NEAS[.]74c7547c8d772e8f738bda024e0df4f0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.74c7547c8d772e8f738bda024e0df4f0.exe
Size

1.7MB
MD5

74c7547c8d772e8f738bda024e0df4f0
SHA1

feb8b1823a51408eb74f272f37d42a6624a8424d
SHA256

cb3ba46647cff282bc20bed244df3d2dcfaecdf927135e089a09be9450bc3072
SHA512

044114eda324b962caae8a09c627321268251cba179182e2489e18c413795369624adc0643775f32af8744f5ab0a16bfd3756eeca538f0c0267bf0db0f84cbd0
SSDEEP

24576:eWhxhdps7Og57B8LBA9czNCo2l6mvp9FF:hhE1B8Lcd9h

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.74c7547c8d772e8f738bda024e0df4f0.exe

Files

NEAS.74c7547c8d772e8f738bda024e0df4f0.exe
.exe windows:4 windows x86

0a48bb7e30cce86498f98e2fe1971c96

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFileExistsA

portset

??0CDigiPortSetDlg@@QAE@PAVCWnd@@@Z
??1CDigiPortSetDlg@@UAE@XZ

sx32w

RNBOsproFindFirstUnit
RNBOsproFormatPacket
RNBOsproRead
RNBOsproWrite
RNBOsproQuery
RNBOsproActivate
RNBOsproOverwrite
RNBOsproInitialize

