NEAS[.]ff1ad062b543bea76b6c091c8f3185a0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.ff1ad062b543bea76b6c091c8f3185a0.exe
Size

6.2MB
MD5

ff1ad062b543bea76b6c091c8f3185a0
SHA1

114ed1b1db74bb021aa2e0ddbfedc8c110c799c0
SHA256

b83991425180fb220d10294ded9ca637287dac8bd5c71f7085541cfe4e307171
SHA512

4bb71a557441aa02387cdd35e196038760ff65bcc66bb64cc46d9a89a1c3924a34ce227f2788e895a71aff3b0adacdb436a601931a1bf7f849f7d0a1747bba6c
SSDEEP

196608:CPkG4eWv8jxBOa5lRCj34RCuA2ZjROpF:CM5kRS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ff1ad062b543bea76b6c091c8f3185a0.exe

Files

NEAS.ff1ad062b543bea76b6c091c8f3185a0.exe
.exe windows:5 windows x86

2286bf0faf273872ad0dc4113cee7c25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetExitCodeProcess
WaitForSingleObject
WaitForMultipleObjects
CloseHandle
CreateProcessA
GetCommandLineA
GetModuleFileNameA
GetCurrentProcessId
CreateEventW
OutputDebugStringA
SetErrorMode
DuplicateHandle
GetCurrentProcess
OpenProcess
GetTempFileNameA
GetTempPathA
ReleaseSemaphore
CreateSemaphoreA
GetStdHandle
GetConsoleScreenBufferInfo
SetEvent
SetConsoleTextAttribute
DebugBreak
CreatePipe
GetModuleHandleW
VirtualQuery
GetModuleFileNameW
GetProcessHeap
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetTickCount
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
LoadLibraryW
lstrlenA
IsDebuggerPresent
WideCharToMultiByte
DecodePointer
HeapSetInformation
InterlockedCompareExchange
InterlockedExchange
EncodePointer
WinExec
GetCurrentThreadId
GetExitCodeThread
TerminateThread
CreateThread
ResumeThread
RaiseException
CreateTimerQueueTimer
DeleteTimerQueueTimer
Sleep
GetThreadPriority
SetThreadPriority
GetEnvironmentVariableA
LoadLibraryA
GetProcAddress
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeLibrary
LocalFree
GetVersionExA
QueryPerformanceCounter
QueryPerformanceFrequency
UnlockFileEx
LockFileEx
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FindNextFileA
GetLastError
MultiByteToWideChar
CreateHardLinkA
CopyFileA
FindFirstFileA
FindClose
FormatMessageA

psapi

GetProcessMemoryInfo

winmm

timeEndPeriod
timeBeginPeriod

iphlpapi

GetAdaptersInfo

msvcp100d

?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?_Decref@facet@locale@std@@QAEPAV123@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@DDH@std@@2V0locale@2@A
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?setprecision@std@@YA?AU?$_Smanip@_J@1@_J@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?setf@ios_base@std@@QAEHHH@Z
?setf@ios_base@std@@QAEHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@PBD_J@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?setbase@std@@YA?AU?$_Smanip@H@1@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
?max@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@E@std@@SAEXZ
?fail@ios_base@std@@QBE_NXZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@H@2@@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?max@?$numeric_limits@M@std@@SAMXZ
?max@?$numeric_limits@J@std@@SAJXZ
?min@?$numeric_limits@J@std@@SAJXZ
?min@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@I@std@@SAIXZ
?min@?$numeric_limits@I@std@@SAIXZ
?max@?$numeric_limits@F@std@@SAFXZ
?min@?$numeric_limits@F@std@@SAFXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??3@YAXPAXABU_DebugHeapTag_t@std@@PADH@Z
??2@YAPAXIABU_DebugHeapTag_t@std@@PADH@Z
?_DebugHeapTag_func@std@@YAABU_DebugHeapTag_t@1@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_BADOFF@std@@3_JB
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_Swap_all@_Container_base12@std@@QAEXAAU12@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PBX@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Debug_message@std@@YAXPB_W0I@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
??0_Lockit@std@@QAE@H@Z
?_Getpfirst@_Container_base12@std@@QBEPAPAU_Iterator_base12@2@XZ
??1_Lockit@std@@QAE@XZ
?_Orphan_all@_Container_base12@std@@QAEXXZ
??0_Container_base12@std@@QAE@XZ
??1_Container_base12@std@@QAE@XZ
?flush@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

