ord2429
ord2163
ord4511
ord4634
ord4910
ord4996
ord4485
ord5015
ord3101
ord4599
ord4994
ord4410
ord5497
ord4622
ord2986
ord3412
ord5019
ord3509
ord6340
ord5623
ord1003
ord3444
ord3782
ord3245
ord4691
ord3055
ord3061
ord6332
ord2502
ord5240
ord4417
ord2394
ord4381
ord3449
ord3193
ord6077
ord6171
ord3256
ord4617
ord4424
ord748
ord5650
ord5738
ord4610
ord5014
ord6193
ord4488
ord2385
ord5734
ord4615
ord5573
ord2776
ord4651
ord1255
ord2721
ord6466
ord2719
ord2722
ord957
ord2007
ord962
ord750
ord603
ord1262
ord6386
ord1985
ord1961
ord273
ord2247
ord458
ord5200
ord4819
ord4854
ord4950
ord1740
ord456
ord4356
ord5082
ord4442
ord4675
ord1263
ord1229
ord3865
ord4493
ord3289
ord4904
ord4504
ord4589
ord5024
ord4989
ord5153
ord6191
ord4609
ord3614
ord4269
ord743
ord4480
ord4050
ord2504
ord5727
ord3917
ord1089
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord4616
ord3733
ord815
ord2717
ord6371
ord1197
ord4604
ord459
ord561
ord5496
ord2550
ord5712
ord5713
ord2028
ord986
ord6133
ord520
ord1202
ord6112
ord1149
ord925
ord927
ord4692
ord3442
ord3191
ord3998
ord5228
ord1173
ord1561
ord5264
ord6238
ord1897
ord1937
ord4268
ord4583
ord5070
ord4335
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4958
ord4955
ord4103
ord5236
ord3743
ord1719
ord560
ord5256
ord4364
ord4893
ord4343
ord4426
ord4607
ord4608
ord813
ord1891
ord4884
ord4458
ord4502
ord4294
ord4141
ord2486
ord2618
ord2619
ord1651
ord4369
ord4846
ord3379
ord482
ord2527
ord2238
ord2529
ord3512
ord1807
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6017
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord5788
ord2518
ord469
ord3517
ord3516
ord4154
ord6399
ord6398
ord1887
ord4952
ord3402
ord4984
ord4921
ord4711
ord5102
ord4906
ord4640
ord4974
ord4516
ord4531
ord5069
ord4033
ord3276
ord3348
ord4620
ord749
ord5012
ord4682
ord2378
ord2379
ord457
ord2548
ord4647
ord4987
ord4851
ord2958
ord430
ord4931
ord4926
ord1821
ord656
ord5871
ord3397
ord6376
ord3871
ord6375
ord2081
ord1930
ord1809
ord5878
ord4263
ord3290
ord4360
ord5080
ord1703
ord1708
ord5058
ord554
ord807
ord4230
ord5076
ord1705
ord6049
ord642
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord616
ord4143
ord2079
ord3312
ord5879
ord2112
ord327
ord1259
ord2455
ord1644
ord1795
ord5855
ord4491
ord1704
ord414
ord4128
ord4292
ord6137
ord1258
ord713
ord5808
ord3570
ord610
ord6135
ord287
ord3974
ord2767
ord996
ord3971
ord1567
ord860
ord1099
ord765
ord3693
ord5677
ord2100
ord3087
ord2634
ord2933
ord4847
ord4704
ord5949
ord1775
ord6330
ord4229
ord2914
ord324
ord3592
ord4419
ord2706
ord2522
ord3480
ord5777
ord2109
ord1569
ord2438
ord5257
ord5276
ord6370
ord5237
ord4401
ord1767
ord6048
ord5996
ord268
ord289
ord3477
ord6063
ord613
ord825
ord4155
ord5047
ord1710
ord323
ord5785
ord2397
ord640
ord529
ord540
ord796
ord800
ord4418
ord4621
ord4075
ord2506
ord4992
ord4370
ord5261
ord2910
ord5568

msvcrt

_initterm
__setusermatherr
_controlfp
_except_handler3
?terminate@@YAXXZ
__CxxFrameHandler
_wsplitpath
_wtoi
_ltow
_wtol
_CxxThrowException
wcscmp
free
_getdcwd
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
??1type_info@@UAE@XZ
__dllonexit
_onexit
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_beginthreadex
wcstok
strrchr
atol
strstr
strncmp
_strcmpi
_itow
_ftol
wcschr
wcscat
_wcsdup
_wcsicmp
_purecall
rand

advapi32

RegEnumKeyExA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyW
RegEnumKeyW
RegSetValueExA