rockey2

RY2_Read
RY2_Close
RY2_GenUID
RY2_Write
RY2_Find
RY2_Open

mfc42

ord795
ord540
ord800
ord5873
ord860
ord1825
ord4238
ord4696
ord3058
ord3065
ord6336
ord2510
ord2542
ord5243
ord5740
ord1746
ord5577
ord3172
ord5653
ord4420
ord4953
ord4858
ord2399
ord4387
ord3454
ord3198
ord6080
ord6175
ord4623
ord4426
ord338
ord652
ord4823
ord3873
ord2859
ord1920
ord4262
ord4589
ord4588
ord4899
ord4370
ord4892
ord5076
ord4341
ord4349
ord4889
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord517
ord784
ord3481
ord5768
ord5037
ord6119
ord4464
ord4508
ord4692
ord3076
ord5146
ord3573
ord3626
ord2414
ord5787
ord1641
ord3755
ord3663
ord4723
ord4480
ord5265
ord4998
ord2514
ord6052
ord1775
ord5280
ord4425
ord3597
ord641
ord324
ord2358
ord2366
ord2302
ord4234
ord6334
ord4853
ord4376
ord2642
ord4123
ord3092
ord4710
ord6880
ord4538
ord2301
ord2645
ord3711
ord783
ord2370
ord5148
ord2362
ord3093
ord2614
ord4055
ord2938
ord1779
ord1783
ord2574
ord4396
ord3572
ord3571
ord1270
ord4148
ord609
ord6217
ord6241
ord5953
ord537
ord668
ord858
ord3178
ord2781
ord2770
ord356
ord6232
ord6230
ord6148
ord2568
ord6268
ord6271
ord3225
ord3257
ord3912
ord2544
ord2543
ord2511
ord978
ord1731
ord5851
ord2883
ord6224
ord6226
ord2250
ord4732
ord4541
ord5477
ord4836
ord4440
ord3391
ord3720
ord794
ord527
ord3916
ord2115
ord2418
ord2398
ord6154
ord2530
ord4364
ord4056
ord5471
ord4121
ord2389
ord5082
ord1709
ord1712
ord6053
ord5234
ord6369
ord5279
ord5248
ord2444
ord3598
ord642
ord1205
ord327
ord4235
ord4299
ord3295
ord4366
ord5086
ord1710
ord1715
ord5064
ord3395
ord3730
ord807
ord554
ord2116
ord5882
ord2012
ord1200
ord3098
ord4220
ord2584
ord3654
ord2438
ord6270
ord2863
ord1644
ord3874
ord2515
ord355
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4303
ord3350
ord5012
ord975
ord5472
ord2879
ord2878
ord4151
ord4077
ord5237
ord5282
ord2649
ord1665
ord4436
ord4427
ord3619
ord796
ord674
ord529
ord366
ord2841
ord2086
ord5859
ord2860
ord6209
ord4284
ord2494
ord2627
ord2626
ord5871
ord2087
ord6000
ord2117
ord4163
ord6625
ord4457
ord5252
ord5981
ord3294
ord4499
ord2089
ord6067
ord5030
ord2107
ord5450
ord5440
ord6383
ord6394
ord2097
ord384
ord686
ord640
ord2405
ord6172
ord5785
ord1640
ord323
ord2096
ord5572
ord2915
ord4129
ord5710
ord2763
ord5261
ord4133
ord4297
ord5788
ord472
ord2754
ord613
ord5789
ord289
ord1175
ord4278
ord4202
ord536
ord3698
ord765
ord2108
ord5821
ord3662
ord414
ord6366
ord2818
ord4467
ord3403
ord4774
ord6828
ord4724
ord816
ord562
ord1858
ord5101
ord2101
ord5104
ord3351
ord976
ord4152
ord2382
ord5283
ord5254
ord2445
ord401
ord4245
ord4458
ord1859
ord3869
ord2127
ord2391
ord5102
ord5105
ord4468
ord2880
ord4153
ord2383
ord5284
ord4437
ord3721
ord4428
ord402
ord4246
ord4775
ord4501
ord1945
ord4273
ord4890
ord4964
ord4961
ord1726
ord654
ord813
ord341
ord560
ord1233
ord3706
ord5858
ord6140
ord2078
ord4264
ord2429
ord2259
ord801
ord772
ord541
ord500
ord5861
ord5860
ord6120
ord2252
ord1576
ord5852
ord3495
ord4083
ord2921
ord3289
ord1938
ord4268
ord4978
ord4977
ord4873
ord2453
ord2922
ord2920
ord1642
ord2753
ord5052
ord4800
ord4822
ord2681
ord5063
ord4454
ord1809
ord6255
ord5945
ord5657
ord6075
ord6074
ord3494
ord3493
ord5975
ord5974
ord3167
ord3166
ord3165
ord3164
ord1744
ord2392
ord6321
ord2608
ord1005
ord2760
ord4289
ord1975
ord5176
ord5177
ord5178
ord629
ord310
ord2472
ord2478
ord2474
ord2575
ord3574
ord2135
ord818
ord6197
ord6379
ord535
ord941
ord4224
ord3317
ord4295
ord2813
ord3550
ord4294
ord4061
ord4293
ord3998
ord6784
ord6649
ord5933
ord4039
ord5683
ord2652
ord1669
ord1759
ord2688
ord926
ord955
ord4160
ord3564
ord1949
ord4034
ord4750
ord5016
ord4375
ord4852
ord4834
ord4608
ord3499
ord4204
ord5766
ord6131
ord1262
ord2740
ord2801
ord665
ord1979
ord5442
ord353
ord6385
ord6141
ord5186
ord354
ord3790
ord1834
ord3175
ord3184
ord4287
ord2080
ord4229
ord6883
ord3452
ord6143
ord4023
ord3337
ord3811
ord3318
ord2764
ord6283
ord6282
ord4277
ord2448
ord5834
ord2044
ord5466
ord5465
ord6407
ord2917
ord1997
ord2808

msvcrt

__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__CxxFrameHandler
sprintf
sscanf
remove
strrchr
_ftol
strchr
strtok
_stricmp
_splitpath
atol
_CIpow
_initterm
fclose
fgets
fseek
fopen
__doserrno
_setmbcp
printf
srand
rand
_lseek
rename
_itoa
__set_app_type
__getmainargs
_acmdln
exit
_exit
_XcptFilter
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_onexit
__dllonexit
isdigit
strncmp
_controlfp
_CIacos
_CIasin
_findnext
_findfirst
_CIfmod
_makepath
localtime
memmove
atof
atoi
time
fprintf

