NEAS[.]6533ccae0d7c00257f417a2d23106840[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6533ccae0d7c00257f417a2d23106840.exe
Size

4.2MB
MD5

6533ccae0d7c00257f417a2d23106840
SHA1

c41a61e190ce297a098a82427d28f5deadf858df
SHA256

0782efb42433a510d3ca8eff95f0541997e95c8cdf51469a2244dcfa8ac66c34
SHA512

85a856eb134c8d12d07dffff319be4101dc30cc81774a04afe33d7a8726fd388636111c9b9cfdc82c48b5fec31d07f8ed2dd057085d6f109ec7a3d8c5a6d71e0
SSDEEP

49152:7wy77yMlZO37Ae2UpYARqwAZxwOpFDjG46VsobPhIDF8:TKQOYUVEwOpFPG45DG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6533ccae0d7c00257f417a2d23106840.exe

Files

NEAS.6533ccae0d7c00257f417a2d23106840.exe
.exe windows:6 windows x64

02d317e96caf2bb7512210ed6b718c1f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetComputerNameA
QueryFullProcessImageNameW
CopyFileW
GetModuleHandleW
SetCurrentDirectoryW
LoadLibraryW
GetTimeZoneInformation
GetUserDefaultUILanguage
GetCurrentProcess
CreateDirectoryW
GetProcAddress
LoadLibraryA
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
WideCharToMultiByte
SystemTimeToFileTime
GetProcessHeap
GetCurrentProcessId
DeleteCriticalSection
GetFileSize
LockFileEx
LocalFree
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
GetSystemInfo
CloseHandle
HeapReAlloc
DeleteFileW
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetLastError
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
Sleep
MultiByteToWideChar
HeapSize
HeapValidate
UnmapViewOfFile
GetVersionExW
GetCurrentThreadId
GetFileAttributesW
CreateFileW
WaitForSingleObject
CreateMutexW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
WriteFile
GetFullPathNameW
WriteConsoleW
EnterCriticalSection
HeapFree
HeapCreate
TryEnterCriticalSection
ReadFile
AreFileApisANSI
GetCurrentDirectoryW
ReadConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
SetConsoleCtrlHandler
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetCurrentThread
SetFilePointerEx
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SetStdHandle
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GetFileSizeEx
VerifyVersionInfoW
VerSetConditionMask
SleepEx
WaitForMultipleObjects
PeekNamedPipe
GetFileType
GetStdHandle
GetEnvironmentVariableA
MoveFileExA
SetLastError
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
TerminateProcess
InitializeSListHead
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
GetCPInfo
CompareStringEx
GetStringTypeW
LCMapStringEx
GetLocaleInfoEx
DecodePointer
EncodePointer
InitializeCriticalSectionEx
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
RaiseException
RtlUnwind

gdi32

BitBlt
LPtoDP
SetViewportOrgEx
SetLayout
SaveDC
GetTextColor
GetTextFaceW
CreateRectRgnIndirect
CombineRgn
SetRectRgn
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
CreateFontIndirectW
GetPixel
CreateFontIndirectA
CreateDCA
CreateBitmap
CreatePatternBrush
CreateHatchBrush
GetBkColor
GetObjectW
GetDIBColorTable
CreatePalette
GetTextExtentPointA
TextOutA
OffsetViewportOrgEx
GetObjectA
SetStretchBltMode
SetBrushOrgEx
StretchDIBits
GetDIBits
StretchBlt
SetBitmapDimensionEx
GetBitmapDimensionEx
SelectClipRgn
PtVisible
RectVisible
Escape
IntersectClipRect
Polygon
GetTextAlign
GetBkMode
CreateRectRgn
OffsetRgn
PatBlt
GetViewportOrgEx
EnumFontFamiliesExW
EnumFontFamiliesExA
GetCurrentObject
GetClipRgn
ExtCreatePen
GetObjectType
CreateDIBSection
GetTextExtentPointW
GetTextExtentExPointW
FillRgn
GdiFlush
SetMapMode
DPtoLP
CreateBrushIndirect
UnrealizeObject
GetTextExtentPoint32A
GetRgnBox
GetTextMetricsW
SetMetaFileBitsEx
GetViewportExtEx
GetWindowExtEx
GetPaletteEntries
EndPage
EndDoc
StartDocA
StartPage
SetAbortProc
StartDocW
CreateDCW
CreateICW
DeleteEnhMetaFile
PlayEnhMetaFile
CreateEnhMetaFileA
GetDeviceCaps
RestoreDC
CreateSolidBrush
SelectObject
GetStockObject
MoveToEx
LineTo
SetDCPenColor
SetBkColor
ExtTextOutA
SelectPalette
RealizePalette
SetWindowOrgEx
SetBkMode
SetTextAlign
ExcludeClipRect
GetTextExtentPoint32W
GetTextMetricsA
CreatePen
SetTextColor
Polyline
ExtTextOutW
Rectangle
DeleteObject
GetLayout
GetCharWidthA
GetTextFaceA
GetNearestColor
GetStretchBltMode
GetPolyFillMode
GetROP2
GetMapMode
PlayMetaFile
PlayMetaFileRecord
GetCurrentPositionEx
GetClipBox
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
SetROP2
SetPolyFillMode
TextOutW
CreateDIBitmap
FrameRgn
CreateRoundRectRgn
CopyMetaFileA
GetWindowOrgEx
EnumMetaFile
GetBitmapBits
SetDIBits
CloseMetaFile
CreateMetaFileA
DeleteMetaFile
GetMetaFileBitsEx
CloseEnhMetaFile

