NEAS[.]429e955213cd37419b727927eac3df90[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.429e955213cd37419b727927eac3df90.exe
Size

4.5MB
MD5

429e955213cd37419b727927eac3df90
SHA1

41ad4420385b74946058394c04d2085382fce52b
SHA256

440ce706882a2c8527df9f5c6d99003fd0104683236f3381f8d37e87910c8f27
SHA512

21c72446cb4a18297a15d2fa7eb7ffcd7af528a6698b390f6356a6dc828608b7f9316fa6d85f7884222396c8bc3e97c8ec46fd08cdb9101ab48fcdcc81296980
SSDEEP

98304:gnJF1guPJQ7hwHY/wgFBH8jyyotZ9zRfzm9CtVO689fsp9CEy4jqF/NytpuuuuuE:OfD4/8CtVO2cEy4OFEtps

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.429e955213cd37419b727927eac3df90.exe

Files

NEAS.429e955213cd37419b727927eac3df90.exe
.exe windows:4 windows x86

41881ab4292dec6d848210e7ab1bc270

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
HttpSendRequestA
InternetConnectA
InternetOpenA
InternetReadFile
HttpOpenRequestA

shlwapi

PathStripPathA
PathAddBackslashA
PathRemoveExtensionA
PathRemoveFileSpecA
PathIsDirectoryA
PathIsRelativeA
PathFileExistsA

kernel32

MulDiv
DeleteFileA
CreateFileA
FreeLibrary
GetTempPathA
TerminateProcess
LoadResource
SizeofResource
GetProcAddress
CloseHandle
WaitForSingleObject
Sleep
WideCharToMultiByte
ReleaseMutex
CreateMutexA
GetCurrentProcessId
GetSystemDirectoryA
SetEnvironmentVariableA
GetLocaleInfoW
LoadLibraryA
GetLastError
GetModuleFileNameA
GetVersionExA
GetLocalTime
GetCurrentThreadId
InitializeCriticalSection
InterlockedDecrement
DeleteCriticalSection
GetCurrentProcess
FlushInstructionCache
lstrlenW
lstrcmpA
InterlockedIncrement
lstrlenA
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
LockResource
GetWindowsDirectoryA
GetVolumeInformationA
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetModuleHandleA
FindFirstFileA
FindNextFileA
FindClose
IsBadCodePtr
IsBadReadPtr
GetEnvironmentStringsW
FindResourceA
CreateDirectoryA
SetFilePointer
ReadFile
GetOEMCP
SetHandleCount
HeapSize
GetACP
SetLastError
TlsGetValue
CompareStringW
CompareStringA
TlsAlloc
LCMapStringW
LCMapStringA
GetCPInfo
HeapReAlloc
GetCommandLineA
GetStartupInfoA
GetVersion
FileTimeToLocalFileTime
FileTimeToSystemTime
GetDriveTypeA
TlsSetValue
GetSystemTime
RaiseException
GetFileType
GetTimeZoneInformation
HeapFree
ExitProcess
HeapAlloc
InterlockedExchange
HeapDestroy
RtlUnwind
GetStringTypeA
HeapCreate
GetStdHandle
GetEnvironmentVariableA
UnhandledExceptionFilter
GetEnvironmentStrings
SetUnhandledExceptionFilter
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
FreeEnvironmentStringsA
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
SetStdHandle
SetEndOfFile
FlushFileBuffers
FreeEnvironmentStringsW
GetFullPathNameA
GetStringTypeW
IsValidLocale
GetCurrentDirectoryA
IsValidCodePage

user32

DestroyWindow
GetMenuItemCount
GetMenuItemInfoA
SetMenuItemInfoA
ReleaseDC
SetRect
GetClientRect
GetParent
RegisterWindowMessageA
GetSubMenu
GetDlgCtrlID
CreateWindowExA
SetClassLongA
GetWindowRect
PostQuitMessage
SendMessageA
DefWindowProcA
GetWindow
SetWindowLongA
SetWindowTextA
GetWindowTextA
GetDesktopWindow
GetDC
SetFocus
GetDlgItem
ShowWindow
SetWindowPos
LoadIconA
GetFocus
GetClassInfoExA
GetWindowTextLengthA
GetWindowLongA
GetSysColor
CallWindowProcA
EndPaint
DeleteMenu
EnableMenuItem
RemoveMenu
InsertMenuItemA
CreateMenu
MessageBoxA
BringWindowToTop
IsWindowVisible
CreateDialogParamA
DialogBoxParamA
EnumThreadWindows
DialogBoxIndirectParamA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetDialogBaseUnits
SetCursor
LoadStringA
SetParent
RegisterClassExA
LoadCursorA
IsDlgButtonChecked
GetKeyState
MessageBeep
CheckDlgButton
EnumChildWindows
LoadImageA
UpdateWindow
EnableWindow
GetWindowPlacement
PostMessageA
CallNextHookEx
GetMessageA
LoadAcceleratorsA
SetWindowsHookExA
TranslateMessage
TranslateAcceleratorA
IsDialogMessageA
InvalidateRgn
DispatchMessageA
wsprintfA
ReleaseCapture
InvalidateRect
SetCapture
IsWindow
CreateAcceleratorTableA
RedrawWindow
BeginPaint
GetClassNameA
IsChild
EndDialog
FillRect
GetMenu
DestroyIcon

gdi32

GetTextMetricsA
GetOutlineTextMetricsA
GetCharABCWidthsA
GetGlyphOutlineA
GetObjectA
GetCurrentObject
DeleteDC
DeleteObject
BitBlt
SelectObject
CreateDIBSection
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
GetStockObject
StretchBlt
SetBrushOrgEx
SetStretchBltMode
CreateFontIndirectA
SetViewportExtEx
SetWindowExtEx
SetMapMode
CreateBitmap
SetBkMode
TextOutA
CreateSolidBrush

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
ChooseFontA

advapi32

RegSetValueA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegQueryValueA
RegOpenKeyExA

shell32

SHChangeNotify
SHGetPathFromIDListA
SHBrowseForFolderA
ShellExecuteA
SHGetSpecialFolderPathA
SHGetMalloc

ole32

CoCreateInstance
StringFromCLSID
CoInitialize
OleInitialize
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CoUninitialize
StgCreateDocfile
CLSIDFromProgID
CLSIDFromString
OleUninitialize

oleaut32

SysFreeString
OleCreateFontIndirect
SysAllocStringLen
SysAllocString
VariantClear
SysStringLen
LoadRegTypeLi

comctl32

ImageList_Create
InitCommonControlsEx
ImageList_ReplaceIcon

urlmon

URLOpenBlockingStreamA

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41881ab4292dec6d848210e7ab1bc270

Headers

File Characteristics

Imports

wininet

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

comctl32

urlmon

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.rdata Size: 208KB - Virtual size: 207KB

.data Size: 68KB - Virtual size: 73KB

.rsrc Size: 2.4MB - Virtual size: 2.4MB

.text
Size: 1.8MB - Virtual size: 1.8MB

.rdata
Size: 208KB - Virtual size: 207KB

.data
Size: 68KB - Virtual size: 73KB

.rsrc
Size: 2.4MB - Virtual size: 2.4MB