NEAS[.]fd877a0b3938428293e313b76d6dfa80[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fd877a0b3938428293e313b76d6dfa80.exe
Size

1.9MB
MD5

fd877a0b3938428293e313b76d6dfa80
SHA1

ae3b6ea2f2c67d9a1b2a67413cdef144f5e5e117
SHA256

087370f3b68c251337da54323076573b4211bd6aff1e81f55a73e47df62b9d0a
SHA512

ec103ea9770db5898550e4670360c666fcb8210a0324f20207352d243325ab160544e5523ca0a8a9a590b99a63a1a932d3e8620668f466b54d05798cdd04a510
SSDEEP

12288:NGnZ+FNQN3pLJ7Y+O06x7THkIIpyNM8V8bJ4T3BoS6A:f7OZLJ7Y+O06x7THkIo8ibaLBoS6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fd877a0b3938428293e313b76d6dfa80.exe

Files

NEAS.fd877a0b3938428293e313b76d6dfa80.exe
.exe windows:4 windows x86

dbd8a93f014d11cca2099f6c628cc6f7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

skinfeature

ord1
ord2
ord6
ord3
ord15

hid

HidD_SetFeature

hsengine

HSCharRecognize
HSEndCharRecogEngine
HSStartCharRecogEngine

kernel32

SetErrorMode
FindResourceExA
GetCurrentDirectoryA
RtlUnwind
HeapFree
HeapAlloc
TerminateProcess
GetDriveTypeA
GetStartupInfoA
GetCommandLineA
RaiseException
SetStdHandle
GetFileType
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetACP
EnterCriticalSection
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
SetUnhandledExceptionFilter
LCMapStringW
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
GlobalFlags
FileTimeToLocalFileTime
FileTimeToSystemTime
GetFullPathNameA
GetVolumeInformationA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GetOEMCP
ReadFile
GetCurrentProcess
DuplicateHandle
lstrcmpA
GetCurrentThread
SetFileAttributesA
SetFileTime
SystemTimeToFileTime
GetLastError
LocalFileTimeToFileTime
FindFirstFileA
FindClose
GetFileTime
GetFileSize
GetFileAttributesA
LocalFree
lstrcpynA
lstrlenA
InterlockedIncrement
MulDiv
SetLastError
InterlockedDecrement
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
GetModuleHandleA
LockResource
FindResourceA
LoadResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetVersion
GetUserDefaultLCID
CreateEventA
CreateThread
WaitForSingleObject
ResetEvent
GetTickCount
ExitThread
GetCurrentThreadId
lstrcpyA
LCMapStringA
WideCharToMultiByte
OpenMutexA
CreateMutexA
Sleep
ExitProcess
CopyFileA
GetModuleFileNameA
CreateProcessA
GetPrivateProfileIntA
MultiByteToWideChar
DeleteFileA
GetVersionExA
OutputDebugStringA
GetPrivateProfileStringA
CreateFileA
CloseHandle
WinExec
lstrcatA
WritePrivateProfileStringA
LoadLibraryA
GetProcAddress
FreeLibrary
GetCPInfo
GetProcessVersion
LocalReAlloc
TlsGetValue
WriteFile
TlsSetValue
HeapReAlloc
InterlockedExchange

user32

AdjustWindowRectEx
DispatchMessageA
PeekMessageA
MapWindowPoints
SendDlgItemMessageA
CheckRadioButton
IsDialogMessageA
SetWindowTextA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
GetMenuCheckMarkDimensions
GetWindowDC
TabbedTextOutA
GrayStringA
ValidateRect
TranslateMessage
GetMessageA
LoadStringA
DestroyMenu
wvsprintfA
GetAsyncKeyState
MapDialogRect
CharUpperA
GetClassNameA
GetSysColorBrush
GetTopWindow
IsChild
WinHelpA
GetMenu
TrackPopupMenu
GetWindowTextLengthA
GetDlgCtrlID
GetKeyState
CreateWindowExA
SetWindowsHookExA
CallNextHookEx
SetPropA
UnhookWindowsHookEx
GetPropA
RemovePropA
GetMessageTime
GetMessagePos
GetLastActivePopup
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetNextDlgTabItem
EndDialog
GetActiveWindow
CreateDialogIndirectParamA
GetWindow
MessageBeep
mouse_event
GetWindowThreadProcessId
AttachThreadInput
GetFocus
GetClassInfoA
UnregisterClassA
RegisterClassA
DrawIcon
RegisterWindowMessageA
RemoveMenu
PostQuitMessage
SetActiveWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
ShowCursor
GetMenuStringA
GetMenuItemID
GetMenuItemCount
AppendMenuA
DeleteMenu
DestroyIcon
WindowFromPoint
OffsetRect
SetClassLongA
GetScrollRange
GetScrollPos
wsprintfA
SetScrollRange
SetScrollPos
FillRect
FindWindowA
PostMessageA
MessageBoxA
GetDlgItem
RegisterDeviceNotificationA
LoadMenuA
GetSubMenu
DestroyWindow
KillTimer
SetTimer
LoadIconA
EnumWindows
IsWindow
IsWindowVisible
IsWindowEnabled
LoadBitmapA
GetForegroundWindow
SetForegroundWindow
GetCursorPos
GetWindowTextA
EnableWindow
ShowWindow
GetWindowRect
GetDesktopWindow
PtInRect
LoadCursorA
GetDC
ReleaseDC
SendMessageA
BeginPaint
EndPaint
CallWindowProcA
DefWindowProcA
ScreenToClient
GetWindowLongA
SetWindowLongA
GetCapture
GetParent
InflateRect
GetSysColor
SetCursor
ReleaseCapture
SetFocus
SetCapture
UpdateWindow
ClientToScreen
DrawTextA
SetRect
GetClassLongA
SetRectEmpty
InvalidateRect
GetClientRect
GetSystemMetrics
EqualRect
CopyRect
GetSystemMenu

gdi32

SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetStockObject
PtVisible
RectVisible
ExtTextOutA
Escape
EnumFontFamiliesExA
RestoreDC
SaveDC
SetBkColor
GetClipBox
TextOutA
PatBlt
StretchBlt
SetTextColor
Rectangle
GdiFlush
IntersectClipRect
Arc
DeleteDC
DeleteObject
SelectObject
SetROP2
MoveToEx
SetBkMode
GetObjectA
CreateFontIndirectA
RoundRect
Polygon
CreateCompatibleBitmap
GetDeviceCaps
CreateCompatibleDC
CreateBitmap
CreatePen
GetTextExtentPoint32A
CreateSolidBrush
LineTo
BitBlt
CreateDIBSection

comdlg32

ChooseColorA
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA

shell32

Shell_NotifyIconA
SHGetSpecialFolderPathA
SHGetFolderPathA
ShellExecuteA

comctl32

PropertySheetA
DestroyPropertySheetPage
ord17
CreatePropertySheetPageA

ole32

CoInitialize
CoCreateInstance

rpcrt4

UuidFromStringA

Sections

.text
Size: 256KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dbd8a93f014d11cca2099f6c628cc6f7

Headers

File Characteristics

Imports

skinfeature

hid

hsengine

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shell32

comctl32

ole32

rpcrt4

Sections

.text Size: 256KB - Virtual size: 252KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 32KB - Virtual size: 50KB

.rsrc Size: 1.6MB - Virtual size: 1.6MB

.text
Size: 256KB - Virtual size: 252KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 32KB - Virtual size: 50KB

.rsrc
Size: 1.6MB - Virtual size: 1.6MB