NEAS[.]1f7f41583ae4e46064b385f9fc76c680[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.1f7f41583ae4e46064b385f9fc76c680.exe
Size

3.3MB
MD5

1f7f41583ae4e46064b385f9fc76c680
SHA1

344031edcebddff4f656fd8079c0c072642d536d
SHA256

f41f3c97097dbe25974cebd2011b2a0298b15adbab8499c4a302b3306060581b
SHA512

d40fc27f12bf37930f8f2b6b1cea62c191270e92c8c40894b28fb24c9fac6c9c4e02da08e675799b533f54a738aa7c9601d40e3d0555275467f7286cc56b6fef
SSDEEP

49152:6/CYBoHFAWTL0nuD1VqWhE+r7Y9AKhrBv9:/YoFI2pdKhr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1f7f41583ae4e46064b385f9fc76c680.exe

Files

NEAS.1f7f41583ae4e46064b385f9fc76c680.exe
.exe windows:4 windows x64

d8856139ed30b389d1e047faa76e8f7f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

DeleteFileA
GetFileAttributesA
GetCurrentProcessId
CopyFileA
FindNextFileA
CreateThread
Sleep
CloseHandle
WaitForSingleObject
FindClose
QueryPerformanceCounter
QueryPerformanceFrequency
FindFirstFileA
GetConsoleCursorInfo
SetConsoleCursorInfo
SetConsoleCursorPosition
GetVersionExA
GetCurrentProcess
GetCurrentThread
GetSystemInfo
RtlLookupFunctionEntry
SetConsoleTextAttribute
FillConsoleOutputCharacterA
GetProcessAffinityMask
TerminateThread
GetExitCodeThread
GlobalMemoryStatusEx
SetConsoleWindowInfo
DeviceIoControl
CreateFileA
WideCharToMultiByte
GetStdHandle
GetConsoleScreenBufferInfo
MultiByteToWideChar
RtlVirtualUnwind
SetUnhandledExceptionFilter
TerminateProcess
GetConsoleMode
SetConsoleMode
SetConsoleScreenBufferSize
ReleaseMutex
CreateMutexA
OutputDebugStringA
GetTickCount
GetSystemDirectoryA
GetLastError
SetEndOfFile
LCMapStringW
LCMapStringA
CompareStringW
CompareStringA
GetLocaleInfoA
GetStringTypeW
RtlCaptureContext
GetStringTypeA
SetStdHandle
CreateProcessA
GetExitCodeProcess
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
SetConsoleCtrlHandler
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
CreateDirectoryA
GetSystemTimeAsFileTime
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetDriveTypeA
GetFullPathNameA
RtlUnwindEx
TlsAlloc
SetLastError
GetCurrentThreadId
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
ExitProcess
WriteFile
GetModuleFileNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
VirtualProtect
VirtualAlloc
VirtualQuery
FlushFileBuffers
ReadFile
SetFilePointer
GetACP
GetOEMCP
GetCPInfo
InitializeCriticalSection
HeapReAlloc

advapi32

ControlService
CreateServiceA
OpenServiceA
CloseServiceHandle
StartServiceA
DeleteService
RegOpenKeyExW
RegQueryValueExW
RegEnumValueA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
OpenSCManagerA
RegOpenKeyExA
RegQueryValueExA
FreeSid
RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid

user32

ExitWindowsEx
wsprintfA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

oleaut32

SysAllocStringLen
VariantInit
VariantChangeType
SysAllocString
SysFreeString

ole32

CoInitializeEx
CoCreateInstance
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize

setupapi

SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdA
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyA

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 688KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d8856139ed30b389d1e047faa76e8f7f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

user32

version

oleaut32

ole32

setupapi

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 86KB - Virtual size: 85KB

.data Size: 688KB - Virtual size: 1.2MB

.pdata Size: 78KB - Virtual size: 77KB

.rsrc Size: 1024B - Virtual size: 944B

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 86KB - Virtual size: 85KB

.data
Size: 688KB - Virtual size: 1.2MB

.pdata
Size: 78KB - Virtual size: 77KB

.rsrc
Size: 1024B - Virtual size: 944B