NEAS[.]cc8a7bebd73198f365eebe53939312d0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.cc8a7bebd73198f365eebe53939312d0.exe
Size

2.0MB
MD5

cc8a7bebd73198f365eebe53939312d0
SHA1

2319b24e4e250cd9e440f1272086fae220506ad0
SHA256

63d23112834e660cbc46fcba3a2431ecd17e67ce7e0a3d925b209d1ac93d5e8d
SHA512

64b03b2f298e1202bd076381d5a6c9bbced83242becf4c5245f923c661d138b2f9deecfc014af6ab552850d217b70a1d5dd01d7b79e55d14fc9b364a9b1b653c
SSDEEP

49152:0MgVRWpdnrUuxD0O8t8HNUPCAaq8Wdo0:0XRWXrUue8t4C7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cc8a7bebd73198f365eebe53939312d0.exe

Files

NEAS.cc8a7bebd73198f365eebe53939312d0.exe
.exe windows:6 windows x64

01bda22b7dd1769dd89afc002360542d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
EventWrite
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegCloseKey
CreateServiceW
RegOpenKeyExW
ChangeServiceConfig2W
QueryServiceStatusEx
ControlService
DeleteService
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
CopySid
GetLengthSid
IsValidSid
EqualSid
InitializeAcl
AddAce
GetAclInformation
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
GetSecurityDescriptorOwner
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
GetSecurityDescriptorControl
MakeAbsoluteSD
InitializeSecurityDescriptor
GetNamedSecurityInfoW
RegQueryValueExW
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
ConvertStringSidToSidW
RegCreateKeyExW
RegSetKeySecurity
RegEnumKeyExW
RegGetValueW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
AllocateAndInitializeSid
SetEntriesInAclW
SetNamedSecurityInfoW
FreeSid
ConvertSidToStringSidW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LsaOpenPolicy
LsaLookupNames2
LsaFreeMemory
LsaClose
ImpersonateLoggedOnUser
GetTokenInformation
OpenProcessToken
TraceEvent
LookupAccountSidW
ChangeServiceConfigW
StartServiceW
GetAce
SetSecurityDescriptorControl
GetSecurityInfo
SetSecurityInfo
RevertToSelf

kernel32

IsDebuggerPresent
SetProcessWorkingSetSize
ResetEvent
IsWow64Process
lstrcmpW
GetModuleFileNameW
DeleteTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue
ChangeTimerQueueTimer
CreateTimerQueueTimer
CompareStringOrdinal
CreateFileW
WriteFile
CompareStringA
GetLongPathNameW
GetFullPathNameW
MultiByteToWideChar
MulDiv
GetFileAttributesW
LeaveCriticalSection
QueueUserWorkItem
RegisterWaitForSingleObject
UnregisterWaitEx
DeleteFileW
FindFirstFileW
FindNextFileW
CopyFileW
FormatMessageW
lstrcmpiW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
GetComputerNameW
GetDynamicTimeZoneInformation
lstrlenA
WideCharToMultiByte
LocalAlloc
HeapFree
GetProcessHeap
GetVersionExW
GetProductInfo
GetTempPathW
FreeLibrary
GetProcAddress
LoadLibraryExA
DelayLoadFailureHook
EnterCriticalSection
GetCurrentProcess
LocalFree
PowerClearRequest
PowerSetRequest
GetTickCount64
WaitForSingleObject
CreateEventW
GetTickCount
Sleep
PowerCreateRequest
SetLastError
GetLastError
SetEvent
OpenEventW
CompareStringW
FindResourceExW
FindResourceW
ExitProcess
GetCommandLineW
GetStartupInfoW
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
FreeEnvironmentStringsW
DeviceIoControl
GetDiskFreeSpaceA
GetLocalTime
GetEnvironmentStrings
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatus
GetModuleHandleA
LoadLibraryA
ReleaseMutex
OpenMutexW
CreateMutexW
DuplicateHandle
FreeLibraryAndExitThread
SetFileAttributesW
OpenFileMappingW
GetThreadPriority
GlobalFree
VirtualAlloc
GetFileSizeEx
SetThreadPriority
ReadFile
VirtualFree
GetCurrentThread
CreateDirectoryW
SetFilePointerEx
LoadLibraryExW
FreeResource
GetFileSize
GetTempFileNameW
FileTimeToDosDateTime
ExpandEnvironmentStringsW
HeapAlloc
HeapReAlloc
HeapSize
GetVersionExA
QueryPerformanceCounter
GetCurrentThreadId
LoadResource
LockResource
SizeofResource
lstrlenW
HeapSetInformation
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
RaiseException
RemoveDirectoryW
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
GetFileAttributesExW
FindClose
CompareFileTime
GetSystemTime
CreateFileMappingW
InitializeCriticalSectionAndSpinCount
SystemTimeToFileTime
UnmapViewOfFile
MapViewOfFile
GetModuleHandleW
LoadLibraryW
RegEnumValueW
RegQueryInfoKeyW
RegGetKeySecurity
OutputDebugStringA
SetUnhandledExceptionFilter
HeapDestroy

