NEAS[.]9b4a44904b0e9514da5f7d63eb00db60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9b4a44904b0e9514da5f7d63eb00db60.exe
Size

6.4MB
MD5

9b4a44904b0e9514da5f7d63eb00db60
SHA1

446b624b2095ae519437631b0a0a7a85ad9c4a81
SHA256

31eaf19b6744bec27763f7c348e40f03380599e0818c1bcbec71d4de50798eaf
SHA512

616e53ae45b9c97a9253fc31a24c51b9ae728979b168140402287582c4e9123266c0cb3f372debd990492390f8906cc4bc405b6496e2be8028ba8f1e7dd7d3a3
SSDEEP

98304:sTuv9PRIkF+zywz1Cbj/DS4DURAdmcROSdT7RXlYP1W:sCv5RTFDwzOhYAwI7hlYP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9b4a44904b0e9514da5f7d63eb00db60.exe

Files

NEAS.9b4a44904b0e9514da5f7d63eb00db60.exe
.exe windows:4 windows x86

090906eb449ad2189aaf64c1dbcd01c5

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

memset
memcpy
log10
_wfopen
fseek
fclose
wcslen
wcscpy
malloc
free
memmove
strncmp
isdigit
wcscmp
wcscat
memcmp
_stricmp
sscanf
sprintf
strcpy
strlen
strcat
_wstat
_wcsdup
strcmp
fread
longjmp
_setjmp3
ftell
strncpy
_wcsnicmp
_wcsicmp
wcsncmp
wcsncpy
_snwprintf
tolower
floor
localtime
mktime
gmtime
_itow
abs
sqrt
cos
fmod
sin
fabs
ceil
pow
??3@YAXPAX@Z
??2@YAPAXI@Z
wcsstr
setlocale
swscanf
calloc
_lseeki64
_errno
realloc
abort
_close
_wopen
_setmode
exit
_open_osfhandle
strchr
_strdup
_snprintf
strrchr
wctomb
_get_osfhandle
_open
toupper
wcschr
mbstowcs
frexp
modf
_CIpow
fopen
strerror
atof
fflush
fwrite
__p__iob
fprintf
ferror
getenv
_fdopen
strtol
strtoul
qsort
fputs
strstr
strpbrk
_access
_read
_write
atoi
memchr
fputc
fgets
strspn
strcspn
isupper
_stati64
time
_ftime
_vsnwprintf
??1type_info@@UAE@XZ

kernel32

GetModuleHandleW
HeapCreate
GetEnvironmentVariableW
CreateSemaphoreW
GetLastError
CloseHandle
HeapDestroy
ExitProcess
GetCurrentThreadId
Sleep
SystemTimeToFileTime
LocalFileTimeToFileTime
FindResourceW
LoadResource
LockResource
SizeofResource
CreateToolhelp32Snapshot
GetLogicalDriveStringsW
QueryDosDeviceW
FileTimeToLocalFileTime
FileTimeToSystemTime
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLangID
GetSystemDefaultLangID
MultiByteToWideChar
GetProcAddress
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
GetCurrentProcessId
OpenProcess
TerminateProcess
FormatMessageW
GetVolumeInformationW
FindFirstFileW
FindNextFileW
FindClose
WideCharToMultiByte
BeginUpdateResourceW
UpdateResourceW
EndUpdateResourceW
CreateProcessW
Beep
CreateFileW
DeviceIoControl
GetCommandLineW
GetComputerNameW
GetDateFormatW
GetDiskFreeSpaceExW
GetExitCodeProcess
GetFileTime
GetPrivateProfileStringW
GetShortPathNameW
GetSystemDirectoryW
GetSystemPowerStatus
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryW
GlobalMemoryStatus
LocalFree
Process32FirstW
Process32NextW
QueryPerformanceCounter
QueryPerformanceFrequency
SetComputerNameW
SetFileTime
SetSystemTime
SetVolumeLabelW
WritePrivateProfileStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
TerminateThread
HeapAlloc
HeapFree
FreeLibrary
LoadLibraryW
GetModuleFileNameW
DuplicateHandle
CreatePipe
GetStdHandle
PeekNamedPipe
ReadFile
SetEnvironmentVariableW
HeapReAlloc
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
DeleteFileW
TlsAlloc
TlsSetValue
GetTickCount
TlsGetValue
GetVersionExW
SetLastError
GetDriveTypeW
GetFileAttributesW
SetFileAttributesW
RemoveDirectoryW
SetCurrentDirectoryW
CreateDirectoryW
GetCurrentDirectoryW
CopyFileW
GetTempPathW
MoveFileW
MulDiv
GetLocalTime
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
HeapSize
TlsFree
DeleteCriticalSection
InterlockedCompareExchange
InterlockedExchange
VirtualAlloc
VirtualFree
IsValidCodePage
GetACP
GetOEMCP
GetFileType
GetFileInformationByHandle
GetFileAttributesA
CreateFileA
GetFullPathNameW
GetModuleHandleA
LoadLibraryA
GetSystemDirectoryA
VerSetConditionMask
VerifyVersionInfoA
SleepEx
ExpandEnvironmentStringsA
FormatMessageA
GetFileSizeEx
UnregisterWait
GetCurrentThread
RegisterWaitForSingleObject

