NEAS[.]fa00bce77c83f7eabc547b59d414ed10[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.fa00bce77c83f7eabc547b59d414ed10.exe
Size

3.3MB
MD5

fa00bce77c83f7eabc547b59d414ed10
SHA1

a3791aa73ba26e72d7a402626d41b7e399034eb0
SHA256

86331fc2b6c093effd1c90566ab575d5cdaffdb5600e01217ec3458ae2578d61
SHA512

d12ea2dfddb83180622e72e630cc56214dcfcd7138e37a3ed9255aa50b0368348a74537d239b6c0064d048871b62c2fd18b2dbfe380341018b0e3f4e0e91beba
SSDEEP

49152:6D3SLe5pl1LZglYo+QZJDaHrLSpDXGDWWdoYTjEqcURKUbV4c6vEeZWTPz:6ukpfzkJImpDX8WsoQKo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fa00bce77c83f7eabc547b59d414ed10.exe

Files

NEAS.fa00bce77c83f7eabc547b59d414ed10.exe
.exe windows:5 windows x86

3fa6752e930669c21fd506730bcb8dd7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

HttpQueryInfoW
InternetCloseHandle
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetConnectW
InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCrackUrlW
InternetQueryDataAvailable

kernel32

RtlCaptureContext
GetProcessHeap
SizeofResource
LockResource
LoadResource
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetConsoleMode
GetConsoleCP
SetHandleCount
SetStdHandle
CreateFileA
GetFileType
GetOEMCP
GetACP
GetStdHandle
RtlUnwind
GetTimeZoneInformation
GetDateFormatA
GetTimeFormatA
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
HeapSetInformation
HeapCreate
AreFileApisANSI
QueryPerformanceCounter
QueryPerformanceFrequency
FormatMessageA
CreateWaitableTimerA
InterlockedPopEntrySList
IsProcessorFeaturePresent
InterlockedPushEntrySList
HeapSize
HeapReAlloc
HeapDestroy
ExitProcess
FileTimeToDosDateTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
DebugBreak
WaitForMultipleObjectsEx
SetEndOfFile
SetFilePointerEx
VirtualFree
VirtualAlloc
ExitThread
OpenEventA
GetVolumePathNameW
GetVolumePathNamesForVolumeNameW
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
DeviceIoControl
SetErrorMode
ReadFile
GetFileSizeEx
FlushFileBuffers
MoveFileExW
FileTimeToLocalFileTime
GetLocaleInfoA
GlobalMemoryStatus
GetSystemInfo
GetVersionExA
SetFileTime
SetFilePointer
GetFileSize
UnmapViewOfFile
MapViewOfFile
SleepEx
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
SetWaitableTimer
QueueUserAPC
InterlockedCompareExchange
LocalFree
GetSystemTime
CreateThread
ResumeThread
TerminateThread
VirtualQueryEx
SetUnhandledExceptionFilter
lstrlenA
GetCommandLineW
GetLocalTime
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
SetLastError
CloseHandle
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetModuleHandleA
LoadLibraryA
GetCurrentThread
VirtualProtect
InitializeCriticalSection
FileTimeToSystemTime
SystemTimeToFileTime
GlobalUnlock
GlobalLock
CompareFileTime
ResetEvent
WaitForMultipleObjects
GetVolumeNameForVolumeMountPointW
WriteFile
CreateSemaphoreA
DuplicateHandle
HeapAlloc
Sleep
GetTickCount
ReleaseSemaphore
HeapFree
WaitForSingleObject
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
MulDiv
RaiseException
FlushInstructionCache
GetSystemTimeAsFileTime
SetEvent
GlobalReAlloc
GetCurrentProcess
GlobalFree
FindClose
GetLogicalDrives
GlobalAlloc
CreateEventA