msvcr100d

_errno
strerror
_open_osfhandle
_exit
strrchr
_stat64i32
_mkdir
??_V@YAXPAX@Z
malloc
_strdup
ftell
fseek
fread
strtol
toupper
_snprintf_s
memcmp
memchr
_strtoui64
isdigit
isxdigit
_wassert
_snprintf
strncpy
_vsnprintf
vfprintf
strncmp
puts
fgets
feof
_rmdir
_stat32
ferror
isalpha
sprintf
_time64
floor
_ftime32
ceil
_mktime64
sscanf
_gmtime64
_get_osfhandle
tolower
strncat
vsprintf
__RTtypeid
perror
rand
atoi
realloc
strcspn
_CIsqrt
strtoul
isprint
fputs
atof
freopen
??0exception@std@@QAE@XZ
_CRT_RTC_INITW
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
__clean_type_info_names_internal
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
_amsg_exit
__getmainargs
_XcptFilter
_cexit
__initenv
_CrtSetCheckCount
_initterm
_initterm_e
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_vsnprintf_s
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_controlfp_s
_invoke_watson
_wmakepath_s
wcscpy_s
_wsplitpath_s
_CIexp
_CIpow
_CIlog10
_isnan
_finite
isupper
islower
isalnum
_chdir
_dup
_creat
_dup2
_write
_close
_read
_fdopen
remove
_set_error_mode
_set_abort_behavior
strlen
_localtime64
fopen
exit
getenv
printf
_fileno
_isatty
vprintf
__iob_func
fprintf
abort
_wcsicmp
_stricmp
wcscmp
wcslen
isspace
wcsstr
fabs
strcmp
_ftime64
strstr
strchr
??0bad_cast@std@@QAE@ABV01@@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@PBD@Z
free
memset
fclose
fflush
setvbuf
fsetpos
_fseeki64
fgetpos
fgetc
memcpy_s
ungetc
fputc
fwrite
_unlock_file
_lock_file
modf
_CrtDbgReportW
_invalid_parameter
__RTDynamicCast
_purecall
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_CxxThrowException
memmove
memcpy
??3@YAXPAX@Z
__CxxFrameHandler3
getchar
_getcwd

ws2_32

gethostname
setsockopt
inet_addr
ntohs
getsockopt
ntohl
WSAStartup
inet_ntoa
gethostbyname
getnameinfo
ioctlsocket
send
sendto
recv
recvfrom
listen
bind
select
__WSAFDIsSet
htonl
htons
connect
accept
getsockname
shutdown
closesocket
socket
WSASetLastError
WSAGetLastError

user32

GetDesktopWindow

advapi32

GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

SHFileOperationA
SHGetFolderPathA
ShellExecuteA

ole32

CoCreateInstance
CoInitialize

Exports

Exports

??0_Mutex@std@@QAE@W4_Uninitialized@1@@Z
??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.textbss
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.text
Size: 5.1MB - Virtual size: 5.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 907KB - Virtual size: 907KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 46KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2286bf0faf273872ad0dc4113cee7c25

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

psapi

winmm

iphlpapi

msvcp100d

msvcr100d

ws2_32

user32

advapi32

shell32

ole32

Exports

Exports

Sections

.textbss Size: - Virtual size: 2.4MB

.text Size: 5.1MB - Virtual size: 5.1MB

.rdata Size: 907KB - Virtual size: 907KB

.data Size: 46KB - Virtual size: 50KB

.idata Size: 17KB - Virtual size: 16KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 216KB - Virtual size: 215KB

.textbss
Size: - Virtual size: 2.4MB

.text
Size: 5.1MB - Virtual size: 5.1MB

.rdata
Size: 907KB - Virtual size: 907KB

.data
Size: 46KB - Virtual size: 50KB

.idata
Size: 17KB - Virtual size: 16KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 216KB - Virtual size: 215KB