kernel32

ReleaseSemaphore
CreateSemaphoreA
WaitForSingleObject
GetStartupInfoA
GetModuleHandleA
GetPrivateProfileStringA
GlobalMemoryStatus
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualFree
GetModuleFileNameA
GlobalFlags
GlobalLock
GlobalUnlock
CloseHandle
CreateFileA
DeviceIoControl
CreateDirectoryA
lstrcpynA
GetFileAttributesA
MultiByteToWideChar
lstrcpyA
GlobalAlloc
GlobalReAlloc
GlobalFree
CopyFileA
SetFileAttributesA
WinExec
_lcreat
_lwrite
SetCurrentDirectoryA
_lopen
_llseek
_lread
_lclose
OpenMutexA
CreateMutexA
GetLastError
Sleep
SearchPathA
GetVersion
SetErrorMode
GetProcAddress
LoadLibraryA
FreeLibrary
LocalFree
CreateEventA
LocalAlloc
SetCommTimeouts
PurgeComm
SetupComm
SetCommMask
SetCommState
BuildCommDCBA
GetCommState
EscapeCommFunction
GetOverlappedResult
OutputDebugStringA
ReadFile
ClearCommError
GetTickCount
GetCurrentProcessId
GetEnvironmentVariableA
OpenSemaphoreA

user32

SetCursor
LoadCursorA
GetSysColor
GetClientRect
EnableWindow
SetPropA
UpdateWindow
GetLastActivePopup
SetForegroundWindow
IsIconic
GetPropA
GetWindow
GetSystemMetrics
MessageBeep
SetCursorPos
PostMessageA
GetParent
WindowFromDC
RedrawWindow
SetWindowLongA
wsprintfA
GetUpdateRect
IntersectRect
IsWindow
GetWindowLongA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
OffsetRect
SetTimer
GetSystemMenu
KillTimer
GetCursorPos
MenuItemFromPoint
GetMenuItemRect
EqualRect
IsRectEmpty
SetRect
GetMenuItemInfoA
GetTabbedTextExtentA
CopyRect
DrawStateA
GetMenuItemCount
GetMenuItemID
GetMenuStringA
GetMenuState
LoadBitmapA
SystemParametersInfoA
GetDlgCtrlID
RemovePropA
IsWindowVisible
GetMenu
RemoveMenu
GetScrollRange
LoadMenuA
ModifyMenuA
GetSubMenu
InflateRect
SetWindowTextA
SetScrollRange
SetScrollPos
ClientToScreen
GetWindowRect
SendMessageA
FillRect
FrameRect
PtInRect
ReleaseCapture
SetCapture
ScreenToClient
GetDC
ReleaseDC
GetKeyState
InvalidateRect
GetDesktopWindow

gdi32

CreateCompatibleDC
GetTextExtentPoint32A
Polyline
FillRgn
CreatePolygonRgn
GetStockObject
GetBkColor
PatBlt
SelectObject
GetTextMetricsA
LPtoDP
LineTo
MoveToEx
CreateCompatibleBitmap
Arc
Ellipse
SetPixel
TextOutA
SetTextColor
SetBkMode
Rectangle
CreatePen
GetDeviceCaps
GetPixel
BitBlt
DeleteObject
GetObjectA
CreateFontIndirectA
SetROP2
DPtoLP
CreateSolidBrush

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoA

comctl32

ImageList_SetBkColor
ord8
ImageList_AddMasked
ImageList_GetImageInfo
ImageList_Draw
ImageList_GetIcon

ole32

CreateStreamOnHGlobal

olepro32

ord251

msvcirt

?get@istream@@IAEAAV1@PADHH@Z
??_Difstream@@QAEXXZ
??0ifstream@@QAE@XZ
??1ifstream@@UAE@XZ
?close@ifstream@@QAEXXZ
?open@ifstream@@QAEXPBDHH@Z
?openprot@filebuf@@2HB
_mtunlock
_mtlock
?eatwhite@istream@@QAEXXZ
??0ios@@IAE@XZ
??1ios@@UAE@XZ

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiGetClassDevsA
SetupDiEnumDeviceInterfaces

Sections

.text
Size: 924KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CONST
Size: 4KB - Virtual size: 32B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 56KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 692KB - Virtual size: 692KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0a48bb7e30cce86498f98e2fe1971c96

Headers

File Characteristics

Imports

shlwapi

portset

sx32w

rockey2

mfc42

msvcrt

kernel32

user32

gdi32

shell32

comctl32

ole32

olepro32

msvcirt

setupapi

Sections

.text Size: 924KB - Virtual size: 920KB

CONST Size: 4KB - Virtual size: 32B

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 56KB - Virtual size: 163KB

.rsrc Size: 692KB - Virtual size: 692KB

.text
Size: 924KB - Virtual size: 920KB

CONST
Size: 4KB - Virtual size: 32B

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 56KB - Virtual size: 163KB

.rsrc
Size: 692KB - Virtual size: 692KB