NEAS[.]3e7e509f595f7129e29140e4996a18a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3e7e509f595f7129e29140e4996a18a0.exe
Size

353KB
MD5

3e7e509f595f7129e29140e4996a18a0
SHA1

96b4cea9a75836276020793d8a9f1b398f21360a
SHA256

936a11554aff7d84c6b444ceb1205f9cbd0886ce7d7cd2b577039aa490dcf1ce
SHA512

8da8a88cc83533a499bf9319a797bde4289c567203e79ad9ca53cf730844fcfb4bbebed067e9b3c1786bf82bff5cf2a3d3ad44c94aa2adc35fe0972bc2a5ec1e
SSDEEP

6144:AVSOjPxezvOoU+D86z+/eDaW4Xyyz98L4exmO0sD3e8DAOMhw5uZljhvbHlK:AMwPxezv9U71/Eaie98PMO+8DAxhw8Zc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3e7e509f595f7129e29140e4996a18a0.exe

Files

NEAS.3e7e509f595f7129e29140e4996a18a0.exe
.exe windows:5 windows x86

851e0f96d5d61014feba11b7ba7da3e7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

cfgmgr32

CM_Open_DevNode_Key_Ex
CM_Get_HW_Prof_Flags_ExA
CM_Get_Device_Interface_List_ExW
CM_Delete_DevNode_Key
CM_First_Range
CM_Free_Res_Des
CM_Enumerate_EnumeratorsW
CM_Remove_SubTree_Ex
CM_Unregister_Device_InterfaceW
CM_Get_Class_Registry_PropertyW
CM_Get_Device_Interface_Alias_ExW
CM_Set_DevNode_Registry_Property_ExA
CM_Get_Device_Interface_List_ExA
CM_Query_Remove_SubTree
CM_Run_Detection_Ex
CM_Move_DevNode
CM_Get_DevNode_Status
CM_Unregister_Device_Interface_ExW
CM_Open_DevNode_Key
CM_Query_Arbitrator_Free_Data
CM_Free_Log_Conf_Ex
CM_Invert_Range_List
CM_Reenumerate_DevNode_Ex
CM_Register_Device_Interface_ExA
CM_Get_Class_Name_ExW
CM_Setup_DevNode_Ex
CM_Register_Device_InterfaceA
CM_Get_Res_Des_Data_Ex

msvcrt

__lc_codepage
_strnicmp
strncmp
_wcsset
fflush
_eof
putchar
_y1
_set_error_mode
wcsspn
_exit
?set_new_handler@@YAP6AXXZP6AXXZ@Z
floor
_inp
memcpy
srand
_wtoi
_ecvt
__argv
localtime
_wcslwr
__fpecode
_spawnvp
__p__winmajor
_wcsnicmp
__crtCompareStringW
_getmbcp
_CIsin
_wexecvpe

ntdll

RtlAddAccessDeniedAceEx
ZwFlushVirtualMemory
RtlUshortByteSwap
NtTranslateFilePath
ZwMakePermanentObject
PfxRemovePrefix
ZwWaitHighEventPair
_allrem
NtCreateSection
DbgPrompt
RtlGUIDFromString
RtlCreateEnvironment
NtReplaceKey
DbgPrintEx
RtlIntegerToUnicodeString
RtlQueryTagHeap
RtlEraseUnicodeString
RtlAddAce
NtOpenMutant
LdrQueryProcessModuleInformation
NtCreateToken
ZwCreateDebugObject
NtDeleteFile
ZwSetTimer
ZwMapUserPhysicalPages
RtlReleaseActivationContext
_wtoi
NtReadVirtualMemory
RtlDeleteSecurityObject
RtlConvertLongToLargeInteger
RtlInitializeSListHead
LdrLoadAlternateResourceModule
RtlRemoteCall
NtQueryIoCompletion
RtlCreateUnicodeStringFromAsciiz
_wcsnicmp
wcsncpy
NtOpenProcess
NtSetContextThread
RtlFlushSecureMemoryCache
ZwQueryTimer
RtlCompareMemoryUlong
RtlOemToUnicodeN
NtUnloadDriver
__isascii
RtlComputeImportTableHash
RtlInitNlsTables
_CIpow
RtlCompressBuffer
RtlDestroyAtomTable
RtlGetGroupSecurityDescriptor
wcsspn
ZwSetQuotaInformationFile

