NEAS[.]c443869ca2d42273164bc88494040d50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c443869ca2d42273164bc88494040d50.exe
Size

292KB
MD5

c443869ca2d42273164bc88494040d50
SHA1

65c9f8c1244f7e8f22c3482831c68b6e5b689717
SHA256

a414fe45050469b1e465bde9c198dcf81c49209d145fe3c455cbf49352dd5246
SHA512

c9c9b00960ae45eef532b813a2d183ab5a26ff1093e3f637dd21381afac4037d0768ec5b653be667aa82084f5ca2367545dd7fc8270f240a773e2ded08e7a6d9
SSDEEP

6144:2o6ubbEDhh0Uke1QmRlxn8NYw/zyB1Igu9WChco:e8EDhC+1rRLn2r/ISL9Rh

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c443869ca2d42273164bc88494040d50.exe

Files

NEAS.c443869ca2d42273164bc88494040d50.exe
.dll windows:10 windows x86

168c605cc7aad8148e6d671107cf86d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memmove_s
wcschr
wcsrchr
_vsnwprintf
_purecall
_wcsnicmp
_XcptFilter
_amsg_exit
free
malloc
_initterm
_lock
_unlock
__dllonexit
_onexit
_except_handler4_common
memcpy
memcmp
_wcsicmp
__CxxFrameHandler3
memcpy_s
memset

ntdll

RtlEqualSid
RtlFreeSid
WinSqmIsOptedInEx
RtlGetDeviceFamilyInfoEnum
RtlGetAppContainerSidType
WinSqmAddToStream
RtlGUIDFromString
RtlCompareUnicodeString
RtlNtStatusToDosErrorNoTeb
NtQueryInformationToken
RtlAddAccessAllowedAceEx
RtlDeleteCriticalSection
RtlFreeHeap
RtlReAllocateHeap
RtlGetAppContainerParent
RtlCapabilityCheck
NtDeleteWnfStateName
RtlPublishWnfStateData
NtCreateWnfStateName
RtlAbsoluteToSelfRelativeSD
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
RtlCreateAcl
RtlCreateSecurityDescriptor
RtlAllocateAndInitializeSid
NtQueryInformationProcess
RtlCompareMemory
NtSetInformationProcess
RtlInitUnicodeString
RtlFreeUnicodeString
RtlDosPathNameToNtPathName_U
RtlNtStatusToDosError
NtCreateFile
RtlAllocateHeap

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep
InitOnceInitialize
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-eventing-classicprovider-l1-1-0

GetTraceLoggerHandle
UnregisterTraceGuids
GetTraceEnableLevel
GetTraceEnableFlags
TraceMessage
RegisterTraceGuidsW

api-ms-win-core-file-l1-1-0

GetDriveTypeW
CreateFileW

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError
RaiseException

api-ms-win-core-com-l1-1-0

CoReleaseMarshalData
CreateStreamOnHGlobal
CoRevertToSelf
CoImpersonateClient
CoSetProxyBlanket
CoCreateFreeThreadedMarshaler
CoUninitialize
CoMarshalInterface
CoWaitForMultipleHandles
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoGetCallerTID
CoGetApartmentType
CoInitializeEx

api-ms-win-core-processthreads-l1-1-0

OpenThreadToken
GetCurrentThread
GetExitCodeProcess
OpenThread
CreateThread
GetCurrentProcessId
TlsAlloc
TlsSetValue
OpenProcessToken
GetCurrentProcess
TerminateProcess
GetCurrentThreadId
TlsFree

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegEnumKeyExW
RegOpenCurrentUser
RegDeleteKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegCloseKey
RegDeleteTreeW
RegOpenKeyExW
RegCreateKeyExW
RegGetValueW

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockShared
AcquireSRWLockShared
EnterCriticalSection
CreateEventW
SetEvent
ReleaseSRWLockExclusive
LeaveCriticalSection
WaitForSingleObjectEx
ReleaseSemaphore
CreateEventExW
AcquireSRWLockExclusive
ReleaseMutex
InitializeCriticalSectionEx
InitializeCriticalSection
CreateSemaphoreExW
CreateMutexExW
OpenSemaphoreW
DeleteCriticalSection
ResetEvent
WaitForSingleObject

api-ms-win-security-sddl-l1-1-0

ConvertSidToStringSidW
ConvertStringSidToSidW

api-ms-win-core-psapi-l1-1-0

K32EnumProcesses

api-ms-win-security-base-l1-1-0

CopySid
GetLengthSid
DuplicateTokenEx
CreateWellKnownSid
DuplicateToken
AllocateAndInitializeSid
EqualSid
GetTokenInformation
FreeSid

api-ms-win-security-base-l1-2-0

CheckTokenCapability

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWrite
EventRegister
EventUnregister

