NEAS[.]64462f852210946c89e9f2ae767f60c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.64462f852210946c89e9f2ae767f60c0.exe
Size

9.9MB
MD5

64462f852210946c89e9f2ae767f60c0
SHA1

cc1466e882c2682da87118ea2988d17b9bfb911e
SHA256

86169db63605fbd376ed2bd5d5b1c5d912acf253c2b9c54425dba841f70045af
SHA512

ae454077c48de5f82f649ef68799b61a139571324e8830a89bc7f7af559ab3f5fb758065aa2e63ac5ef7a755086c94d1806770af7c0a7514f3db5aee860660cd
SSDEEP

196608:Ve8bPiUpwydE5foIBz7SEf6KBloYUzMbkCE/Jsv6tWKFdu9CbHFg3C:VUCEVhUFCE/Jsv6tWKFdu9Cy3C

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.64462f852210946c89e9f2ae767f60c0.exe

Files

NEAS.64462f852210946c89e9f2ae767f60c0.exe
.exe windows:6 windows x86

57b2235e88014cbe47cb641d92de1917

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory

uxtheme

GetThemeBool
IsThemeActive
GetThemeInt
GetCurrentThemeName
SetWindowTheme
CloseThemeData
ord47
GetThemeColor
GetThemePartSize
GetThemeTransitionDuration
GetThemePropertyOrigin
IsThemeBackgroundPartiallyTransparent
GetThemeMargins
GetThemeEnumValue
OpenThemeData
GetThemeBackgroundRegion
IsAppThemed

dwmapi

DwmIsCompositionEnabled
DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
GetFontData
SetTextColor
GdiFlush
GetCharABCWidthsI
EnumFontFamiliesExW
CombineRgn
GetCharABCWidthsFloatW
SetGraphicsMode
GetCharABCWidthsW
BitBlt
CreateDIBSection
RemoveFontMemResourceEx
GetBitmapBits
SetBkMode
GetGlyphOutlineW
SetWorldTransform
SetTextAlign
AddFontMemResourceEx
DeleteObject
GetRegionData
GetDeviceCaps
CreateCompatibleDC
OffsetRgn
RemoveFontResourceExW
AddFontResourceExW
CreateBitmap
ExtTextOutW
GetDIBits
GetStockObject
CreateDCW
DeleteDC
GetObjectW
GetTextMetricsW
GetTextFaceW
SelectClipRgn
CreateCompatibleBitmap
SetLayout
SelectObject
GetOutlineTextMetricsW
CreateRectRgn

oleaut32

SafeArrayPutElement
SysFreeString
SysAllocString
SafeArrayCreateVector

imm32

ImmReleaseContext
ImmAssociateContextEx
ImmSetCandidateWindow
ImmAssociateContext
ImmGetVirtualKey
ImmNotifyIME
ImmGetDefaultIMEWnd
ImmGetCompositionStringW
ImmGetOpenStatus
ImmGetContext
ImmSetCompositionWindow

userenv

GetUserProfileDirectoryW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

NetShareEnum
NetApiBufferFree

ws2_32

htonl
WSAIoctl
WSAWaitForMultipleEvents
accept
listen
recvfrom
sendto
ioctlsocket
__WSAFDIsSet
select
bind
WSACloseEvent
closesocket
WSASetLastError
getpeername
getsockname
socket
ntohs
connect
getsockopt
htons
setsockopt
recv
WSAGetLastError
WSAEnumNetworkEvents
getaddrinfo
freeaddrinfo
WSAEventSelect
send
WSACreateEvent
WSAResetEvent
WSAAsyncSelect
WSACleanup
WSAStartup
gethostname

advapi32

CryptHashData
CryptImportKey
RegQueryValueExW
MapGenericMask
CryptCreateHash
RegCreateKeyExW
GetTokenInformation
AllocateAndInitializeSid
LookupAccountSidW
CryptEncrypt
CopySid
CryptGenRandom
RegFlushKey
OpenProcessToken
CryptDestroyKey
GetSidSubAuthority
CryptGetHashParam
RegEnumValueW
RegOpenKeyExW
CryptDestroyHash
GetSidSubAuthorityCount
BuildTrusteeWithSidW
RegCloseKey
CryptAcquireContextW
GetNamedSecurityInfoW
RegEnumKeyExW
RegQueryInfoKeyW
FreeSid
AccessCheck
DuplicateToken
SystemFunction036
CryptReleaseContext
GetLengthSid
GetEffectiveRightsFromAclW
RegSetValueExW
RegDeleteKeyW
RegDeleteValueW

