NEAS[.]3e0baf251989f8656059f557443ee6f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3e0baf251989f8656059f557443ee6f0.exe
Size

1.0MB
MD5

3e0baf251989f8656059f557443ee6f0
SHA1

296c47c07c5125f6537971739cfa416b4503d647
SHA256

259972b80748914091a7e79b1de90430ae2c275c82c69ceafdec5e823b42e1e7
SHA512

4939dfe96e0c965eec243bc3a93e4f4bf67e3fe45ba9c49d47c7c77f7305fe5c14aaebd63af3beb1fd94b5ff3b1a7557c85cd0a7836ad9f42830892284c3f4b6
SSDEEP

6144:+YMlwN0GK1zXlmzaa2GNH25r5yvsUf8HHBEf:+YMl6HKpXlmzJrk5r56f8HHef

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3e0baf251989f8656059f557443ee6f0.exe

Files

NEAS.3e0baf251989f8656059f557443ee6f0.exe
.exe windows:4 windows x86

08bf1babec59e1219eb589eb2a0941d0

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
SetEndOfFile
WriteFile
GetFileSize
ReadFile
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
Sleep
GetTickCount
WaitForMultipleObjects
GetCurrentProcessId
LocalFree
OpenProcess
GetVersionExW
Process32NextW
TerminateProcess
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentProcess
GlobalFree
GlobalAlloc
SetLastError
GetComputerNameW
InterlockedDecrement
DeviceIoControl
CreateEventW
SetEvent
lstrlenA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
HeapReAlloc
VirtualAlloc
GetTimeZoneInformation
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetCPInfo
CreateFileW
GetLongPathNameW
SetFileAttributesW
MoveFileExW
GetTempFileNameW
GetWindowsDirectoryW
GetFullPathNameW
GetTempPathW
lstrlenW
MoveFileW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryA
GetModuleFileNameW
CreateDirectoryW
DeleteFileW
CopyFileW
FreeLibrary
RemoveDirectoryW
LoadLibraryW
GetFileAttributesW
CreateMutexW
CloseHandle
ReleaseMutex
WaitForSingleObject
GetLastError
GetProcAddress
GetModuleHandleW
InterlockedExchangeAdd
HeapSize
QueryPerformanceCounter
VirtualFree
HeapCreate
HeapDestroy
GetCurrentThreadId
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
ExitProcess
GetModuleHandleA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
HeapAlloc
GetVersionExA
GetCommandLineA
HeapFree

user32

MonitorFromWindow
MapWindowPoints
LoadImageW
DefWindowProcW
GetWindowRect
GetMonitorInfoW
LoadCursorW
GetSystemMetrics
RegisterClassW
ScreenToClient
SetTimer
ShowWindow
UnregisterClassW
LoadIconW
SystemParametersInfoW
BeginPaint
EndPaint
GetWindow
IsWindow
SetPropW
DestroyWindow
DispatchMessageW
GetDesktopWindow
GetWindowLongW
SetWindowPos
CreateWindowExW
GetDC
SetCursor
TranslateMessage
GetParent
GetCursorPos
GetClientRect
GetMessageW
GetPropW

gdi32

SelectObject
BitBlt
DeleteDC
CreateCompatibleDC
GetObjectW
DeleteObject

advapi32

RegEnumKeyW
RegQueryInfoKeyW
GetUserNameW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
GetTokenInformation
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
DeleteService
OpenServiceW
ControlService
QueryServiceStatusEx
CloseServiceHandle
OpenSCManagerW

shell32

ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoUninitialize
OleUninitialize
OleInitialize
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance

oleaut32

VariantInit
VariantClear
SysAllocString
SysFreeString

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetWriteFile
HttpSendRequestExW
HttpEndRequestW
InternetConnectW
HttpOpenRequestW
InternetSetOptionW
InternetOpenW
InternetCloseHandle
InternetReadFile

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 747KB - Virtual size: 746KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

08bf1babec59e1219eb589eb2a0941d0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 241KB - Virtual size: 240KB

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 7KB - Virtual size: 14KB

.rsrc Size: 747KB - Virtual size: 746KB

.text
Size: 241KB - Virtual size: 240KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 7KB - Virtual size: 14KB

.rsrc
Size: 747KB - Virtual size: 746KB