msvcrt20

??5istream@@QAEAAV0@AAD@Z
gmtime
iswupper
??6ostream@@QAEAAV0@H@Z
_mbspbrk
putwc
_tcsncset
_searchenv
_execlpe
?width@ios@@QBEHXZ
??1ostream_withassign@@UAE@XZ
??1iostream@@UAE@XZ
asin
?bitalloc@ios@@SAJXZ
?eof@ios@@QBEHXZ
_fcvt
??_Dfstream@@QAEXXZ
_beginthreadex
_CIatan
_fstat
_strnset
__p__daylight
__argc
??5istream@@QAEAAV0@AAM@Z
_mbscpy
_wenviron
_CIasin
_tcsrev
?unexpected@@YAXXZ

kernel32

GetStartupInfoA
UnhandledExceptionFilter
FindFirstFileW
LoadLibraryA
QueryInformationJobObject
GetOverlappedResult
DebugBreakProcess
FindNextVolumeW
GetSystemDirectoryW
GetConsoleAliasExesLengthW
SetVDMCurrentDirectories
GetEnvironmentVariableA
HeapFree
VirtualAlloc
SuspendThread
CreateNamedPipeA
GetWindowsDirectoryA
GlobalSize
GetModuleHandleExW
_lcreat
CloseHandle
CreateTimerQueue

amstream

DllGetClassObject
DllUnregisterServer
DllRegisterServer
DllCanUnloadNow

msvcp60

??1overflow_error@std@@UAE@XZ
??6std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEPAGPAG0@Z
?_Init@?$ctype@D@std@@IAEXABV_Locinfo@2@@Z
??1__non_rtti_object@std@@UAE@XZ
?narrow@?$ctype@D@std@@QBEDDD@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@ABV01@@Z
?_Ifmt@?$num_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@KAPADPADDH@Z
??Dstd@@YA?AV?$complex@N@0@ABV10@ABN@Z
_Stof
?round_error@?$numeric_limits@H@std@@SAHXZ
?_Getcat@?$collate@G@std@@SAIXZ
?date_order@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QBEHXZ
?setiosflags@std@@YA?AU?$_Smanip@H@1@H@Z
?find_first_of@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIDI@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IPBG@Z
??Ystd@@YAAAV?$complex@O@0@AAV10@ABV10@@Z
??4?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?_Cltab@?$ctype@D@std@@0PBFB
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PAG0ABV12@@Z
?ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0bad_alloc@std@@QAE@ABV01@@Z
??5?$basic_istream@GU?$char_traits@G@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

user32

PostQuitMessage
DefWindowProcA
RegisterClassA

Sections

.text
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 257KB - Virtual size: 745KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

851e0f96d5d61014feba11b7ba7da3e7

Headers

DLL Characteristics

File Characteristics

Imports

cfgmgr32

msvcrt

ntdll

msvcrt20

kernel32

amstream

msvcp60

user32

Sections

.text Size: 20KB - Virtual size: 19KB

.rdata Size: 70KB - Virtual size: 69KB

.data Size: 257KB - Virtual size: 745KB

.tls Size: 512B - Virtual size: 4B

.rsrc Size: 4KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 288B

.text
Size: 20KB - Virtual size: 19KB

.rdata
Size: 70KB - Virtual size: 69KB

.data
Size: 257KB - Virtual size: 745KB

.tls
Size: 512B - Virtual size: 4B

.rsrc
Size: 4KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 288B