NEAS[.]5d429d308f82212b125c1aeab9bb21a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.5d429d308f82212b125c1aeab9bb21a0.exe
Size

3.9MB
MD5

5d429d308f82212b125c1aeab9bb21a0
SHA1

8abd8daea52cc4424a45ab0dfc4104e80287583b
SHA256

bfecb137c9d81b696ba6631ef69ea25488d29c90b9f64edf83c84e33ba8ce9a5
SHA512

4ca0eb23510cb8766f94afbcdbff47c3a52c2a59389f25a83f8f9e9b9c264e8df9667184078323ec6878721b2c2072df4cb301a41afacf3b4de1c30c73260817
SSDEEP

49152:bWknQ+LPhiWoma3WPzWvvJBsACmGRSOAT7Ol6B9I7dFbRXfMDVm81U4YXdPt2S5N:KEXEvJbCe5E2Df154n2SWfcwE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5d429d308f82212b125c1aeab9bb21a0.exe

Files

NEAS.5d429d308f82212b125c1aeab9bb21a0.exe
.exe windows:6 windows x64

78857958e78c8be0ca2dfd8888784586

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
GetSecurityDescriptorDacl
RegQueryValueExW
StartServiceCtrlDispatcherW
RegOpenKeyExW
SetServiceStatus
RegCloseKey
RegNotifyChangeKeyValue
RegisterServiceCtrlHandlerExW
ImpersonateSelf
ConvertSidToStringSidA
IsWellKnownSid
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
LookupPrivilegeValueW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
GetSecurityDescriptorGroup
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
IsValidSecurityDescriptor
OpenProcessToken
SetSecurityInfo
OpenThreadToken
GetSecurityInfo
GetTokenInformation
GetSecurityDescriptorLength

shell32

SHGetFolderPathW
CommandLineToArgvW

ole32

StringFromCLSID
CoCreateGuid
CoTaskMemFree

ws2_32

closesocket
WSASetLastError
send
recv
WSAGetLastError
WSACleanup

rpcrt4

RpcStringFreeA
UuidToStringA
UuidFromStringA

kernel32

SetFileAttributesW
Sleep
FileTimeToSystemTime
DeleteFileW
RaiseException
DecodePointer
GetProcAddress
GetModuleHandleW
WideCharToMultiByte
MoveFileW
WTSGetActiveConsoleSessionId
GetCurrentProcess
LoadLibraryExA
GetCurrentProcessId
GetSystemTime
SetUnhandledExceptionFilter
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
VerifyVersionInfoA
VerSetConditionMask
GetFinalPathNameByHandleW
GetFileAttributesExW
SetFileInformationByHandle
GetCurrentThread
FindFirstFileW
GetFullPathNameW
FindNextFileW
DeviceIoControl
RemoveDirectoryW
GetModuleFileNameW
SetFilePointer
GetFullPathNameA
SetEndOfFile
CreateMutexW
FindClose
ReleaseMutex
UnmapViewOfFile
MultiByteToWideChar
GetTempPathA
CreateFileA
DeleteFileA
GetFileSize
SystemTimeToTzSpecificLocalTime
CreateFileMappingW
MapViewOfFile
OpenProcess
LoadLibraryA
HeapFree
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
GetProcessHeap
GetTempPathW
GetExitCodeThread
CreateDirectoryW
GetFileAttributesA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
FormatMessageA
GetSystemTimeAsFileTime
SystemTimeToFileTime
LockFileEx
CreateFileMappingA
UnlockFile
HeapCompact
LoadLibraryW
WaitForSingleObjectEx
FlushViewOfFile
OutputDebugStringW
GetDiskFreeSpaceA
FormatMessageW
HeapValidate
UnlockFileEx
LockFile
GetDiskFreeSpaceW
HeapCreate
CreateFileW
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
VirtualLock
VirtualUnlock
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
DeleteFiber
ConvertFiberToThread
GetEnvironmentVariableW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
GetQueuedCompletionStatus
CancelIoEx
CreateIoCompletionPort
ExitThread
TerminateProcess
SetEnvironmentVariableW
SetSearchPathMode
HeapSetInformation
SetDllDirectoryW
GetFileInformationByHandleEx
GetFileInformationByHandle
WriteConsoleW
MoveFileExW
ReplaceFileW
FreeEnvironmentStringsW
GetLongPathNameW
QueryPerformanceFrequency
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetCurrentDirectoryW
FindFirstFileExW
SetFilePointerEx
ReleaseSRWLockShared
AcquireSRWLockShared
GetStringTypeW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EncodePointer
LCMapStringEx
GetCPInfo
InitializeCriticalSectionEx
WriteFile
ReadFile
DeleteCriticalSection
ResetEvent
CreateThread
CloseHandle
TerminateThread
SetEvent
GetLastError
CreateEventW
GetCurrentThreadId
WaitForSingleObject
InitializeCriticalSection
SignalObjectAndWait
WaitForMultipleObjects
OutputDebugStringA
SetLastError
LocalFree
RtlUnwindEx
RtlPcToFileHeader
LoadLibraryExW
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetDriveTypeW
PeekNamedPipe
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
GetConsoleOutputCP
GetFileSizeEx
SetStdHandle
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
GetFileAttributesW
AreFileApisANSI

bcrypt

BCryptGenRandom

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 733KB - Virtual size: 732KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 592KB - Virtual size: 596KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

78857958e78c8be0ca2dfd8888784586

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

ws2_32

rpcrt4

kernel32

bcrypt

version

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 733KB - Virtual size: 732KB

.data Size: 25KB - Virtual size: 47KB

.pdata Size: 109KB - Virtual size: 109KB

.didat Size: 512B - Virtual size: 128B

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 168KB - Virtual size: 168KB

.reloc Size: 592KB - Virtual size: 596KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 733KB - Virtual size: 732KB

.data
Size: 25KB - Virtual size: 47KB

.pdata
Size: 109KB - Virtual size: 109KB

.didat
Size: 512B - Virtual size: 128B

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 168KB - Virtual size: 168KB

.reloc
Size: 592KB - Virtual size: 596KB