NEAS[.]8f57a0567d808854d30e7ce6435bd4b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8f57a0567d808854d30e7ce6435bd4b0.exe
Size

930KB
MD5

8f57a0567d808854d30e7ce6435bd4b0
SHA1

d24ce4661d7bc13ec63794ed76a64f94d3d56b02
SHA256

a3873c5a02105f420829d6417451cb6cbd4b7611a053a3451eec155c93050b42
SHA512

7fe2d2cab81190ab98ba208124aa4212c5156a06879ff1538cf89a357c7a860a9a0ec741b3fe7c879aa8a55329753f123607b4cb7393c3d1e363f8301941d8fd
SSDEEP

24576:6iVkpq8d+CSVVhULlWxC79QtRogrMeIzhgm3RAg:6if8Et5s7afoyMeIzhd3Kg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8f57a0567d808854d30e7ce6435bd4b0.exe

Files

NEAS.8f57a0567d808854d30e7ce6435bd4b0.exe
.exe windows:5 windows x86

9bb6d175c055978d1388407261311c4a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

imm32

ImmAssociateContext

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

SetFilePointer
GetFileSize
CreateFileA
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
WritePrivateProfileStringA
GetPrivateProfileStringA
IsBadReadPtr
CreateEventA
Sleep
GetDriveTypeA
FreeLibrary
SetErrorMode
GetPrivateProfileIntA
GetComputerNameA
InitializeCriticalSection
DeleteFileA
CloseHandle
GetProcAddress
MoveFileA
GetLocalTime
SetFileAttributesA
CopyFileA
GetThreadPriority
VirtualAlloc
CreateSemaphoreA
VirtualFree
GetSystemInfo
ReleaseSemaphore
MulDiv
lstrcmpW
CreateFileW
WriteConsoleW
LoadLibraryW
HeapReAlloc
SetCurrentDirectoryA
ReadFile
RtlUnwind
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
LCMapStringW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCurrentThread
GetCurrentThreadId
SetLastError
TlsFree
GetCurrentDirectoryA
WriteFile
DeleteCriticalSection
lstrlenA
MultiByteToWideChar
GetCurrentProcessId
GetModuleHandleA
ResetEvent
WaitForMultipleObjects
SetThreadPriority
lstrcpyA
CreateThread
ExitThread
InterlockedIncrement
InterlockedDecrement
WaitForSingleObject
SetEvent
GetLastError
lstrcpynA
CreateDirectoryA
GetVersionExA
lstrcmpiA
CreateMutexA
GetACP
EncodePointer
DecodePointer
ResumeThread
GetCommandLineA
HeapSetInformation
GetStartupInfoW
HeapFree
HeapAlloc
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
HeapSize
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue

user32

ReleaseDC
RegisterWindowMessageA
FillRect
LoadIconA
GetDesktopWindow
SetCursor
wsprintfA
CreateWindowExA
SetRect
MsgWaitForMultipleObjects
MessageBoxA
LoadCursorA
SetCursorPos
GetDC
GetQueueStatus
PostThreadMessageA
GetMessageA
IntersectRect
GetCursorPos
ScreenToClient
AdjustWindowRectEx
SetWindowPos
GetWindowLongA
SetWindowLongA
GetMonitorInfoA
InvalidateRect
GetClientRect
wvsprintfA
MoveWindow
UpdateWindow
SetWindowTextA
GetSystemMetrics
ReleaseCapture
PostMessageA
GetActiveWindow
SetMenu
ShowWindow
DefWindowProcA
GetWindowTextA
GetMenu
GetCapture
BeginPaint
SendMessageA
GetWindowTextLengthA
SetFocus
GetFocus
SetForegroundWindow
SetCapture
GetWindowDC
PostQuitMessage
RegisterClassExA
SetActiveWindow
GetWindowRect
GetSystemMenu
DestroyWindow
ClientToScreen
EndPaint
DispatchMessageA
PeekMessageA
TranslateMessage
IsDialogMessageA

gdi32

GetTextMetricsA
CreateCompatibleDC
SelectObject
CreateDIBSection
DeleteObject
DeleteDC
GetGlyphOutlineA
EnumFontFamiliesExA
CreateSolidBrush
BitBlt
GetObjectA
CreateFontIndirectA

advapi32

RegQueryInfoKeyA
RegCreateKeyExA
RegEnumKeyExA
GetUserNameA
RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA

shell32

SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetSpecialFolderPathA

ole32

CoInitialize
CoTaskMemFree
CoTaskMemAlloc
CreateItemMoniker
GetRunningObjectTable
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize

msacm32

acmDriverOpen
acmFormatTagDetailsA
acmDriverClose
acmDriverEnum
acmMetrics
acmFormatSuggest
acmStreamOpen
acmStreamSize
acmStreamPrepareHeader
acmStreamConvert
acmStreamUnprepareHeader
acmStreamClose
acmDriverDetailsA

dsound

ord1

gdiplus

GdiplusStartup
GdipCloneImage
GdipSaveImageToFile
GdipGetImageEncoders
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageEncodersSize

winmm

timeKillEvent
timeSetEvent
timeEndPeriod
timeBeginPeriod
timeGetTime

d3d9

Direct3DCreate9

d3dx9_42

D3DXGetImageInfoFromFileInMemory
D3DXLoadSurfaceFromFileInMemory
D3DXCreateFontA
D3DXCreateFontIndirectA
D3DXCheckVersion

dinput8

DirectInput8Create

Sections

.text
Size: 544KB - Virtual size: 543KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 147KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 911KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 130KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9bb6d175c055978d1388407261311c4a

Headers

DLL Characteristics

File Characteristics

Imports

imm32

version

kernel32

user32

gdi32

advapi32

shell32

ole32

msacm32

dsound

gdiplus

winmm

d3d9

d3dx9_42

dinput8

Sections

.text Size: 544KB - Virtual size: 543KB

.rdata Size: 147KB - Virtual size: 147KB

.data Size: 107KB - Virtual size: 911KB

.rsrc Size: 130KB - Virtual size: 130KB

.text
Size: 544KB - Virtual size: 543KB

.rdata
Size: 147KB - Virtual size: 147KB

.data
Size: 107KB - Virtual size: 911KB

.rsrc
Size: 130KB - Virtual size: 130KB