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
GetModuleHandleW
GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
FreeLibraryAndExitThread
LoadStringW
DisableThreadLibraryCalls

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
SetRestrictedErrorInfo
RoOriginateErrorW
GetRestrictedErrorInfo
RoTransformError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsStringHasEmbeddedNull
WindowsCreateStringReference
WindowsDeleteString
WindowsIsStringEmpty
WindowsGetStringRawBuffer

api-ms-win-core-io-l1-1-1

GetOverlappedResultEx
CancelSynchronousIo

api-ms-win-core-threadpool-l1-2-0

StartThreadpoolIo
CancelThreadpoolIo
SubmitThreadpoolWork
CreateThreadpoolWork
WaitForThreadpoolWorkCallbacks
FreeLibraryWhenCallbackReturns
CallbackMayRunLong
TrySubmitThreadpoolCallback
CloseThreadpoolTimer
CreateThreadpoolIo
WaitForThreadpoolTimerCallbacks
WaitForThreadpoolIoCallbacks
CloseThreadpoolWork
CreateThreadpoolTimer
SetThreadpoolTimer
CloseThreadpoolIo

api-ms-win-core-io-l1-1-0

DeviceIoControl
CancelIoEx

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoActivateInstance
RoGetActivationFactory
RoInitialize

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64

api-ms-win-core-synch-l1-2-1

CreateSemaphoreW
WaitForMultipleObjects

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-core-quirks-l1-1-0

QuirkIsEnabledForProcess

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

rpcrt4

NdrStubCall2
NdrStubForwardingFunction
CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
I_RpcOpenClientProcess
RpcServerInqCallAttributesW
NdrCStdStubBuffer_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer2_Release

api-ms-win-core-com-midlproxystub-l1-1-0

ObjectStublessClient14
CStdStubBuffer2_QueryInterface
ObjectStublessClient12
NdrProxyForwardingFunction4
NdrProxyForwardingFunction5
ObjectStublessClient11
ObjectStublessClient15
ObjectStublessClient3
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient6
ObjectStublessClient8
CStdStubBuffer2_Disconnect
ObjectStublessClient10
NdrProxyForwardingFunction3
ObjectStublessClient16
CStdStubBuffer2_Connect
ObjectStublessClient7
ObjectStublessClient9
ObjectStublessClient4
CStdStubBuffer2_CountRefs

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-kernel32-legacy-l1-1-0

GetSystemPowerStatus

api-ms-win-security-lsalookup-l1-1-0

LsaLookupOpenLocalPolicy
LsaLookupClose
LsaLookupFreeMemory
LsaLookupGetDomainInfo

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

api-ms-win-security-capability-l1-1-0

CapabilityCheck

combase

ord140

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-atoms-l1-1-0

GlobalGetAtomNameW

Exports

Exports

BrokeredOpenCommPort
CreateDeviceAccessInstance
DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject
ProcessTrackerInsertOrWait
ProcessTrackerRemove

Sections

.text
Size: 251KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

168c605cc7aad8148e6d671107cf86d1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

api-ms-win-core-synch-l1-2-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-security-sddl-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-security-base-l1-2-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-wow64-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-io-l1-1-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-io-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-quirks-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-profile-l1-1-0

rpcrt4

api-ms-win-core-com-midlproxystub-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-kernel32-legacy-l1-1-0

api-ms-win-security-lsalookup-l1-1-0

api-ms-win-core-apiquery-l1-1-0

api-ms-win-security-capability-l1-1-0

combase

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

api-ms-win-core-atoms-l1-1-0

Exports

Exports

Sections

.text Size: 251KB - Virtual size: 251KB

.data Size: 1KB - Virtual size: 3KB

.idata Size: 11KB - Virtual size: 10KB

.didat Size: 512B - Virtual size: 320B

.rsrc Size: 8KB - Virtual size: 8KB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 251KB - Virtual size: 251KB

.data
Size: 1KB - Virtual size: 3KB

.idata
Size: 11KB - Virtual size: 10KB

.didat
Size: 512B - Virtual size: 320B

.rsrc
Size: 8KB - Virtual size: 8KB

.reloc
Size: 18KB - Virtual size: 17KB