user32

SendMessageW
OemToCharW
GetSysColor
UpdateWindow
GetDlgCtrlID
CallWindowProcW
SetWindowLongW
GetWindowLongW
GetClientRect
FillRect
GetClassNameW
GetWindow
SetWindowPos
InvalidateRect
GetKeyState
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SystemParametersInfoW
LockSetForegroundWindow
AllowSetForegroundWindow
SetForegroundWindow
IsIconic
ShowWindow
EnableWindow
RedrawWindow
CallNextHookEx
IsWindowEnabled
SetClassLongW
GetClassLongW
PeekMessageW
TranslateMessage
DispatchMessageW
GetWindowRect
OffsetRect
IsRectEmpty
MapWindowPoints
SubtractRect
IsWindow
GetParent
GetDC
ReleaseDC
BeginPaint
EndPaint
DefWindowProcW
GetAsyncKeyState
KillTimer
GetCursorPos
ScreenToClient
SetTimer
DrawTextW
FrameRect
InflateRect
SetWindowsHookExW
UnhookWindowsHookEx
FindWindowW
FindWindowExW
DrawFrameControl
EnumWindows
GetWindowTextW
SetCursorPos
AnimateWindow
BlockInput
ChangeDisplaySettingsW
CharToOemW
CreateWindowExW
DrawMenuBar
EnableMenuItem
EnumDisplaySettingsW
ExitWindowsEx
FlashWindow
GetDesktopWindow
GetFocus
GetLastInputInfo
GetSystemMenu
GetSystemMetrics
LoadCursorW
LockWorkStation
MessageBeep
PostMessageW
RegisterHotKey
RemoveMenu
SetFocus
UnregisterHotKey
WaitForInputIdle
keybd_event
mouse_event
LoadIconW
RegisterClassExW
MessageBoxW
DestroyWindow
GetWindowTextLengthW
UnregisterClassW
CreateAcceleratorTableW
BringWindowToTop
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
DestroyAcceleratorTable
IsWindowVisible
SetMenu
DestroyMenu
TrackPopupMenu
GetMenuItemInfoW
ModifyMenuW
SetMenuItemInfoW
CreatePopupMenu
AppendMenuW
SetWindowTextW
MoveWindow
IntersectRect
ValidateRect
GetUpdateRect
GetSysColorBrush
GetIconInfo
DrawStateW
DrawFocusRect
RemovePropW
GetPropW
SetPropW
SetScrollPos
GetWindowDC
SetRect
SetCursor
GetMessagePos
ReleaseCapture
SetCapture
ClipCursor
ChildWindowFromPointEx
GetCapture
ClientToScreen
EnumPropsExW
SetActiveWindow
DestroyIcon
MsgWaitForMultipleObjects
GetActiveWindow
IsZoomed
GetMenu
AdjustWindowRectEx
RegisterClassW
DefFrameProcW
EnumChildWindows
IsChild
RegisterWindowMessageW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
DrawIconEx
CopyImage
CreateIconFromResourceEx
CreateIconFromResource
CharUpperW
CharLowerW

gdi32

CreatePen
CreateSolidBrush
SelectObject
DeleteDC
DeleteObject
CreatePatternBrush
CreateRoundRectRgn
GetPixel
CreateCompatibleDC
SelectClipRgn
BitBlt
GetStockObject
RoundRect
SetBkMode
SetTextColor
SetDCBrushColor
SetBrushOrgEx
CreateDCW
CreateCompatibleBitmap
CreateFontIndirectW
CreateBrushIndirect
GetTextExtentPoint32W
SetBkColor
CreateRectRgn
GetObjectW
GetObjectType
ExcludeClipRect
CreateRectRgnIndirect
TextOutW
MoveToEx
LineTo
CreateDIBSection
GdiGetBatchLimit
GdiSetBatchLimit
SetStretchBltMode
StretchBlt
GetDeviceCaps
GetClipRgn
ExtSelectClipRgn
GetDIBits
SetTextAlign
SelectPalette
RealizePalette
SetPixelV
Rectangle
Ellipse
StretchDIBits
SetROP2
ExtFloodFill
GetTextMetricsW
CreateBitmap
SetPixel
GetObjectA
CreateFontW

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegOpenKeyExW
RegOpenKeyW
RegConnectRegistryW
RegQueryValueExW
RegCloseKey
QueryServiceStatus
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
LookupAccountNameW
IsValidSid
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyW
AdjustTokenPrivileges
ChangeServiceConfigW
ControlService
CryptAcquireContextW
CryptCreateHash
CryptDeriveKey
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptHashData
CryptReleaseContext
GetUserNameW
ImpersonateLoggedOnUser
LogonUserW
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
RevertToSelf
StartServiceW
CryptGenRandom
CryptAcquireContextA
CryptGetHashParam

oleaut32

SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement

ole32

CoInitialize
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateGuid
StringFromGUID2
RevokeDragDrop