winspool.drv

EnumPrintersA
EnumPrintersW
GetPrinterA
GetPrinterW
OpenPrinterW
DocumentPropertiesW
DeviceCapabilitiesW

shell32

DragQueryFileW
DragQueryPoint
DuplicateIcon
SHQueryUserNotificationState
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetSettings
SHGetPathFromIDListW
SHGetPathFromIDListEx
SHGetMalloc
SHGetFolderPathW
SHGetFolderPathA
SHGetFileInfoA
DragQueryFileA
DragFinish
SHGetKnownFolderPath
SHGetDesktopFolder
Shell_NotifyIconW
SHCreateShellItem
SHCreateDirectoryExA
SHBrowseForFolderW
FindExecutableW
ExtractIconExA
FindExecutableA
ExtractIconA
ExtractIconW

ws2_32

WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
send
getsockopt
WSACleanup
setsockopt
WSAIoctl
socket
__WSAFDIsSet
select
accept
WSAEventSelect
connect
getsockname
htonl
listen
recv
getaddrinfo
freeaddrinfo
recvfrom
sendto
getpeername
ioctlsocket
gethostname
WSAResetEvent
WSASetEvent
WSAWaitForMultipleEvents
closesocket
WSAGetLastError
ntohs
WSASetLastError
bind
WSAStartup
htons

msimg32

AlphaBlend
TransparentBlt
GradientFill

propsys

PSCoerceToCanonicalValue
InitPropVariantFromFileTime
InitPropVariantFromBuffer
PropVariantToBSTR
PSCreateMemoryPropertyStore
InitPropVariantFromCLSID

shlwapi

SHCreateStreamOnFileEx
StrChrW
StrStrIA
StrStrW
StrToIntW
UrlUnescapeW
wnsprintfW
PathCreateFromUrlW
AssocQueryStringW
PathCompactPathExW
PathFileExistsW
PathFindExtensionW
PathFindFileNameW
PathIsDirectoryW
PathIsRelativeW
PathRemoveBackslashW
PathIsUNCW
PathMakePrettyW
SHDeleteKeyW

xmllite

CreateXmlReader
CreateXmlWriter
CreateXmlWriterOutputWithEncodingCodePage

bcrypt

BCryptGenRandom

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 342KB - Virtual size: 342KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 596KB - Virtual size: 607KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

02d317e96caf2bb7512210ed6b718c1f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

winspool.drv

shell32

ws2_32

msimg32

propsys

shlwapi

xmllite

bcrypt

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 342KB - Virtual size: 342KB

.data Size: 596KB - Virtual size: 607KB

.pdata Size: 114KB - Virtual size: 113KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 102KB - Virtual size: 102KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 342KB - Virtual size: 342KB

.data
Size: 596KB - Virtual size: 607KB

.pdata
Size: 114KB - Virtual size: 113KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 102KB - Virtual size: 102KB

.reloc
Size: 8KB - Virtual size: 7KB