NEAS[.]432b6632077fbd587377dae9600293c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.432b6632077fbd587377dae9600293c0.exe
Size

2.2MB
MD5

432b6632077fbd587377dae9600293c0
SHA1

f1c87e226f766e0d91d8a51f6c8950d32fcbbb0b
SHA256

19e8406d0f6fef1933cc1a56b790a6f1fea9d5477510b1343f416ed4631da9eb
SHA512

2867128a2fe4f7f1e41c01ae26a0f69c9dc20b4d13f4ab98220e6196b78a6daa52978e55f39308690765469b657860ac61cdcecda780adefb20f039421e54d90
SSDEEP

24576:/eEbIzJpcyp2+C2p5Fk6aXAoxZ17UxP7HsP6fXrmaEUltZgapvVxUaHC7ubpT4D3:b5ncO0rXtZgahbpTX/QsR0T

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.432b6632077fbd587377dae9600293c0.exe

Files

NEAS.432b6632077fbd587377dae9600293c0.exe
.exe windows:5 windows x86

6c60c3f966baa626b0b553bc1882a6ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegCloseKey
RegQueryValueExA
RegOpenKeyA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
ConvertSidToStringSidA
GetTokenInformation
OpenProcessToken
QueryServiceStatus
CloseServiceHandle
OpenServiceA
OpenSCManagerA
AdjustTokenPrivileges
LookupPrivilegeValueA
FreeSid
SetNamedSecurityInfoA
SetFileSecurityA
AddAccessAllowedAce
InitializeAcl
GetLengthSid
IsValidSid
AllocateAndInitializeSid
RegUnLoadKeyA
RegLoadKeyA
StartServiceA
RegSetKeySecurity
RegGetKeySecurity
GetFileSecurityA
SetEntriesInAclA
GetNamedSecurityInfoA
OpenThreadToken
GetUserNameA
DuplicateToken
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityInfo
LogonUserW
CheckTokenMembership
CreateProcessWithLogonW

netapi32

NetApiBufferFree
NetWkstaGetInfo

rpcrt4

RpcStringFreeA
UuidToStringA

crypt32

CertAddEncodedCertificateToStore
CryptStringToBinaryA
CertOpenStore
CertCloseStore

gdi32

DeleteDC
Rectangle
GetStockObject
CreateSolidBrush
DeleteObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetBkMode
CreatePen
RoundRect
GetObjectA
CreateFontA
CreateFontIndirectA
Pie
Ellipse
LineTo
MoveToEx
GetTextExtentPoint32A
SetTextColor
TextOutA
SetBkColor

ole32

CoCreateGuid
CoUninitialize
CoCreateInstance
CoInitialize

wininet

DeleteUrlCacheEntry
InternetCrackUrlA
FindNextUrlCacheEntryA
FindFirstUrlCacheEntryA
HttpAddRequestHeadersA
InternetCloseHandle
InternetReadFile
HttpQueryInfoA
HttpSendRequestA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
InternetSetOptionA
InternetOpenA

