NEAS[.]fb8c8a67ae5c8176f2b6f9534d8429a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.fb8c8a67ae5c8176f2b6f9534d8429a0.exe
Size

608KB
MD5

fb8c8a67ae5c8176f2b6f9534d8429a0
SHA1

67154f59f11fef1c671e9aafe0ba2a42f4453b2a
SHA256

0e6ce958fd1687d1debd02e23d4ebeb77cc59dd93dfadca1386f0b956f36a02a
SHA512

80a86e4a0bd363d302bb5d3aea632aac8710d68499b94892c37e9bea19bbaf1b7da0fc9b94a64aadf0fb6be18a41956e68c420bd482e8159fa4988a5ed6c6399
SSDEEP

6144:KgWsYRiO1CKKPBy6jjiBu7D4Cmtegs6zp/2XBSz9B+E:pWz1GB3j2Bu7DmeLw/4BSXb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.fb8c8a67ae5c8176f2b6f9534d8429a0.exe

Files

NEAS.fb8c8a67ae5c8176f2b6f9534d8429a0.exe
.exe windows:10 windows x86

567debb2a156b506ed421c435f1b2e33

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegQueryValueExW
RegEnumValueW
OpenServiceW
RegDeleteValueW
ChangeServiceConfigW
QueryServiceConfigW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
ControlService
RegCreateKeyExW
RegDeleteKeyW
OpenSCManagerW
CloseServiceHandle
QueryServiceStatus
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegQueryInfoKeyW

kernel32

CloseHandle
RaiseException
HeapSetInformation
LoadResource
FindResourceW
GetSystemWindowsDirectoryW
GetTickCount
RegisterApplicationRestart
FindFirstFileExW
FindNextFileW
GetShortPathNameW
RemoveDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrcmpW
ExpandEnvironmentStringsW
GetCurrentProcess
GetUserDefaultLCID
UnhandledExceptionFilter
GetFileSize
GetLocalTime
GetWindowsDirectoryA
CreateFileA
GetTempPathA
SetFilePointer
GetProfileStringW
GetPrivateProfileStringW
WritePrivateProfileStringW
WriteProfileStringW
GetFileTime
FreeLibrary
GetProcAddress
GetWindowsDirectoryW
LoadLibraryW
FileTimeToSystemTime
GetTimeZoneInformation
GetSystemDefaultLangID
GetVersionExW
GetStartupInfoW
Sleep
GetLastError
SetFileAttributesW
LCIDToLocaleName
GetSystemDirectoryW
GetModuleFileNameW
GetFileAttributesW
CreateFileW
FindClose
CreateHardLinkW
WriteFile
SetLastError
FindFirstFileW
SizeofResource
CreateDirectoryW
DeleteFileW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess

user32

LoadStringW

msvcrt

__dllonexit
_unlock
_lock
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_acmdln
_onexit
__setusermatherr
_ismbblead
__p__fmode
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_callnewh
malloc
free
wcsrchr
_wcsnicmp
wcsstr
wcschr
_wcslwr
_wcsicmp
mbstowcs
_vsnwprintf
memcpy
_initterm
swscanf
_wtoi
_vsnprintf
_itow
_wtol
iswalpha
iswalnum
memset

ole32

PropVariantClear
CoCreateGuid
StringFromGUID2
CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysFreeString

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shell32

SHCreateItemFromParsingName
SHSetLocalizedName
SHGetSpecialFolderPathW
SHGetSpecialFolderLocation
SHGetFolderPathW
ShellExecuteW
SHGetMalloc
SHChangeNotify
SHGetPathFromIDListW

shlwapi

PathAddBackslashW
PathUnExpandEnvStringsW
PathRemoveBlanksW
PathRemoveFileSpecW
PathAppendW
PathIsDirectoryW
PathAddBackslashA

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 412KB - Virtual size: 608KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

567debb2a156b506ed421c435f1b2e33

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

user32

msvcrt

ole32

oleaut32

version

shell32

shlwapi

Sections

.text Size: 182KB - Virtual size: 182KB

.data Size: 5KB - Virtual size: 9KB

.idata Size: 4KB - Virtual size: 4KB

.rsrc Size: 3KB - Virtual size: 2KB

.reloc Size: 412KB - Virtual size: 608KB

.text
Size: 182KB - Virtual size: 182KB

.data
Size: 5KB - Virtual size: 9KB

.idata
Size: 4KB - Virtual size: 4KB

.rsrc
Size: 3KB - Virtual size: 2KB

.reloc
Size: 412KB - Virtual size: 608KB