NEAS[.]5c6ec35e2f02789661dcca43dc030da0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5c6ec35e2f02789661dcca43dc030da0.exe
Size

1.4MB
MD5

5c6ec35e2f02789661dcca43dc030da0
SHA1

acd6e602e1184acdccdc4c4df1d1db1e20b23d26
SHA256

5307f7584393b9bdd8f7e9e584280b02e6b2696532621c13d2ff79d424e15a40
SHA512

27a072519f508d84b307e5433b75cdeb5df180ea65d06bd349562282363a04dcc7e9150c6412652dedf2d57aba9098149787f51e7b1aa70ebd1bcb651adb5fa6
SSDEEP

24576:kjQrcifkLlWF8iE8fIBTAkiXTGtFkpCcBupFACu3R3taqRLJoJCjkliTwQ9Ctw7U:kkI55W8rTJo1CwuFu3jaqxvwYTV9Ctsk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5c6ec35e2f02789661dcca43dc030da0.exe

Files

NEAS.5c6ec35e2f02789661dcca43dc030da0.exe
.exe windows:6 windows x86

4bca79e7b06a9250572c2e91f83fd30d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
HeapDestroy
DeleteCriticalSection
GetProcessHeap
WideCharToMultiByte
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
MultiByteToWideChar
FindFirstFileW
FindNextFileW
HeapReAlloc
FindClose
CreateFileW
GetVersionExW
GetFileAttributesExW
DeleteFileW
LoadLibraryW
GetProcAddress
FreeLibrary
CloseHandle
K32GetModuleBaseNameW
GetLastError
Sleep
HeapSize
OpenProcess
WaitForSingleObject
InitializeCriticalSectionEx
CreateMutexW
GetCommandLineW
GetDiskFreeSpaceW
HeapFree
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
FlushFileBuffers
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
SystemTimeToFileTime
GetCurrentProcessId
GetFileSize
LockFileEx
LocalFree
UnlockFile
HeapCompact
GetSystemInfo
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapValidate
UnmapViewOfFile
GetFileAttributesW
GetTempPathW
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
WriteFile
GetFullPathNameW
HeapCreate
ReadFile
AreFileApisANSI
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetCurrentThreadId
GetModuleHandleW
IsDebuggerPresent
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
CreateEventW
UnhandledExceptionFilter
GetCurrentProcess

shell32

CommandLineToArgvW
SHCreateDirectoryExW
SHGetKnownFolderPath

shlwapi

PathAppendW
PathIsDirectoryW
PathFileExistsW

wininet

InternetCloseHandle
HttpOpenRequestW
InternetOpenW
HttpQueryInfoW
HttpSendRequestW
InternetConnectW

msvcp140

?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
_Xtime_get_ticks
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
_Mtx_unlock
_Mtx_init_in_situ
_Mtx_lock
_Mtx_destroy_in_situ
?_Throw_C_error@std@@YAXH@Z
?_Xbad_alloc@std@@YAXXZ
_Thrd_join
_Thrd_id
_Cnd_do_broadcast_at_thread_exit
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xinvalid_argument@std@@YAXPBD@Z
?_Throw_Cpp_error@std@@YAXH@Z

vcruntime140

__std_exception_destroy
strrchr
memmove
memset
_CxxThrowException
memchr
__current_exception
__std_exception_copy
__current_exception_context
_except_handler4_common
__std_terminate
__CxxFrameHandler3
memcpy

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_register_onexit_function
_crt_atexit
_seh_filter_exe
_controlfp_s
_set_app_type
_configure_wide_argv
_initialize_wide_environment
_get_wide_winmain_command_line
_beginthreadex
_initterm
terminate
_cexit
_errno
_initterm_e
_invalid_parameter_noinfo_noreturn
_register_thread_local_exe_atexit_callback
_c_exit
_endthreadex
_invalid_parameter_noinfo
exit
_exit

api-ms-win-crt-convert-l1-1-0

atoi
strtoul

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_msize
calloc
_callnewh
realloc
malloc
_recalloc

api-ms-win-crt-string-l1-1-0

wcsnlen
strcspn
strncmp
wmemcpy_s

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__stdio_common_vsprintf_s
__p__commode
__stdio_common_vswprintf_s
__stdio_common_vswprintf

api-ms-win-crt-time-l1-1-0

strftime
_localtime64_s
_gmtime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

ole32

CoTaskMemFree

Sections

.text
Size: 790KB - Virtual size: 790KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 588KB - Virtual size: 592KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

4bca79e7b06a9250572c2e91f83fd30d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

shlwapi

wininet

msvcp140

vcruntime140

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

ole32

Sections

.text Size: 790KB - Virtual size: 790KB

.rdata Size: 75KB - Virtual size: 74KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 588KB - Virtual size: 592KB

.text
Size: 790KB - Virtual size: 790KB

.rdata
Size: 75KB - Virtual size: 74KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 588KB - Virtual size: 592KB