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ExtractIconExW
ExtractIconW
ord66
ord524
SHAddToRecentDocs
SHFileOperationW
SHFormatDrive
SHGetFileInfoW
ShellAboutW
Shell_NotifyIconW
ShellExecuteExW

ws2_32

WSAStartup
gethostbyname
WSACleanup
gethostbyaddr
inet_addr
closesocket
socket
htons
bind
ioctlsocket
connect
select
__WSAFDIsSet
gethostname
recvfrom
recv
send
sendto
WSAGetLastError
ntohs
WSASetLastError
getsockopt
setsockopt
getpeername
getsockname
WSAIoctl
getaddrinfo
freeaddrinfo
htonl
listen
accept
ntohl

crypt32

CertFreeCertificateContext
CertOpenStore
CryptStringToBinaryA
CertFindCertificateInStore
CertCloseStore
CertEnumCertificatesInStore
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChainEngine
CertFreeCertificateChain
CryptQueryObject
CertAddCertificateContextToStore
CertGetNameStringA

winmm

timeBeginPeriod

gdiplus

GdipDeleteFont
GdipDeleteGraphics
GdipDeletePath
GdipDeleteMatrix
GdipDeletePen
GdipDeleteStringFormat
GdipFree
GdipGetDpiX
GdipGetDpiY
GdiplusStartup
GdipCreateFontFromDC
GdipCreateFromHDC
GdipCreatePath
GdipCreateMatrix
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipAlloc
GdipCloneBrush
GdipCloneStringFormat
GdipStringFormatGetGenericTypographic
GdipGetStringFormatFlags
GdipScaleMatrix
GdipSetCompositingMode
GdipSetStringFormatFlags
GdipSetInterpolationMode
GdipSetPageUnit
GdipSetSmoothingMode
GdipSetTextRenderingHint
GdipTranslateWorldTransform
GdipTranslateMatrix
GdipStartPathFigure
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHICON
GdipCreateBitmapFromGdiDib
GdipCreateImageAttributes
GdipDisposeImage
GdipDisposeImageAttributes
GdipCloneImage
GdipDrawImageRectRect
GdipGetImageBounds
GdipGetImageHeight
GdipGetImageWidth
GdipImageRotateFlip
GdipSetImageAttributesColorMatrix
GdipVectorTransformMatrixPoints
GdipCreateFontFromLogfontA
GdipCreateFont
GdipDeleteFontFamily
GdipGetFamily
GdipGetFontSize
GdipGetFontStyle
GdipInvertMatrix
GdipMultiplyMatrix
GdipMultiplyWorldTransform
GdipTransformPath
GdipTransformMatrixPoints
GdipSetMatrixElements

icmp

IcmpCloseHandle
IcmpCreateFile
IcmpSendEcho

imagehlp

MakeSureDirectoryPathExists

iphlpapi

GetAdaptersInfo
GetNetworkParams

msi

ord45
ord70

netapi32

NetApiBufferFree
NetLocalGroupAdd
NetLocalGroupDel
NetLocalGroupEnum
NetUserDel
NetUserGetInfo
NetUserSetInfo

setupapi

SetupIterateCabinetW

urlmon

URLDownloadToFileW
UrlMkSetSessionOption

userenv

GetDefaultUserProfileDirectoryW

uxtheme

SetWindowTheme

wininet

DeleteUrlCacheEntryW
InternetCloseHandle
InternetGetConnectedState
InternetOpenUrlW
InternetOpenW
InternetReadFile
UnlockUrlCacheEntryFileW

winspool.drv

ClosePrinter
DeletePrinter
OpenPrinterW
SetPrinterW

comctl32

InitCommonControlsEx
_TrackMouseEvent
ImageList_Replace
ImageList_Add
ImageList_ReplaceIcon
ImageList_Remove
ImageList_AddMasked
ImageList_Destroy
ImageList_Create

Sections

.code
Size: 259KB - Virtual size: 258KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.text
Size: 913KB - Virtual size: 913KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 201KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

090906eb449ad2189aaf64c1dbcd01c5

Headers

File Characteristics

Imports

msvcrt

kernel32

user32

gdi32

advapi32

oleaut32

ole32

shell32

ws2_32

crypt32

winmm

gdiplus

icmp

imagehlp

iphlpapi

msi

netapi32

setupapi

urlmon

userenv

uxtheme

wininet

winspool.drv

comctl32

Sections

.code Size: 259KB - Virtual size: 258KB

.text Size: 913KB - Virtual size: 913KB

.rdata Size: 201KB - Virtual size: 200KB

.data Size: 5.0MB - Virtual size: 5.0MB

.rsrc Size: 45KB - Virtual size: 45KB

.code
Size: 259KB - Virtual size: 258KB

.text
Size: 913KB - Virtual size: 913KB

.rdata
Size: 201KB - Virtual size: 200KB

.data
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 45KB - Virtual size: 45KB