NEAS[.]21e0856933df963af076d9758d4359d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.21e0856933df963af076d9758d4359d0.exe
Size

248KB
MD5

21e0856933df963af076d9758d4359d0
SHA1

cb4d0eb55acc894907edfa36010d1e245e2fda96
SHA256

4938fdf2d560e938b6d42aaf7ee6449f0d91c492fa934312a575a1e1ffa56bb2
SHA512

7e46d0bd52992e03a8c1ac49f718970ca328aa3e087849224f684dc36540653791b6f74b485a617eaf005dac7d8b52259689b4dd9d66e1bee38168e91ffd673c
SSDEEP

6144:5qIcA5sdd0mTaOotDrXjam74sJfECFZvj9fTRbVo0Qub4lxbKIjOJ:AjCEd0m+FXjHUjCnvxLzQus/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.21e0856933df963af076d9758d4359d0.exe

Files

NEAS.21e0856933df963af076d9758d4359d0.exe
.exe windows:4 windows x86

9e1f65d7dc8875471b5a15990ee9523c

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreW
GetProcessTimes
FindFirstFileA
OpenMutexW
CreateIoCompletionPort
ExpandEnvironmentStringsA
QueueUserWorkItem
GetSystemWindowsDirectoryW
MultiByteToWideChar
OutputDebugStringA
GetPrivateProfileStringW
GetComputerNameW
CreateFileW
TlsSetValue
LoadLibraryA
MoveFileW
GetFileType
GlobalMemoryStatus
GetSystemDirectoryW
SearchPathA
FreeEnvironmentStringsA
WritePrivateProfileSectionA
CreateToolhelp32Snapshot
FreeResource
InterlockedIncrement
GetSystemDirectoryA
Beep
LockResource
FileTimeToDosDateTime
IsDBCSLeadByteEx
GlobalFlags
IsDBCSLeadByte
ConvertDefaultLocale
InterlockedCompareExchange
lstrcpynA
GetDiskFreeSpaceW
FindNextChangeNotification
GetPrivateProfileIntW
lstrcatW
VerifyVersionInfoW
RaiseException
GlobalUnlock
VerSetConditionMask
Sleep
ReadFile
lstrcpyA
GetDriveTypeA
LocalFree
OpenEventW
GetLocaleInfoW
MoveFileA
SetCurrentDirectoryW
FindCloseChangeNotification
GetCurrentDirectoryA
TlsGetValue
OpenMutexA
LoadResource
FindClose
GetCurrentProcess
GetDiskFreeSpaceA
lstrcmpA
_lread
CreateMutexA
QueryDosDeviceA
EnumResourceNamesW
WritePrivateProfileStringW
GetSystemDefaultLangID
GetStartupInfoW
LCMapStringW
SetFileTime
GetThreadLocale
SwitchToThread
GlobalDeleteAtom
CreateSemaphoreA
QueryPerformanceFrequency
GetVersionExA
GetLogicalDrives
GetTempPathW
CreateDirectoryW
HeapReAlloc
SetConsoleCtrlHandler
TlsFree
GetCurrentDirectoryW
MoveFileExA
SuspendThread
SetStdHandle
lstrcmpiA
ReleaseMutex
GetModuleHandleA
DeleteFileW
IsBadWritePtr
_lopen
GlobalAddAtomA
UnlockFile
SetWaitableTimer
GetUserDefaultUILanguage
LCMapStringA
GetFileAttributesW
WinExec
CreateNamedPipeA
LeaveCriticalSection
VirtualAlloc
GetTimeZoneInformation
WritePrivateProfileStringA
lstrlenA
SizeofResource
GetStartupInfoA

oleaut32

SysFreeString

shell32

CommandLineToArgvW
Shell_NotifyIconW

advapi32

CryptGetHashParam
RegCreateKeyExW
CryptDestroyHash
OpenProcessToken
GetSecurityDescriptorGroup
FreeSid
RegOpenKeyExW
IsValidSid
CopySid
RegSetKeySecurity
LookupPrivilegeValueA
SetEntriesInAclW
ChangeServiceConfig2W
QueryServiceConfigW
SetServiceStatus
GetSidSubAuthorityCount

winspool.drv

GetPrinterDataA
DeletePrinterDriverA
EnumPortsA

version

VerQueryValueA

user32

LoadIconW
GetActiveWindow
GetDlgItemTextA
GetSystemMenu
GetClipboardData
AttachThreadInput
IsWindowVisible
SetTimer
ShowCursor
LockWindowUpdate
DefWindowProcA
DrawTextW
GetClassInfoExA
InsertMenuItemA
IsCharAlphaNumericA
EnableMenuItem
GetSubMenu
EnableScrollBar
SetWindowPlacement
GetMenuState
PtInRect
FindWindowExA
GetDlgItemInt
DrawTextExA
IsCharAlphaNumericW

ole32

CoTaskMemAlloc
CoFreeUnusedLibraries
OleFlushClipboard
OleCreateFromFile
OleUninitialize
ReadFmtUserTypeStg
ReadClassStg
OleRegGetUserType
CoRegisterMessageFilter
CoInitialize

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_XcptFilter
wcsstr
_wcslwr
_beginthreadex
wcsrchr
atoi
strncmp
swscanf
realloc
free
tolower
_purecall
_ismbblead
_wtol
isspace
_vsnwprintf
wcstod
toupper
rand
_controlfp
_wcsupr
ctime
time
swprintf
_wtoi
wcscmp
_msize
_expand
wcsspn
ceil
wcslen
_wcsicmp
longjmp
fclose
wcschr
towlower
_fpreset
_strlwr
_exit
strrchr
memmove
setlocale
strncpy
towupper
_errno
_splitpath
wcspbrk
_mbsrchr
_ltow
_wtoi64
iswdigit
fread
exit

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

asycmqw
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

yugqwyw
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

wikymis
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9e1f65d7dc8875471b5a15990ee9523c

Headers

File Characteristics

Imports

kernel32

oleaut32

shell32

advapi32

winspool.drv

version

user32

ole32

msvcrt

Sections

.text Size: 192KB - Virtual size: 191KB

asycmqw Size: 26KB - Virtual size: 26KB

yugqwyw Size: 4KB - Virtual size: 4KB

wikymis Size: 24KB - Virtual size: 23KB

.text
Size: 192KB - Virtual size: 191KB

asycmqw
Size: 26KB - Virtual size: 26KB

yugqwyw
Size: 4KB - Virtual size: 4KB

wikymis
Size: 24KB - Virtual size: 23KB