NEAS[.]ca868ae042deae4661160bde93418100[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.ca868ae042deae4661160bde93418100.exe
Size

6.6MB
MD5

ca868ae042deae4661160bde93418100
SHA1

6851cf378902825759bc3121d0abfa7fa8d7a241
SHA256

7eefe872d8dcb57a596fdd52f280ae2e4316b0510a209875ed45295a36da6c8d
SHA512

e6517ba867fd3830c1351739338ea4ae8b58f43133330e76335d2021547c6d42198cad935509b21a099227c8fdc67865529cfa2416ba5299aea1309bffa2e278
SSDEEP

98304:FvQ2BYyXY/XvEYuNdi+pEp+InG5W2Fr4s+bW2KwcbyQD527BWG:u2BYyyXmdicuGEa4/aXhVQBWG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.ca868ae042deae4661160bde93418100.exe

Files

NEAS.ca868ae042deae4661160bde93418100.exe
.exe windows:6 windows x86

961b2507c8d9dcc858efe78da0a22756

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sciter-x

SciterGetElementState
SciterGetStyleAttribute
ValueIntDataSet
ValueStringDataSet
SciterGetChildrenCount
SciterGetNthChild
SciterGetElementIndex
SciterSelectParent
SciterSetElementState
ValueIntData
SciterSetAttributeByName
ValueBinaryData
ValueToString
SciterGetElementTextCB
ValueElementsCount
ValueNthElementValue
SciterShowPopupAt
SciterHidePopup
ValueNthElementValueSet
ValueSetValueToKey
ValueInvoke
SciterCallScriptingMethod
SciterAttachHwndToElement
SciterPostEvent
SciterCombineURL
SciterInsertElement
SciterClassNameW
SciterLoadHtml
SciterSetCallback
ValueCompare
SciterRequestElementData
SciterEval
SciterWindowAttachEventHandler
SciterGetRootElement
SciterCreateElement
SciterGetFocusElement
SciterCallScriptingFunction
SciterSetElementText
SciterControlGetType
SciterProcND
SciterSetMediaType
SciterSetMediaVars
ValueFromString
ValueClear
GraphinAPI
ValueGetValueOfKey
SciterSetCapture
SciterReleaseCapture
SciterSetElementHtml
SciterUpdateElement
SciterDeleteElement
ValueInt64Data
SciterSelectElements
ValueInt64DataSet
SciterSetMasterCSS
SciterSetStyleAttribute
ValueIsolate
ValueNthElementKey
ValueBinaryDataSet
SciterGetAttributeByName
SciterGetParentElement
ValueStringData
SciterDataReady
SciterGetMinWidth
SciterGetMinHeight
SciterGetElementHwnd
ValueFloatData
ValueFloatDataSet
ValueCopy
SciterSetTimer
SciterGetElementLocation
SciterRefreshElementArea
Sciter_UnuseElement
Sciter_UseElement
ValueInit

kernel32

UnmapViewOfFile
CreateMutexW
MapViewOfFile
VirtualAlloc
WaitForSingleObject
ReleaseMutex
OpenMutexW
OpenFileMappingW
GetEnvironmentVariableW
FindResourceW
FindResourceExW
LoadResource
LockResource
FreeResource
SizeofResource
VerSetConditionMask
VerifyVersionInfoW
GetModuleHandleA
GetSystemTimeAsFileTime
SetEvent
ResetEvent
WaitForMultipleObjects
TerminateThread
GetVersion
GetTimeZoneInformation
LoadLibraryExW
GetCurrentDirectoryW
SetCurrentDirectoryW
SwitchToThread
FileTimeToSystemTime
FindFirstFileExW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
MoveFileW
GetTempPathW
GetTempFileNameW
FlushFileBuffers
GetFileTime
GetFileInformationByHandle
GetSystemInfo
FileTimeToLocalFileTime
VirtualFree
VirtualProtect
TryEnterCriticalSection
CreateSemaphoreW
ReleaseSemaphore
GetExitCodeThread
QueryPerformanceCounter
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetTimeFormatW
MulDiv
GetComputerNameW
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
CompareFileTime
lstrcpynW
lstrcpyW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetNumberFormatW
TzSpecificLocalTimeToSystemTime
GetCommandLineW
GetConsoleWindow
GetExitCodeProcess
lstrlenW
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
HeapDestroy
DeleteCriticalSection
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcess
GetSystemTime
GetFileSize
SystemTimeToFileTime
SetLastError
GetModuleFileNameW
GetCurrentProcessId
GetTickCount
GetCurrentThread
SetUnhandledExceptionFilter
GetLocaleInfoW
OpenProcess
LocalFree
LocalAlloc
GetSystemDirectoryW
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
WaitForSingleObjectEx
OutputDebugStringW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
Sleep
FindFirstFileW
FindNextFileW
FindClose
RemoveDirectoryW
ExpandEnvironmentStringsW
CreateDirectoryW
CopyFileW
HeapFree