kernel32

GetProcessHeap
CompareStringEx
GetCommandLineW
EncodePointer
SetEnvironmentVariableA
ExitThread
LeaveCriticalSection
RtlUnwind
GetStdHandle
GetCurrentProcessId
TlsGetValue
LocalFree
SetEvent
VerSetConditionMask
OpenFileMappingW
TerminateProcess
GetConsoleWindow
GetFileInformationByHandle
ResumeThread
CheckRemoteDebuggerPresent
GlobalLock
GetProcAddress
IsProcessorFeaturePresent
GetLongPathNameW
UnregisterWaitEx
GetModuleHandleW
GetVolumeInformationW
WaitForSingleObject
VerifyVersionInfoW
IsValidLocale
SetEndOfFile
HeapAlloc
FindNextFileW
FreeEnvironmentStringsW
GetThreadPriority
EnumSystemLocalesW
InitializeSListHead
FreeLibrary
FreeLibraryAndExitThread
GetLocaleInfoW
LoadLibraryW
GetUserGeoID
ReleaseMutex
WTSGetActiveConsoleSessionId
GetExitCodeProcess
GetUserDefaultLCID
QueryPerformanceCounter
TzSpecificLocalTimeToSystemTime
GetStringTypeW
GetConsoleMode
InitializeCriticalSection
SetLastError
GetCPInfo
IsValidCodePage
MoveFileExW
DeleteFileW
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
GetTickCount64
SetErrorMode
GetConsoleCP
QueryPerformanceFrequency
CreateSemaphoreW
GetFileSize
GetDriveTypeW
GetLocalTime
TerminateThread
GlobalAlloc
ExitProcess
Sleep
GetGeoInfoW
CreateEventW
WriteConsoleW
MapViewOfFile
SetThreadPriority
GetModuleFileNameW
GetCommandLineA
GetCurrentThread
PeekNamedPipe
MoveFileW
SetFileTime
UnmapViewOfFile
TlsAlloc
WriteFile
CreateProcessW
VirtualFree
GetFileInformationByHandleEx
FindNextFileA
InitializeCriticalSectionEx
WaitForSingleObjectEx
GetVolumePathNamesForVolumeNameW
SetEnvironmentVariableW
GetEnvironmentStringsW
TlsFree
GetCurrentThreadId
SetFileAttributesW
GetFileAttributesExW
GetSystemTime
GetDateFormatW
FindFirstFileW
CreateFileMappingW
HeapFree
GetTimeZoneInformation
GetSystemInfo
OutputDebugStringW
LCMapStringW
CreateDirectoryW
FindClose
FindNextChangeNotification
GetCurrencyFormatW
CreateMutexW
DecodePointer
GetTimeFormatW
IsDebuggerPresent
ReadConsoleW
GetTempPathW
SleepEx
FindFirstFileExW
ExpandEnvironmentStringsW
LoadLibraryA
GetOEMCP
FileTimeToSystemTime
DuplicateHandle
CompareStringW
FlushFileBuffers
RaiseException
GetFullPathNameW
DeviceIoControl
GetCurrentProcess
GlobalUnlock
EnterCriticalSection
GetModuleHandleExW
GetUserPreferredUILanguages
GetSystemTimeAsFileTime
SystemTimeToTzSpecificLocalTime
HeapReAlloc
GetLogicalDrives
RegisterWaitForSingleObject
DeleteCriticalSection
GetModuleFileNameA
GetTickCount
GetEnvironmentVariableA
lstrcmpW
SetUnhandledExceptionFilter
FormatMessageW
WaitForMultipleObjects
CopyFileW
FindCloseChangeNotification
GlobalSize
RemoveDirectoryW
VirtualAlloc
MultiByteToWideChar
SetStdHandle
GetUserDefaultLangID
LoadLibraryExW
CreateThread
VirtualQuery
SystemTimeToFileTime
GetACP
FindFirstChangeNotificationW
GetStartupInfoW
GetSystemDirectoryW
ResetEvent
CloseHandle
GetFileSizeEx
TlsSetValue
GetFileAttributesW
FindFirstFileExA
UnhandledExceptionFilter
ReleaseSemaphore
SetFilePointerEx
GetFileType
ReadFile
CreateFileW
WideCharToMultiByte
OpenProcess
GetCurrentDirectoryW

ole32

OleUninitialize
CoCreateInstance
OleGetClipboard
OleIsCurrentClipboard
CoInitialize
CoInitializeEx
OleInitialize
CoUninitialize
RevokeDragDrop
DoDragDrop
CoLockObjectExternal
OleFlushClipboard
ReleaseStgMedium
CoTaskMemFree
StringFromGUID2
CoCreateGuid
CoGetMalloc
RegisterDragDrop
OleSetClipboard

shell32

SHCreateItemFromParsingName
CommandLineToArgvW
SHBrowseForFolderW
SHGetKnownFolderIDList
SHGetMalloc
ShellExecuteW
Shell_NotifyIconGetRect
Shell_NotifyIconW
SHGetFileInfoW
SHGetPathFromIDListW
ord727
SHCreateItemFromIDList
SHGetStockIconInfo

