NEAS[.]ec91cf633b16d18b05e78c915da11f70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ec91cf633b16d18b05e78c915da11f70.exe
Size

452KB
MD5

ec91cf633b16d18b05e78c915da11f70
SHA1

e2fa6f1428f10af21994a736714a7d86efbd63ad
SHA256

6e185c4b3665a34ad3ca28fa92229f96bad4d5980d639d12422198d3fb12f922
SHA512

e7924f7ae6db7e1bb795614bf3d4712caadc7c928ca3b9e6e91316962f38675eb056a3a434cd73a157fe511b080b1d67a58fbd74c5c5ac5a1ff684cff8c7d789
SSDEEP

6144:PPapX+z3lquhkD4Lo3Wm/Vb95IuzXmuxJA5qXBH6cbxhissLZ68Qen5gDDEPS:6II4LU55ICAUXBXbxItt68EEPS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ec91cf633b16d18b05e78c915da11f70.exe

Files

NEAS.ec91cf633b16d18b05e78c915da11f70.exe
.exe windows:4 windows x86

a57f661573afa4ff49d4743a9bad003e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

InterlockedExchange
CompareStringA
LocalFree
GetModuleHandleA
GlobalUnlock
GlobalLock
GlobalFree
GlobalAlloc
SetLastError
TerminateThread
SetEvent
WriteFile
GetFileSize
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemInfo
GetVersion
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MoveFileExW
WaitForSingleObject
LocalAlloc
ReleaseMutex
GetLastError
GetCurrentProcess
CloseHandle
GetExitCodeProcess
TerminateProcess
LoadResource
LockResource
GetPriorityClass
SizeofResource
OpenProcess
Sleep
FreeLibrary
GetLocalTime
LoadLibraryA
SetEnvironmentVariableA
GetConsoleOutputCP
WriteConsoleA
GetStringTypeA
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
LCMapStringA
GetOEMCP
GetACP
IsDebuggerPresent
GetSystemTimeAsFileTime
QueryPerformanceCounter
HeapCreate
HeapDestroy
SetHandleCount
GetCommandLineW
GetEnvironmentStrings
FreeEnvironmentStringsA
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree
GetFileTime
SetErrorMode
VirtualFree
VirtualAlloc
GetCurrentThreadId
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenA
lstrcpyA
lstrcmpiA
lstrcmpA
WriteProcessMemory
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
SetThreadPriority
ResumeThread
ReleaseSemaphore
ReadProcessMemory
ReadFile
OpenMutexA
OpenFileMappingA
OpenEventA
MapViewOfFile
LoadLibraryExA
IsBadWritePtr
IsBadReadPtr
GetVersionExA
GetTickCount
GetThreadContext
GetSystemDirectoryA
GetModuleFileNameA
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryA
FormatMessageA
DuplicateHandle
DeviceIoControl
CreateThread
CreateSemaphoreA
CreateProcessA
CreatePipe
CreateMutexA
CreateFileMappingA
CreateFileA
CreateEventA
EnumResourceLanguagesW
ConvertDefaultLocale
GlobalDeleteAtom
InterlockedDecrement
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GlobalFlags
GlobalReAlloc
GlobalHandle
LocalReAlloc
InterlockedIncrement
FindClose

user32

CheckMenuItem
EnableMenuItem
GetMenuState
GetParent
GetFocus
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
GetSubMenu
GetMenuItemCount
GetMenuItemID
ValidateRect
GetCursorPos
GetKeyState
IsWindowVisible
GetActiveWindow
CallNextHookEx
SetCursor
UnhookWindowsHookEx
IsWindowEnabled
GetLastActivePopup
GetWindowThreadProcessId
GetWindow
GetWindowRect
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
GetDlgCtrlID
PtInRect
CopyRect
CloseDesktop
AdjustWindowRectEx
GetSysColor
GetMenu
GetClientRect
SetForegroundWindow
DispatchMessageA
MapWindowPoints
GetMessagePos
GetMessageTime
DestroyWindow
GetTopWindow
GetDlgItem
GetForegroundWindow
IsWindow
GetCapture
ShowWindow
ClientToScreen
GetSysColorBrush
ReleaseDC
GetDC
DestroyMenu
UnregisterClassA
GetThreadDesktop
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
MessageBoxA
GetKeyboardType
GetSystemMetrics

comdlg32

GetFileTitleW

winspool.drv

DeletePrinter
XcvDataW
GetPrinterDriverDirectoryW
DocumentPropertiesW
ClosePrinter

advapi32

RegOpenKeyExA
RegQueryValueW
GetKernelObjectSecurity
GetLengthSid
GetTokenInformation
LookupPrivilegeValueA
RegEnumKeyW
RegSetValueExA
RegQueryValueExA
FreeSid
AllocateAndInitializeSid
QueryServiceStatus
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
StartServiceW
ChangeServiceConfigW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
ControlService

shlwapi

PathIsUNCW
UrlUnescapeW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit

wininet

InternetCloseHandle
HttpQueryInfoW
InternetOpenW
InternetSetStatusCallbackW
InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetErrorDlg
InternetCrackUrlW
InternetCanonicalizeUrlW

gdi32

PtVisible
RectVisible
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
Escape
SetMapMode
RestoreDC
SaveDC
DeleteObject
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
CreateBitmap

Sections

.text
Size: 204KB - Virtual size: 200KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 128KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a57f661573afa4ff49d4743a9bad003e

Headers

File Characteristics

Imports

kernel32

user32

comdlg32

winspool.drv

advapi32

shlwapi

oleaut32

wininet

gdi32

Sections

.text Size: 204KB - Virtual size: 200KB

CODE Size: 128KB - Virtual size: 124KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 12KB - Virtual size: 27KB

DATA Size: 8KB - Virtual size: 5KB

BSS Size: 4KB - Virtual size: 2KB

.rsrc Size: 40KB - Virtual size: 36KB

.text
Size: 204KB - Virtual size: 200KB

CODE
Size: 128KB - Virtual size: 124KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 12KB - Virtual size: 27KB

DATA
Size: 8KB - Virtual size: 5KB

BSS
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 40KB - Virtual size: 36KB