kernel32

MapViewOfFile
UnmapViewOfFile
SetEnvironmentVariableA
SetStdHandle
CloseHandle
SetEvent
OpenEventA
CreateMutexA
WaitForSingleObject
CreateEventA
Sleep
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
WaitForMultipleObjects
LocalFree
GetCurrentProcess
OpenMutexA
LoadLibraryExA
SetCurrentDirectoryA
GetCurrentDirectoryA
LockResource
SizeofResource
LoadResource
FindResourceA
FindClose
FindNextFileA
FindFirstFileA
SetFileAttributesA
OpenProcess
GetVersionExA
GetLastError
MoveFileExA
HeapFree
LocalAlloc
HeapAlloc
GetProcessHeap
CreateFileA
ExpandEnvironmentStringsA
GetModuleHandleA
GetSystemTimeAsFileTime
SetThreadPriority
ExitProcess
GetEnvironmentVariableA
GetCurrentThread
GetVersion
GetDiskFreeSpaceExA
GetComputerNameA
GlobalMemoryStatus
VerifyVersionInfoA
VerSetConditionMask
GetTempPathA
ReadFile
WriteFile
SetFilePointer
GetModuleFileNameA
VirtualQuery
FormatMessageA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
GetFileTime
DeviceIoControl
GetWindowsDirectoryA
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetExitCodeProcess
CreateProcessA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
AreFileApisANSI
SetEndOfFile
FlushFileBuffers
GetFileSize
UnlockFile
LockFile
GetFileAttributesA
DeleteFileA
GetFileAttributesW
DeleteFileW
LoadLibraryW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTime
LockFileEx
GetTempPathW
GetFullPathNameA
GetFullPathNameW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
CreateFileW
TlsAlloc
TlsFree
TlsGetValue
ResetEvent
TlsSetValue
ResumeThread
SystemTimeToFileTime
SetWaitableTimer
CreateWaitableTimerA
DisconnectNamedPipe
GetOverlappedResult
ConnectNamedPipe
CreateNamedPipeA
TerminateThread
WaitNamedPipeA
RemoveDirectoryW
FindFirstFileW
FindNextFileW
CopyFileW
GetFileAttributesExW
CreateDirectoryW
SetLastError
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
LCMapStringW
InterlockedCompareExchange
InterlockedExchange
GetLocaleInfoA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
GetDriveTypeA
HeapReAlloc
ExitThread
CreateThread
GetCPInfo
CompareStringA
CompareStringW
GetStringTypeW
GetStdHandle
GetModuleHandleW
HeapSize
HeapCreate
VirtualFree
VirtualAlloc
SetHandleCount
GetFileType
GetConsoleCP
GetConsoleMode
GetTimeZoneInformation
GetACP
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
EnumSystemLocalesA
IsValidLocale
GetLocaleInfoW
InitializeCriticalSectionAndSpinCount
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileMappingA

user32

RegisterClassA
LoadCursorA
EnableWindow
DrawTextA
ReleaseDC
GetDlgCtrlID
FillRect
LoadBitmapA
BringWindowToTop
GetSystemMetrics
PostQuitMessage
DestroyWindow
EnableMenuItem
GetSystemMenu
LoadIconA
UnregisterClassA
LoadImageA
DefWindowProcA
GetSysColor
SetScrollPos
GetScrollPos
SetWindowPos
SetWindowLongA
SetScrollRange
GetWindowTextA
SetFocus
GetFocus
CloseWindow
FlashWindow
LoadStringA
PostMessageA
BeginPaint
GetWindowRect
GetParent
GetDC
EndPaint
GetWindowLongA
GetClientRect
SetClassLongA
CreateWindowExA
InvalidateRect
ShowWindow
SendMessageA
GetMessageA
TranslateMessage
DispatchMessageA
ExitWindowsEx
FindWindowA
MessageBoxA
SetWindowTextA

shell32

SHGetFolderPathA
ShellExecuteA
ShellExecuteExA
SHGetSpecialFolderPathA

shlwapi

PathAppendA

comctl32

_TrackMouseEvent

msimg32

AlphaBlend
TransparentBlt
GradientFill

userenv

CreateEnvironmentBlock
GetUserProfileDirectoryW
DestroyEnvironmentBlock

psapi

EnumProcesses

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wsock32

ioctlsocket
inet_addr

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 652KB - Virtual size: 651KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6c60c3f966baa626b0b553bc1882a6ae

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

netapi32

rpcrt4

crypt32

gdi32

ole32

wininet

kernel32

user32

shell32

shlwapi

comctl32

msimg32

userenv

psapi

version

wsock32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.rdata Size: 252KB - Virtual size: 252KB

.data Size: 40KB - Virtual size: 64KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 652KB - Virtual size: 651KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 252KB - Virtual size: 252KB

.data
Size: 40KB - Virtual size: 64KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 652KB - Virtual size: 651KB