user32

MsgWaitForMultipleObjectsEx
GetCursor
DefWindowProcW
GetCapture
CreateIconIndirect
ReleaseDC
IsTouchWindow
GetWindowPlacement
SetWindowLongW
GetAncestor
CloseTouchInputHandle
GetWindowLongW
SetWindowsHookExW
DestroyWindow
SetWindowPos
UnregisterPowerSettingNotification
EnableMenuItem
CallNextHookEx
GetCursorPos
UnregisterDeviceNotification
UnregisterTouchWindow
MessageBoxW
ChangeWindowMessageFilterEx
UpdateLayeredWindowIndirect
CreatePopupMenu
GetWindowTextW
LoadCursorW
GetKeyboardState
GetDesktopWindow
IsHungAppWindow
GetCursorInfo
GetKeyboardLayoutList
IsWindow
FlashWindowEx
AdjustWindowRectEx
PeekMessageW
SetCaretPos
GetDoubleClickTime
IsZoomed
GetWindow
SetCursorPos
CreateCaret
GetCaretBlinkTime
GetMessageExtraInfo
SetForegroundWindow
ScreenToClient
CreateCursor
SendMessageW
TranslateMessage
GetIconInfo
FindWindowA
RealGetWindowClassW
DestroyCursor
DrawIconEx
GetClientRect
DispatchMessageW
EnumWindows
GetSysColorBrush
GetMenu
RegisterClassExW
EnumDisplayDevicesW
IsChild
MoveWindow
GetForegroundWindow
GetParent
RegisterTouchWindow
AppendMenuW
ShowWindow
ModifyMenuW
GetUpdateRect
MonitorFromPoint
ClientToScreen
EndPaint
DrawMenuBar
DestroyIcon
MessageBeep
GetWindowThreadProcessId
IsIconic
GetAsyncKeyState
SetLayeredWindowAttributes
IsWindowEnabled
GetSystemMenu
ShowCaret
RegisterPowerSettingNotification
ReleaseCapture
CreateWindowExW
RegisterDeviceNotificationW
TrackMouseEvent
GetTouchInputInfo
SetMenuItemInfoW
GetMonitorInfoW
CreateMenu
LoadIconW
PostMessageW
InsertMenuW
GetFocus
RegisterClassW
BeginPaint
GetKeyboardLayout
KillTimer
AttachThreadInput
ChildWindowFromPointEx
CharNextExA
GetKeyState
RegisterClipboardFormatW
SetClipboardViewer
TrackPopupMenuEx
GetSystemMetrics
MonitorFromWindow
LoadImageW
GetDC
SetTimer
RegisterWindowMessageW
EnumDisplayMonitors
SystemParametersInfoW
SetFocus
ToUnicode
SetWindowRgn
GetSysColor
ChangeClipboardChain
SetWindowTextW
UnregisterClassW
InvalidateRect
WindowFromPoint
DestroyCaret
SetCursor
GetMenuItemInfoW
SetWindowPlacement
SetParent
GetWindowRect
SetCapture
IsWindowVisible
UnhookWindowsHookEx
GetQueueStatus
MapVirtualKeyW
ToAscii
GetClipboardFormatNameW
TrackPopupMenu
GetClassInfoW
UpdateLayeredWindow
DestroyMenu
RemoveMenu
SetMenu
HideCaret

winmm

timeKillEvent
timeSetEvent
PlaySoundW

crypt32

CertOpenStore
CertAddCertificateContextToStore
CertEnumCertificatesInStore
CertFreeCertificateChain
CryptStringToBinaryW
CryptQueryObject
CertGetNameStringW
PFXImportCertStore
CertFreeCertificateContext
CertGetCertificateChain
CertFindCertificateInStore
CertCloseStore
CryptDecodeObjectEx
CertFreeCertificateChainEngine
CertCreateCertificateChainEngine
CertFindExtension

wldap32

ord142
ord41
ord14
ord147
ord167
ord208
ord73
ord27
ord26
ord127
ord46
ord117
ord301
ord219
ord79
ord216
ord145
ord133

Sections

.text
Size: 6.3MB - Virtual size: 6.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 103KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qtmetad
Size: 1024B - Virtual size: 661B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.qtmimed
Size: 315KB - Virtual size: 315KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 223KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57b2235e88014cbe47cb641d92de1917

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

uxtheme

dwmapi

gdi32

oleaut32

imm32

userenv

version

netapi32

ws2_32

advapi32

kernel32

ole32

shell32

user32

winmm

crypt32

wldap32

Sections

.text Size: 6.3MB - Virtual size: 6.3MB

.rdata Size: 2.9MB - Virtual size: 2.9MB

.data Size: 103KB - Virtual size: 144KB

.gfids Size: 1024B - Virtual size: 540B

.tls Size: 512B - Virtual size: 9B

.qtmetad Size: 1024B - Virtual size: 661B

.qtmimed Size: 315KB - Virtual size: 315KB

.rsrc Size: 68KB - Virtual size: 67KB

.reloc Size: 223KB - Virtual size: 223KB

.text
Size: 6.3MB - Virtual size: 6.3MB

.rdata
Size: 2.9MB - Virtual size: 2.9MB

.data
Size: 103KB - Virtual size: 144KB

.gfids
Size: 1024B - Virtual size: 540B

.tls
Size: 512B - Virtual size: 9B

.qtmetad
Size: 1024B - Virtual size: 661B

.qtmimed
Size: 315KB - Virtual size: 315KB

.rsrc
Size: 68KB - Virtual size: 67KB

.reloc
Size: 223KB - Virtual size: 223KB