NEAS[.]32df5079417fa044b4404df893cad960[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.32df5079417fa044b4404df893cad960.exe
Size

204KB
MD5

32df5079417fa044b4404df893cad960
SHA1

922452d71765e581805e32f23c2723814771990b
SHA256

7a707ad2d3371f7d05c1bae7c23704a040cd842677120faf3e719b7258f27210
SHA512

8c09a5e0235d5f26f6bab0d0a757a394d727790f71908bf57f6875c5721f49c5856c6d49abce18f64035029d0d7dd22196262a49e8a182bf1b6652d69daea695
SSDEEP

6144:EI23ZTfsHq1KZebYPlbd5QMbp/irLauxyxPS5djYQ/MVCCkYmfPbIDI/WF:EI23ZjcrDI/W

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.32df5079417fa044b4404df893cad960.exe

Files

NEAS.32df5079417fa044b4404df893cad960.exe
.exe windows:4 windows x86

28b7440eb0c5035777fa14c2559e838f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
GetFileSize
CreateFileA
GetShortPathNameA
MoveFileExA
LocalAlloc
GetCurrentThread
FreeLibrary
SetFilePointer
SetEnvironmentVariableA
Module32First
CreateToolhelp32Snapshot
Process32Next
Process32First
TerminateProcess
OpenProcess
MultiByteToWideChar
DeviceIoControl
GetCurrentThreadId
SetEndOfFile
GetCurrentProcessId
CreateDirectoryA
GetFileAttributesA
RemoveDirectoryA
CopyFileA
Sleep
FindFirstFileA
SetLastError
FindNextFileA
FindClose
CreateProcessA
WaitForSingleObject
GetExitCodeProcess
CloseHandle
WinExec
OpenFile
_lclose
SetFileAttributesA
GetVersionExA
DeleteFileA
GetFullPathNameA
SetCurrentDirectoryA
GetLastError
FormatMessageA
LocalFree
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetWindowsDirectoryA
GetSystemDirectoryA
GetCurrentDirectoryA
GetUserDefaultLangID
GetModuleFileNameA
GetComputerNameA
GetPrivateProfileStringA
GetStartupInfoA

user32

DialogBoxParamA
LoadBitmapA
GetParent
LoadStringA
OffsetRect
SetWindowPos
IsDlgButtonChecked
EndDialog
MessageBoxA
CopyRect
UpdateWindow
ShowWindow
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRect
GetClientRect
SendMessageA
CreateWindowExA
GetDesktopWindow
LoadImageA
ExitWindowsEx
wsprintfA
GetWindowInfo
GetSystemMetrics
SetDlgItemTextA
GetDlgItem
EnableWindow

advapi32

SetSecurityDescriptorOwner
RegDeleteKeyA
RegCreateKeyExA
RegSetValueExA
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetUserNameA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteValueA
FreeSid
RevertToSelf
AccessCheck
IsValidSecurityDescriptor
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
InitializeSecurityDescriptor
AllocateAndInitializeSid
OpenThreadToken
ImpersonateSelf
CloseServiceHandle
OpenServiceA
OpenSCManagerA
DeleteService
QueryServiceStatus
ControlService
RegQueryValueExA
RegEnumValueA
RegCloseKey

shell32

SHGetSpecialFolderPathA

ole32

CoInitialize
CoCreateInstance
CoUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

setupapi

SetupDiGetDeviceInstanceIdA
SetupDiClassGuidsFromNameA
SetupDiGetINFClassA
SetupDiRegisterDeviceInfo
SetupDiSetDeviceRegistryPropertyA
SetupDiCreateDeviceInfoA
SetupDiCreateDeviceInfoList
SetupDiGetDeviceInstallParamsA
SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoA
SetupDiGetDriverInfoDetailA
SetupDiDestroyDriverInfoList
SetupDiSetSelectedDevice
SetupDiCallClassInstaller
SetupDiRemoveDevice
SetupDiGetClassDevsA
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiSetDeviceInstallParamsA

comctl32

ord17

shlwapi

PathIsDirectoryA

msvcrt

_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
_exit
_onexit
__dllonexit
_mbstok
_itoa
_except_handler3
strstr
strchr
memmove
strtoul
_mbscmp
_mbsnbcmp
_mbsnbicmp
_strdup
free
__CxxFrameHandler
atoi
fopen
tmpfile
fclose
rewind
vsprintf
fgetc
_mbsnbcpy
sscanf
_mbschr
??3@YAXPAX@Z
_mbsicmp
sprintf
exit
??2@YAPAXI@Z
getenv
_mbsrchr
toupper
_mbsstr
fprintf
_mbscspn

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 144KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

28b7440eb0c5035777fa14c2559e838f

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

version

setupapi

comctl32

shlwapi

msvcrt

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 14KB

.rsrc Size: 144KB - Virtual size: 142KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 14KB

.rsrc
Size: 144KB - Virtual size: 142KB