NEAS[.]3befd49225bd6d1ee7b30bbb496604d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3befd49225bd6d1ee7b30bbb496604d0.exe
Size

200KB
MD5

3befd49225bd6d1ee7b30bbb496604d0
SHA1

d090259da3a81bb25dc4fc483fac715735825abe
SHA256

6f2113f92105abdf909d8abc78e2866872fad402794d1729b8867b7fb85559b2
SHA512

c981f2c12f946b08eeca2c7c43e681386014b54ba7ae2605c9d0966ed1786479283bd4fbc8fdcafd5c845f4bdb91f5710a14c5edcd3baa4e838f7a67c2aade6f
SSDEEP

3072:q/pdARc7mgfY7fGeVCOZTrVDvK/ky2cJWQnaaS9+yMvr8pgubP2Gj/21f:qhCOJYfG6CYDvNczaaScyDg6VIf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3befd49225bd6d1ee7b30bbb496604d0.exe

Files

NEAS.3befd49225bd6d1ee7b30bbb496604d0.exe
.exe windows:4 windows x86

c5b88d47f088ca98fefb06fcdd506ff1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

winmm

PlaySoundA

wininet

InternetSetOptionA

kernel32

MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
lstrlenW
lstrlenA
GetCommandLineA
GetLastError
GlobalUnlock
GlobalLock
GlobalAlloc
GetShortPathNameA
FindClose
FindFirstFileA
FlushInstructionCache
GetCurrentProcess
HeapFree
GetProcessHeap
HeapAlloc
GetSystemDirectoryA
GetCurrentThreadId
lstrcpyA
GetModuleFileNameA
Sleep
lstrcpynA
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
Process32Next
Process32First
CreateToolhelp32Snapshot
WaitForSingleObject
InterlockedDecrement
lstrcmpiA
lstrcatA
SetEvent
CreateThread
CreateEventA
InterlockedIncrement
IsDBCSLeadByte
GetVersionExA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetThreadPriority
GetStdHandle
WriteFile
HeapSize
TerminateProcess
GetProcAddress
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
LCMapStringW
LCMapStringA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
SetUnhandledExceptionFilter
GetCPInfo
GetOEMCP
ExitProcess
GetStartupInfoA
GetModuleHandleA
HeapReAlloc
RtlUnwind
RaiseException
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
IsBadReadPtr
GetTickCount
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
SetStdHandle
FlushFileBuffers
FreeLibrary
FreeEnvironmentStringsA
IsBadCodePtr
SetFilePointer
LoadLibraryA
UnhandledExceptionFilter

user32

PeekMessageA
EnableWindow
IsWindowVisible
IsWindow
GetCursorPos
TrackPopupMenu
SetMenu
GetKeyState
PostQuitMessage
DefWindowProcA
LoadStringA
EnableMenuItem
CreateIcon
WaitMessage
CallWindowProcA
LoadCursorA
wsprintfA
RegisterWindowMessageA
GetMessageA
TranslateMessage
DispatchMessageA
CharNextA
PostThreadMessageA
GetClassInfoExA
GetWindow
GetWindowRect
SystemParametersInfoA
MapWindowPoints
SendMessageA
FlashWindow
KillTimer
SetTimer
ShowWindow
GetClientRect
SendMessageTimeoutA
DestroyMenu
CreateMenu
GetMenuItemID
GetSubMenu
GetMenuItemCount
AppendMenuA
GetMenuItemInfoA
InsertMenuA
UnregisterClassA
DeleteMenu
CheckMenuItem
IsMenu
GetMenuStringA
DrawMenuBar
CreatePopupMenu
CreateDialogParamA
SendDlgItemMessageA
RegisterClassExA
GetAsyncKeyState
GetDoubleClickTime
GetDesktopWindow
CreateWindowExA
SetWindowPos
MoveWindow
GetSystemMenu
SetWindowTextA
GetWindowLongA
SetWindowLongA
ReplyMessage
GetParent
DestroyWindow
MessageBoxA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
PostMessageA
LoadImageA
EnumWindows
EnumChildWindows
GetClassNameA
GetWindowTextA
SetForegroundWindow
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
UpdateWindow
InsertMenuItemA

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegQueryInfoKeyA
RegEnumKeyExA
RegQueryValueExA

shell32

DragAcceptFiles
DragQueryPoint
DragQueryFileA
DragFinish
Shell_NotifyIconA

ole32

CoRegisterClassObject
CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
StringFromGUID2
CoRevokeClassObject
CoTaskMemRealloc
OleUninitialize
OleInitialize
ProgIDFromCLSID

oleaut32

VariantCopy
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroy
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
CreateErrorInfo
SetErrorInfo
SysStringLen
SysFreeString
VariantChangeType
VariantClear
VariantInit
VariantCopyInd
SysAllocString
SysAllocStringLen

shlwapi

PathFindExtensionA

Sections

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 80KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c5b88d47f088ca98fefb06fcdd506ff1

Headers

File Characteristics

Imports

winmm

wininet

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.rdata Size: 20KB - Virtual size: 18KB

.data Size: 80KB - Virtual size: 83KB

.rsrc Size: 96KB - Virtual size: 96KB

.rdata
Size: 20KB - Virtual size: 18KB

.data
Size: 80KB - Virtual size: 83KB

.rsrc
Size: 96KB - Virtual size: 96KB