user32

DrawFocusRect
DestroyIcon
MessageBeep
SetFocus
IsWindow
GetParent
GetWindow
UnregisterClassA
IsWindowVisible
EnumWindows
GetSystemMetrics
RedrawWindow
GetDlgItem
GetDC
SetWindowPos
GetWindowRect
ScreenToClient
ExitWindowsEx
GetComboBoxInfo
AdjustWindowRectEx
GetMenu
RemoveMenu
SetCaretPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetScrollInfo
SetScrollRange
DragDetect
GetKeyState
SetScrollPos
DestroyCaret
CreateCaret
HideCaret
ShowCaret
CheckMenuRadioItem
SetMenuItemBitmaps
CheckMenuItem
CreatePopupMenu
SetMenuInfo
GetMenuInfo
DeleteMenu
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetUpdateRect
CheckDlgButton
IsIconic
FlashWindowEx
GetIconInfo
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
MonitorFromPoint
GetSubMenu
TrackPopupMenu
IsMenu
DrawFrameControl
InflateRect
TrackMouseEvent
SetWindowPlacement
GetWindowPlacement
PostQuitMessage
DrawEdge
GetMessagePos
EndDialog
FillRect
OffsetRect
DestroyCursor
GetCursorPos
DestroyMenu
SetRectEmpty
UpdateWindow
CallNextHookEx
CopyRect
SetParent
SetTimer
KillTimer
MsgWaitForMultipleObjects
CopyIcon
IsWindowEnabled
GetSysColorBrush
GetSysColor
GetDlgCtrlID
IsDlgButtonChecked
EnumChildWindows
MapDialogRect
ReleaseDC
GetWindowDC
MoveWindow
DrawIconEx
SetCursor
PtInRect
ReleaseCapture
WindowFromPoint
ClientToScreen
SetCapture
GetCapture
EndPaint
BeginPaint
SetRect
TranslateMessage
ShowWindow
DestroyWindow
MonitorFromWindow
MapWindowPoints
GetActiveWindow
GetFocus
GetClientRect
UnhookWindowsHookEx
GetWindowThreadProcessId
InvalidateRect
CharLowerA
BringWindowToTop
CopyImage
CharLowerBuffA

gdi32

CreateDIBitmap
SetDIBits
SetStretchBltMode
RestoreDC
SaveDC
TextOutA
CreateRectRgnIndirect
CombineRgn
ExcludeClipRect
CreateSolidBrush
GetClipBox
GetDeviceCaps
Polyline
Polygon
CreatePatternBrush
CreateBitmap
PatBlt
SetBkColor
GetStockObject
SetTextColor
SetBkMode
CreateCompatibleBitmap
SetViewportOrgEx
LineTo
MoveToEx
CreatePen
SelectObject
GetDIBColorTable
StretchBlt
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
DeleteObject

advapi32

CryptGenRandom
FreeSid
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
CryptReleaseContext
CryptAcquireContextA
RegCloseKey

shell32

ord4
ord2
CommandLineToArgvW
SHGetSpecialFolderLocation
SHGetSpecialFolderPathW
SHGetDesktopFolder
ord25
DoEnvironmentSubstW

ole32

FreePropVariantArray
StgOpenStorageOnILockBytes
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
VarUI4FromStr
SysAllocString
VariantInit
VariantChangeType
VarBstrFromR8
SysAllocStringLen
SysStringLen
LoadRegTypeLi
LoadTypeLi
VariantClear

shlwapi

PathAddBackslashW
PathCompactPathW
PathIsRootW
PathFindFileNameW
PathStripToRootW
PathFindFileNameA
PathAddExtensionW
PathStripPathW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathMatchSpecW
PathIsDirectoryW
PathIsDirectoryEmptyW
PathCombineW
PathGetDriveNumberW
PathRemoveExtensionW
PathFindExtensionW

comctl32

_TrackMouseEvent
ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Add
ImageList_GetIcon
ImageList_GetImageCount
DestroyPropertySheetPage
PropertySheetW
ImageList_LoadImageW
ImageList_Draw
ImageList_GetIconSize
CreatePropertySheetPageW

msimg32

TransparentBlt
AlphaBlend

ws2_32

WSACleanup
WSAStartup

crypt32

CryptMsgGetParam
CertFindCertificateInStore
CertGetNameStringW
CertFreeCertificateContext
CryptQueryObject
CertCloseStore
CryptMsgClose

wintrust

WinVerifyTrust

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 450KB - Virtual size: 449KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 246KB - Virtual size: 246KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3fa6752e930669c21fd506730bcb8dd7

Headers

DLL Characteristics

File Characteristics

Imports

wininet

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

msimg32

ws2_32

crypt32

wintrust

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 450KB - Virtual size: 449KB

.data Size: 101KB - Virtual size: 127KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 246KB - Virtual size: 246KB

.reloc Size: 195KB - Virtual size: 194KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 450KB - Virtual size: 449KB

.data
Size: 101KB - Virtual size: 127KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 246KB - Virtual size: 246KB

.reloc
Size: 195KB - Virtual size: 194KB