NEAS[.]60a8cf59af8870a631a296f3ce659d80[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.60a8cf59af8870a631a296f3ce659d80.exe
Size

684KB
MD5

60a8cf59af8870a631a296f3ce659d80
SHA1

812a542b235932ff7a5d2ecb04e7661fb7f661b2
SHA256

744dd16b1bf7638f9783b1ca1152317db91649da55fe0c6e933807920b58ab0c
SHA512

fe91859004f3f1a28990c76482a66d229ee7099a0e2e1b8838bb2d1ecf168a374da37c0500b5f598788b4870db5181700174c4108756a27a65211a802547244e
SSDEEP

12288:COxqH0xfk6JvFWAW7WdNY8/h3hFHvPRxvtQLx6ewSfMdsF447na:CaqUxfkUWATdN/h3jRSx6ewSfQO7n

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.60a8cf59af8870a631a296f3ce659d80.exe

Files

NEAS.60a8cf59af8870a631a296f3ce659d80.exe
.dll windows:4 windows x86

0e536318b056f636749eaed59b83d1fa

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleFileNameExA
EnumProcessModules

wininet

InternetCloseHandle
InternetReadFile
InternetOpenUrlA
InternetOpenA

ws2_32

getpeername
inet_ntoa

kernel32

GetTickCount
GetPrivateProfileStringA
GetPrivateProfileIntA
Sleep
lstrcmpiA
VirtualProtect
VirtualQuery
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
LocalFree
WideCharToMultiByte
LocalAlloc
GetProcAddress
LoadLibraryA
WriteProcessMemory
GetCurrentProcess
MultiByteToWideChar
CloseHandle
ReadProcessMemory
VirtualQueryEx
GetSystemInfo
OpenProcess
GetCurrentProcessId
Process32Next
GetBinaryTypeA
Module32First
TerminateProcess
GetPriorityClass
Process32First
CreateToolhelp32Snapshot
SetPriorityClass
FreeLibrary
MapViewOfFile
CreateFileMappingA
GetComputerNameA
Thread32Next
TerminateThread
Thread32First
GetCurrentDirectoryA
DeleteFileA
OpenThread
Module32Next
SuspendThread

user32

GetWindowLongA
DestroyMenu
IsDlgButtonChecked
DefWindowProcA
BeginPaint
GetClientRect
EndPaint
ReleaseDC
ScreenToClient
UnhookWindowsHookEx
SetWindowsHookExA
GetAsyncKeyState
CallNextHookEx
SetTimer
SetWindowLongA
SendInput
ClientToScreen
SetCursorPos
mouse_event
DestroyWindow
GetFocus
GetCursorPos
GetParent
SetWindowPos
SetForegroundWindow
SetFocus
PostMessageA
keybd_event
GetDC
RegisterClassExA
CreateWindowExA
UpdateWindow
ShowWindow
CheckDlgButton
SendDlgItemMessageA
EnumWindows
GetDlgCtrlID
SendMessageA
EnumChildWindows
FindWindowExA
GetWindowTextA
CallWindowProcA
GetForegroundWindow
CreatePopupMenu
InsertMenuA
GetDlgItem
GetWindowRect
TrackPopupMenu

gdi32

GetTextColor
SetBkColor
TextOutA
GetPixel
CreateSolidBrush
BitBlt
SetPixel
PatBlt
SetTextColor

winmm

PlaySoundA

msvcrt

_mbscpy
fread
fseek
ftell
fputc
fwrite
_mkdir
atol
_mbschr
malloc
free
time
localtime
fprintf
_strnicmp
_strupr
fopen
fgets
fclose
memcpy
_mbscmp
_stricmp
_itoa
abs
_beginthreadex
_except_handler3
printf
strrchr
__dllonexit
_onexit
?terminate@@YAXXZ
_initterm
_adjust_fdiv
strncpy
strchr
??2@YAPAXI@Z
atoi
??3@YAXPAX@Z
sprintf
memset
_ismbblead
strncmp
strcpy
isdigit
strcmp
strcat
_mbsncmp
strlen
isalpha
strstr
_mbsstr
_mbstok
__CxxFrameHandler
strtok
rand

msvcp60

?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??6std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??Mstd@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??_F?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
?size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ
??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z

Sections

.text
Size: 540KB - Virtual size: 536KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 994KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e536318b056f636749eaed59b83d1fa

Headers

File Characteristics

Imports

psapi

wininet

ws2_32

kernel32

user32

gdi32

winmm

msvcrt

msvcp60

Sections

.text Size: 540KB - Virtual size: 536KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 68KB - Virtual size: 994KB

.reloc Size: 60KB - Virtual size: 57KB

.text
Size: 540KB - Virtual size: 536KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 68KB - Virtual size: 994KB

.reloc
Size: 60KB - Virtual size: 57KB