user32

SwitchDesktop
OpenDesktopW
RegisterClipboardFormatW
keybd_event
CharUpperBuffW
DestroyIcon
FindWindowW
MessageBeep
CloseClipboard
EmptyClipboard
OpenClipboard
TranslateAcceleratorW
MsgWaitForMultipleObjectsEx
DialogBoxIndirectParamW
EndDialog
CreateDialogIndirectParamW
GetDlgItem
IsZoomed
IsIconic
SetWindowPlacement
IsWindowEnabled
SetWindowTextW
SetForegroundWindow
SetActiveWindow
MapWindowPoints
SetPropW
RegisterClassExW
LoadCursorW
LoadIconW
LoadAcceleratorsW
PostQuitMessage
GetPropW
LoadStringW
CallWindowProcW
SetWindowLongW
SetProcessDefaultLayout
GetClassInfoW
FrameRect
GetAsyncKeyState
SetFocus
AllowSetForegroundWindow
IsWindowVisible
IsDialogMessageW
CloseDesktop
GetDlgCtrlID
GetWindowTextW
GetWindowTextLengthW
MonitorFromWindow
SendMessageW
IsWindow
GetParent
DrawIconEx
DrawFrameControl
DrawFocusRect
GetSysColor
SetRect
NotifyWinEvent
GetProcessDefaultLayout
InflateRect
ScreenToClient
wsprintfW
DrawTextW
GetKeyState
SetTimer
GetCursorPos
ShowWindow
GetWindowContextHelpId
SetWindowContextHelpId
GetSystemMenu
SetWindowPos
GetWindowLongW
AdjustWindowRectEx
GetClientRect
GetWindowRect
GetForegroundWindow
GetDesktopWindow
GetClassNameW
GetWindowThreadProcessId
EqualRect
SystemParametersInfoW
GetWindowPlacement
KillTimer
LoadImageW
ReleaseDC
GetDC
GetSystemMetrics
RegisterWindowMessageW
CopyRect
EnumThreadWindows
GetFocus
PtInRect
EnableWindow
ExitWindowsEx
TranslateMessage
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
MessageBoxW
GetActiveWindow
WaitMessage
AttachThreadInput
SetCursor
GetWindow
PeekMessageW
TrackPopupMenuEx
DestroyMenu
LoadMenuW
RemoveMenu
ModifyMenuW
InsertMenuItemW
InsertMenuW
GetSubMenu
SetMenuItemInfoW
GetMenuStringW
GetMenuState
GetMenuItemID
GetMenuItemCount
SetMenuDefaultItem
EnableMenuItem
CheckMenuItem
AppendMenuW
DeleteMenu
CreatePopupMenu
CreateMenu
SetClipboardData
UpdateWindow

ws2_32

gethostbyaddr
getservbyport
ntohs
inet_ntoa
getservbyname
htonl
htons
WSAGetLastError
gethostbyname
inet_addr

gdi32

GetObjectW
DeleteObject
CreateCompatibleDC
SelectObject
BitBlt
GetDIBits
SetDIBits
DeleteDC
GetCurrentObject
GetDeviceCaps
AddFontMemResourceEx
RemoveFontMemResourceEx
SetStretchBltMode
StretchBlt
CreateSolidBrush
GetStockObject
SaveDC
GetTextColor
Ellipse
CreateBitmap
SetBkColor
ExtTextOutW
GetTextMetricsW
SetTextColor
SetTextAlign
GetTextAlign
ExcludeClipRect
GetClipBox
GetWindowOrgEx
SetWindowOrgEx
Polygon
GetTextExtentPoint32W
SetBkMode
SetDCBrushColor
RoundRect
SetDCPenColor
CreateBrushIndirect
CreateFontIndirectW
CreateDIBSection
EnumFontFamiliesW
CreateICW
SetBitmapBits
GetBitmapBits
RestoreDC
CreateCompatibleBitmap

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
AllocateAndInitializeSid
FreeSid
SetSecurityDescriptorGroup
RegEnumKeyW
CheckTokenMembership
CreateWellKnownSid
DuplicateTokenEx
OpenThreadToken
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
SetThreadToken
EqualSid
GetTokenInformation
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegDeleteKeyW
RegOpenCurrentUser
CopySid
GetLengthSid
AccessCheck
DuplicateToken
RevertToSelf

shell32

ShellExecuteW
SHGetSpecialFolderLocation
SHGetMalloc
ExtractIconExW
ShellExecuteExW

ole32

CoTaskMemFree
CoFreeUnusedLibraries
OleUninitialize
OleInitialize
ReleaseStgMedium

oleaut32

SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen

shlwapi

PathIsDirectoryW
PathAppendW
PathStripPathW
PathCombineW
PathAddExtensionW
PathFileExistsW

