NEAS[.]16dee0fcf07ebad84082990d3935f480[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.16dee0fcf07ebad84082990d3935f480.exe
Size

209KB
MD5

16dee0fcf07ebad84082990d3935f480
SHA1

8a0d0e869a78049a356cf697a17bee2e0d0add3f
SHA256

83dff9f269088986a18cfc9e07921ab7ec062949419826b738d694dc3770862d
SHA512

0a3034b30296492b156a5179de499fc7ff21226a882a749c00d2c325fc2feb7610ec6910044711c40fe958767125beea0c3dec6ab5dcc042d524ad3fe5ce9153
SSDEEP

3072:azzAUdE+i5iZi+mIHankN/Jas83LzByKmlyhsvI6mNmuAg0Fuj85SdcExxUBy:a3ioekja3PB+8AO5diB

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.16dee0fcf07ebad84082990d3935f480.exe

Files

NEAS.16dee0fcf07ebad84082990d3935f480.exe
.exe windows:6 windows x86

b31eaf51f87266fde0ca63ed92763010

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

IntlStrEqWorkerW
PathIsURLW
PathMakePrettyA
SHRegDeleteUSValueA
PathIsSameRootW

kernel32

HeapAlloc
GetProcessHeap
Sleep
SetStdHandle
LoadLibraryA
EnumSystemCodePagesW
ReadConsoleW
CreateFileW
HeapSize
WriteConsoleW
GetProcAddress
DeleteCriticalSection
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetFilePointerEx
GetFileSizeEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileType
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
WriteFile
GetStdHandle
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
HeapReAlloc
HeapFree
LoadLibraryExW
FreeLibrary
GetLastError
RtlUnwind
RaiseException
TerminateProcess
GetCurrentProcess
InitializeSListHead
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WaitForSingleObjectEx
ResetEvent
SetEvent
CloseHandle
GetCPInfo
GetStringTypeW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
MultiByteToWideChar
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
LCMapStringW
GetLocaleInfoW

comdlg32

PrintDlgExW
ChooseFontA
ReplaceTextA
PrintDlgW
PageSetupDlgW

wininet

InternetSetOptionW
InternetTimeFromSystemTime
RetrieveUrlCacheEntryFileW
ParseX509EncodedCertificateForListBoxEntry
InternetHangUp
LoadUrlCacheContent

msacm32

acmFilterDetailsW
acmFormatEnumW
acmFormatEnumA
acmDriverAddW
acmFormatDetailsA
acmFilterEnumW

msi

ord129
ord96
ord43
ord117
ord16
ord80
ord26

wsnmp32

ord301
ord402
ord903
ord902

user32

GetSysColor
GetGuiResources
DefMDIChildProcW
OemToCharW
DragDetect
GetWindowRect
DdeCreateDataHandle
MessageBoxIndirectW

mswsock

GetServiceW
GetNameByTypeW
NPLoadNameSpaces
getnetbyname
EnumProtocolsA

winmm

mmioSendMessage
mixerGetControlDetailsA
midiOutMessage
auxGetVolume
DriverCallback
joySetCapture
waveOutBreakLoop
wod32Message

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantInit
SysAllocString

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b31eaf51f87266fde0ca63ed92763010

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

kernel32

comdlg32

wininet

msacm32

msi

wsnmp32

user32

mswsock

winmm

ole32

oleaut32

Sections

.text Size: 125KB - Virtual size: 124KB

.rdata Size: 61KB - Virtual size: 61KB

.data Size: 12KB - Virtual size: 15KB

.gfids Size: 512B - Virtual size: 396B

.tls Size: 512B - Virtual size: 9B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 125KB - Virtual size: 124KB

.rdata
Size: 61KB - Virtual size: 61KB

.data
Size: 12KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 396B

.tls
Size: 512B - Virtual size: 9B

.reloc
Size: 8KB - Virtual size: 8KB