kernel32

lstrcpyW
LoadLibraryW
GetACP
GetThreadLocale
GetModuleHandleA
GetTickCount
GetModuleHandleW
lstrcpynW
GetLastError
GetCommandLineW
lstrcmpiW
GetProcAddress
SetEndOfFile
FindFirstFileW
FindClose
SetErrorMode
LocalAlloc
LocalFree
lstrlenA
IsDBCSLeadByte
GetTempPathW
GetTempFileNameW
GetFileAttributesW
CreateDirectoryW
CreateFileW
GetFileSize
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
CloseHandle
GetNumberFormatW
MulDiv
GetLocaleInfoW
lstrcatW
GlobalLock
GlobalUnlock
GlobalFree
GlobalAlloc
lstrlenW
lstrcmpW
GlobalReAlloc
InterlockedIncrement
InterlockedDecrement
TerminateThread
GetExitCodeThread
MultiByteToWideChar
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
ReadFile
CreateFileA
FindFirstFileA
lstrcpyA
lstrcatA
lstrcmpA
InterlockedExchange
RaiseException
GetStartupInfoW

gdi32

CreatePen
GetDIBits
CreateHalftonePalette
GetPixel
Polygon
OffsetRgn
StretchBlt
CreateDIBitmap
CreateDIBSection
SetDIBitsToDevice
GetNearestColor
CreatePalette
SetViewportExtEx
PlayMetaFile
SaveDC
SetMapMode
LPtoDP
RestoreDC
Rectangle
SetDIBColorTable
GetStockObject
FillRgn
GetDIBColorTable
GetCurrentObject
CreatePatternBrush
CreateSolidBrush
ResizePalette
GetNearestPaletteIndex
SetPaletteEntries
GetPaletteEntries
GetDeviceCaps
SetDIBits
SetStretchBltMode
DeleteDC
CreateCompatibleBitmap
CreateBitmap
SelectPalette
RealizePalette
SetBkMode
SetTextColor
SetBkColor
PatBlt
SelectObject
SetTextAlign
ExtTextOutW
GetTextMetricsW
GetTextExtentPoint32W
BitBlt
CreateCompatibleDC
CreateICW
CreateRectRgnIndirect
GetObjectW
Ellipse
SetPixel
LineTo
MoveToEx
UnrealizeObject
SetBrushOrgEx
ExtFloodFill
RoundRect
TextOutW
Escape
StretchDIBits
TranslateCharsetInfo
GetBkMode
GetTextColor
EnumFontFamiliesW
EnumFontFamiliesExW
PolyBezier
SetROP2
Polyline
CreatePolygonRgn
CreateFontIndirectW
CreateDCW
DeleteObject
RectVisible
PtVisible

user32

GetDlgItemInt
SendDlgItemMessageW
BeginPaint
LoadStringA
CheckDlgButton
SetDlgItemInt
SetRectEmpty
InflateRect
LoadBitmapW
SendMessageW
GetWindowRect
UpdateWindow
InvalidateRect
EnableWindow
GetSysColor
wsprintfW
IsWindow
GetSystemMetrics
SetRect
FillRect
MessageBeep
GetParent
MessageBoxW
wvsprintfW
SetWindowTextW
ReleaseDC
DrawFocusRect
GetDC
PtInRect
OffsetRect
WinHelpW
GetClientRect
FrameRect
GetCapture
IsClipboardFormatAvailable
RegisterClipboardFormatW
CopyRect
CharNextW
IntersectRect
UnionRect
ScreenToClient
WindowFromPoint
GetCursorPos
GetKeyState
IsRectEmpty
EqualRect
SetTimer
KillTimer
ReleaseCapture
GetSubMenu
LoadMenuW
BringWindowToTop
ClientToScreen
SetActiveWindow
SetCapture
GetFocus
LoadCursorW
GetWindowLongW
SetCursor
GetDesktopWindow
RemoveMenu
PostMessageW
GetSystemMenu
LoadIconW
GetClassInfoW
IsWindowVisible
SystemParametersInfoW
DestroyIcon
LoadStringW
EnableMenuItem
GetMenu
IsMenu
SetWindowLongW
TabbedTextOutW
DrawTextW
GrayStringW
GetWindowDC
CheckMenuItem
GetDlgItem
EndPaint
GetUpdateRect
ValidateRect
RedrawWindow
GetWindow
GetCaretPos
SetCaretPos
HideCaret
ShowCaret
CreateCaret
DestroyCaret
SetClassLongW
ShowCursor
GetKeyboardLayout
DestroyWindow
EnableScrollBar
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW
GetOpenFileNameW

ole32

CoInitialize
CoUninitialize
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemFree
CoCreateInstance
CLSIDFromString
WriteClassStg
WriteFmtUserTypeStg
OleGetClipboard
ReleaseStgMedium

oleaut32

SysFreeString
SysAllocString

shell32

SHChangeNotify
ShellAboutW
CommandLineToArgvW

imm32

ImmGetCompositionStringW
ImmGetCompositionWindow
ImmGetContext
ImmSetCompositionWindow
ImmReleaseContext
ImmAssociateContext
ImmNotifyIME

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6d5392508a934d937070e8ea0244bc5b

Headers

DLL Characteristics

File Characteristics

Imports

mfc42u

msvcrt

advapi32

kernel32

gdi32

user32

comdlg32

ole32

oleaut32

shell32

imm32

Sections

.text Size: 236KB - Virtual size: 235KB

.data Size: 6KB - Virtual size: 9KB

.rsrc Size: 81KB - Virtual size: 81KB

.text
Size: 236KB - Virtual size: 235KB

.data
Size: 6KB - Virtual size: 9KB

.rsrc
Size: 81KB - Virtual size: 81KB