NEAS[.]b5bb213e041ebe738a5448e5cb38b7a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b5bb213e041ebe738a5448e5cb38b7a0.exe
Size

204KB
MD5

b5bb213e041ebe738a5448e5cb38b7a0
SHA1

09ff1158a06ab58beaa40f45ec5f491636aa0cf7
SHA256

5a8acbab04fac02668fc82d433100b6e5b20dc09bbeb0fce7752d4cbf877caee
SHA512

6b91283ece22f8fc98379dd8e9b2a23631b3e1f853dba7ebc96aeb6210ab9118ae7f58c7729c01de6fc8ca908ed67f7d42b3b1da7435388fb7c73b2d6bd9b0b1
SSDEEP

3072:Kt6PmtdTyhyt4ouSGdROhwRYhTc8P+ZWBC5/O/J20Br4FPjbRQ:KAfh6ePvRCc5g/J21bi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b5bb213e041ebe738a5448e5cb38b7a0.exe

Files

NEAS.b5bb213e041ebe738a5448e5cb38b7a0.exe
.dll windows:4 windows x86

8935545941ac815dfc36ba249c06cc02

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
GetCommandLineA
RtlUnwind
HeapFree
HeapAlloc
RaiseException
HeapSize
HeapReAlloc
GetACP
SetHandleCount
GetStdHandle
GetFileType
ExitProcess
TerminateProcess
lstrcatA
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
SetStdHandle
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
CreateFileA
GetCommState
SetCommState
GetCommTimeouts
SetCommTimeouts
FlushFileBuffers
GetCurrentProcess
FreeLibrary
GetProcessVersion
LoadLibraryA
GlobalFindAtomA
GlobalGetAtomNameA
GlobalAddAtomA
SetLastError
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
MulDiv
GlobalFlags
FreeEnvironmentStringsA
FreeEnvironmentStringsW
lstrcpyA
SetFilePointer
WriteFile
GetVersion
lstrcpynA
GetEnvironmentStrings
SetErrorMode
CloseHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
LockResource
FindResourceA
LoadResource
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetEnvironmentStringsW
HeapDestroy
GetStartupInfoA
GetLastError

user32

RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
UpdateWindow
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
IsDialogMessageA
SystemParametersInfoA
SendDlgItemMessageA
IsIconic
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
UnregisterClassA
UnhookWindowsHookEx
IsWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
EndDialog
SetActiveWindow
GetClassNameA

gdi32

CreateBitmap
DeleteObject
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
GetDeviceCaps
PtVisible
TextOutA
ExtTextOutA
RectVisible
GetObjectA
Escape

comdlg32

PrintDlgA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegOpenKeyExA
RegCreateKeyExA
RegCloseKey
RegSetValueExA

comctl32

ord17

Exports

Exports

COM_Clear
COM_Close
COM_Init
COM_Open
COM_Sendc
COM_Sends
CounterStr
OpenCounter
port_write

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8935545941ac815dfc36ba249c06cc02

Headers

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

comctl32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 20KB - Virtual size: 16KB

.data Size: 8KB - Virtual size: 18KB

.rsrc Size: 8KB - Virtual size: 7KB

.reloc Size: 12KB - Virtual size: 11KB

.rmnet Size: 88KB - Virtual size: 88KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 20KB - Virtual size: 16KB

.data
Size: 8KB - Virtual size: 18KB

.rsrc
Size: 8KB - Virtual size: 7KB

.reloc
Size: 12KB - Virtual size: 11KB

.rmnet
Size: 88KB - Virtual size: 88KB