rpcrt4

UuidCreate

msvcp140

?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??_7_Facet_base@std@@6B@
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Wcscoll
_Wcsxfrm
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
_Mtx_current_owns
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PB_W_J@Z
?_Xbad_alloc@std@@YAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
_Cnd_broadcast
_Cnd_destroy_in_situ
_Cnd_init_in_situ
?_Throw_Cpp_error@std@@YAXH@Z
?_Syserror_map@std@@YAPBDH@Z
_Query_perf_counter
_Query_perf_frequency
_Xtime_get_ticks
?_Xinvalid_argument@std@@YAXPBD@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
??1_Facet_base@std@@UAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??1_Locinfo@std@@QAE@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??Bid@locale@std@@QAEIXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
_Cnd_timedwait

comctl32

ImageList_DrawEx
ImageList_ReplaceIcon
ImageList_GetImageInfo
ImageList_SetImageCount
InitCommonControlsEx
ImageList_GetIconSize
ImageList_Destroy
ImageList_Create

gdiplus

GdipCreateMatrix
GdipFillEllipse
GdipFillEllipseI
GdipDrawEllipseI
GdipDeleteMatrix
GdipCreateFromHDC
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipScaleMatrix
GdipSetSmoothingMode
GdipCloneBrush
GdipDeleteBrush
GdiplusShutdown
GdiplusStartup
GdipCreatePath
GdipDeletePath
GdipStartPathFigure
GdipClosePathFigure
GdipAddPathLine
GdipAddPathBezier
GdipTransformPath
GdipFillPath
GdipDrawImagePointRectI
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipCloneImage
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdipCreateHBITMAPFromBitmap
GdipTranslateMatrix

urlmon

IsValidURL

vcruntime140

memcpy
__CxxFrameHandler3
_purecall
wcsrchr
__RTDynamicCast
wcsstr
__std_exception_copy
__std_exception_destroy
strstr
strchr
_set_se_translator
memmove
memset
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
wcschr

api-ms-win-crt-heap-l1-1-0

realloc
calloc
free
malloc
_recalloc
_callnewh
_set_new_mode

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
terminate
_exit
exit
signal
_initialize_onexit_table
_initterm_e
_initterm
_get_wide_winmain_command_line
_initialize_wide_environment
_configure_wide_argv
_controlfp_s
_set_app_type
_register_thread_local_exe_atexit_callback
_c_exit
_seh_filter_exe
_cexit
_crt_atexit
_errno
_invalid_parameter_noinfo
_register_onexit_function

api-ms-win-crt-string-l1-1-0

wcsncmp
strnlen
_wcsnicmp
_wcsdup
wcscpy_s
wcstok_s
wcsncpy_s
wcsncpy
isspace
isalpha
toupper
wcspbrk
strcpy_s
strncpy_s
strcat_s
wcscat_s
towlower
towupper
wmemcpy_s
_strnicmp
tolower
_wcsupr_s
_wcsicoll
wcsspn
wcscoll
wcscspn
_wcslwr_s
_stricmp
ispunct
iswdigit
isdigit
iswalnum
wcsnlen
_wcsicmp
iswspace

api-ms-win-crt-convert-l1-1-0

_wtoi64
wcstoul
_wtoi
_wtoll
strtoul
_wtof
_wtol
_wcstoi64
strtol
wcstol
wcstoll
wcstoull
_i64tow_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
_set_fmode
__p__commode
__acrt_iob_func
__stdio_common_vfprintf
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vfwprintf
__stdio_common_vsprintf_s
__stdio_common_vswscanf
__stdio_common_vswprintf_s

api-ms-win-crt-utility-l1-1-0

bsearch_s
rand_s
qsort_s
rand
bsearch
qsort

api-ms-win-crt-time-l1-1-0

_gmtime64_s
_time64
_mkgmtime64
_mktime64
_localtime64_s

api-ms-win-crt-math-l1-1-0

__setusermatherr
_CIcos
_CIsin
_CIsqrt
ceil

api-ms-win-crt-filesystem-l1-1-0

_wmakepath_s
_wsplitpath_s

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 610KB - Virtual size: 609KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 776KB - Virtual size: 780KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

961b2507c8d9dcc858efe78da0a22756

Headers

DLL Characteristics

File Characteristics

Imports

sciter-x

kernel32

user32

ws2_32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

msvcp140

comctl32

gdiplus

urlmon

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-locale-l1-1-0

Sections

.text Size: 2.5MB - Virtual size: 2.5MB

.rdata Size: 610KB - Virtual size: 609KB

.data Size: 36KB - Virtual size: 43KB

.rsrc Size: 2.7MB - Virtual size: 2.7MB

.reloc Size: 776KB - Virtual size: 780KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 610KB - Virtual size: 609KB

.data
Size: 36KB - Virtual size: 43KB

.rsrc
Size: 2.7MB - Virtual size: 2.7MB

.reloc
Size: 776KB - Virtual size: 780KB