msvcrt

_cexit
ceilf
memcpy
sqrt
pow
_initterm
__set_app_type
__CxxFrameHandler3
floor
ceil
__C_specific_handler
??1type_info@@UEAA@XZ
realloc
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_callnewh
_CxxThrowException
??0exception@@QEAA@AEBV0@@Z
??1exception@@UEAA@XZ
?what@exception@@UEBAPEBDXZ
??0exception@@QEAA@AEBQEBDH@Z
memcmp
memset
_time64
strncpy_s
wcschr
_strlwr_s
strncmp
_ultoa_s
strcpy_s
_wtol
_wcsicmp
swscanf
wcstol
_wcsnicmp
wcsncmp
_wcslwr_s
iswdigit
towupper
_wcstoui64
wcstoul
_errno
_purecall
qsort_s
calloc
bsearch
malloc
wcscpy_s
free
_wputenv
memmove_s
memcpy_s
strchr
_vsnwprintf
memmove
wcsstr
_vsnprintf
wcstok_s

user32

UnregisterClassA
wvsprintfA
CharLowerBuffW
CharUpperBuffW
CharUpperW
MsgWaitForMultipleObjectsEx
DispatchMessageW
PeekMessageW
CharNextA
TranslateMessage
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
wvsprintfW
MsgWaitForMultipleObjects

oleaut32

VarBstrCmp
VariantChangeTypeEx
SafeArrayGetElement
SafeArrayUnlock
SafeArrayPtrOfIndex
SafeArrayLock
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
SetErrorInfo
CreateErrorInfo
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
SysAllocStringLen
LoadRegTypeLi
SysStringLen
UnRegisterTypeLi
RegisterTypeLi
LoadTypeLi
VariantClear
VariantInit
SysAllocString
SysFreeString

ole32

StringFromGUID2
CoTaskMemAlloc
PropVariantCopy
IIDFromString
CoUnmarshalInterface
CoReleaseMarshalData
CoMarshalInterface
CreateStreamOnHGlobal
PropVariantClear
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoCreateGuid
CoCreateInstance

wsock32

ntohs
WSAGetLastError
htons

iphlpapi

GetAdaptersAddresses
GetIpForwardTable
GetBestInterfaceEx
ResolveIpNetEntry2
SendARP
GetIpNetEntry2
CancelIPChangeNotify
NotifyAddrChange
GetIpAddrTable

shlwapi

PathFileExistsW
StrCmpNW
PathFindFileNameW
ord437
HashData
StrStrIW

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlFreeUnicodeString
NtAllocateLocallyUniqueId
RtlInitString
RtlAllocateHeap
RtlFreeHeap
NtQuerySystemTime
RtlInitUnicodeString
RtlNtStatusToDosError
RtlIpv4StringToAddressExW
RtlLookupFunctionEntry

userenv

UnregisterGPNotification
RegisterGPNotification

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSEnumerateSessionsW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 580KB - Virtual size: 584KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

01bda22b7dd1769dd89afc002360542d

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

iphlpapi

shlwapi

ntdll

userenv

wtsapi32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 13KB - Virtual size: 31KB

.pdata Size: 43KB - Virtual size: 43KB

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 580KB - Virtual size: 584KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 13KB - Virtual size: 31KB

.pdata
Size: 43KB - Virtual size: 43KB

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 580KB - Virtual size: 584KB