NEAS[.]e4afcdfdcb227c4976e821eb52140890[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e4afcdfdcb227c4976e821eb52140890.exe
Size

1.8MB
MD5

e4afcdfdcb227c4976e821eb52140890
SHA1

fd4ace73eaf5aca9ebb0b07100d517490b0c7286
SHA256

8b8501247f3fa42580dc88c04edce340dcf916b0ba79cdf4ef910a626efcf274
SHA512

503cf719b14df32576e433f758e9e6e81e4a975f1728f6bd8914505f3d120e336a9bf35bd76f8c50f2443091e65874ad06ec93561748b895e484a678f16b0f08
SSDEEP

24576:6RYEVntaoC7++vDrtD8d1apeZeCJjJVIhrYA1y7RCIWL2YrvRGgul:FBo1IK40CIIHL8g6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e4afcdfdcb227c4976e821eb52140890.exe

Files

NEAS.e4afcdfdcb227c4976e821eb52140890.exe
.dll windows:4 windows x86

f16a9c72196ea5f608d25f382181c6bb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
GetFileSize
WriteFile
GetFileTime
ReadFile
CreateFileW
SetFilePointer
SetEndOfFile
FindClose
FindNextFileW
FindFirstFileW
MoveFileW
GetFullPathNameW
GetTempPathW
GetTempFileNameW
MoveFileExW
GetWindowsDirectoryW
DeleteFileW
GetLongPathNameW
SetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
QueryDosDeviceW
GetVersionExW
GetSystemInfo
VirtualAllocEx
WriteProcessMemory
TerminateThread
OpenThread
FileTimeToSystemTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
GlobalMemoryStatusEx
MapViewOfFile
UnmapViewOfFile
GetEnvironmentVariableW
CreateFileMappingW
SetProcessPriorityBoost
SetPriorityClass
ConnectNamedPipe
CreateNamedPipeW
DisconnectNamedPipe
SetUnhandledExceptionFilter
GetModuleHandleExW
LoadLibraryA
GetCurrentThread
CreateDirectoryA
PeekNamedPipe
GetOverlappedResult
CancelIo
OpenFileMappingW
SetLastError
ExpandEnvironmentStringsW
GetUserDefaultLangID
VirtualFree
VirtualAlloc
VirtualProtect
GetThreadContext
SetThreadContext
VirtualQuery
InterlockedCompareExchange
FlushInstructionCache
LoadLibraryExA
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedExchange
SuspendThread
GetCurrentProcess
VirtualFreeEx
GetExitCodeThread
ReleaseMutex
CreateMutexW
ResetEvent
WideCharToMultiByte
GetACP
ResumeThread
InterlockedExchangeAdd
lstrcmpiW
LoadResource
RaiseException
lstrlenW
EnterCriticalSection
GetModuleFileNameW
FindResourceW
DeleteCriticalSection
MultiByteToWideChar
GetLastError
LoadLibraryExW
DisableThreadLibraryCalls
InitializeCriticalSection
SizeofResource
LeaveCriticalSection
GetPrivateProfileStringW
OutputDebugStringW
Sleep
GetModuleHandleW
OpenProcess
TerminateProcess
InterlockedDecrement
InterlockedIncrement
SetEvent
CreateEventW
GetCurrentProcessId
FreeLibrary
LoadLibraryW
CreateProcessW
GetProcAddress
GetCurrentThreadId
GetTickCount
WaitForMultipleObjects
GetLocalTime
WaitForSingleObject
CloseHandle
ReadProcessMemory

user32

DestroyIcon
PostMessageW
UnregisterClassA
LoadStringW
GetActiveWindow
SendMessageTimeoutW
TranslateMessage
GetMessageW
DispatchMessageW
GetAncestor
GetClassNameW
GetParent
ShowWindowAsync
CharNextW
LoadImageW
ScreenToClient
FindWindowW
DefWindowProcW
CreateWindowExW
SetPropW
SendMessageW
GetCursorPos
FindWindowExW
GetPropW
UnregisterClassW
RegisterClassW
SystemParametersInfoW
EnumWindows
GetSystemMetrics
MessageBoxW
DestroyWindow
InvalidateRect
IsWindow
IsWindowVisible
GetWindowThreadProcessId
IsHungAppWindow
EnableWindow
IsWindowEnabled
GetLastActivePopup
AllowSetForegroundWindow
GetForegroundWindow
GetWindow
GetWindowRect
SetWindowPos
SetTimer
KillTimer
PeekMessageW
PostThreadMessageW

advapi32

GetLengthSid
AddAce
RegEnumKeyW
RegGetKeySecurity
RegCreateKeyW
RegDeleteValueW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
AllocateAndInitializeSid
CopySid
OpenProcessToken
EqualSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetTokenInformation
InitializeSecurityDescriptor
FreeSid
RegSetKeySecurity
RegQueryValueExW
RegNotifyChangeKeyValue

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW
ShellExecuteW
SHChangeNotify
ShellExecuteExW
SHGetFolderPathW

ole32

CoRevokeClassObject
CoRegisterClassObject
CoUnmarshalInterface
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoCreateGuid
CreateStreamOnHGlobal

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString

msvcr80

memset
_stricmp
swscanf_s
vswprintf_s
_mktime64
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
__CxxFrameHandler3
_CxxThrowException
_wtoi
wcsrchr
calloc
isdigit
_wtof
wcsncpy
__RTDynamicCast
strncpy
_vswprintf_c_l
_waccess
_wcsicmp
toupper
tolower
strchr
swprintf_s
strstr
_localtime64
memcpy
_wrename
_time64
memmove
_beginthreadex
towlower
_vsnwprintf_s
towupper
wcschr
wcsstr
_errno
_recalloc
wcsncpy_s
malloc
_wcsnicmp
swscanf
memchr
_wcsdup
isalnum
rand
free
_invalid_parameter_noinfo
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??2@YAPAXI@Z
_purecall
memmove_s
??3@YAXPAX@Z
memcpy_s
?what@exception@std@@UBEPBDXZ

shlwapi

PathFileExistsW

gdiplus

GdiplusStartup
GdipCreateBitmapFromFile
GdipDisposeImage
GdipLoadImageFromFile
GdipImageGetFrameDimensionsCount
GdipAlloc
GdipFree
GdipCloneImage
GdipCreateHICONFromBitmap
GdiplusShutdown

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Exports

Exports

CoralCreateObject

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 255KB - Virtual size: 254KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f16a9c72196ea5f608d25f382181c6bb

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcr80

shlwapi

gdiplus

version

Exports

Exports

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rdata Size: 255KB - Virtual size: 254KB

.data Size: 41KB - Virtual size: 49KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 111KB - Virtual size: 110KB

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 255KB - Virtual size: 254KB

.data
Size: 41KB - Virtual size: 49KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 111KB - Virtual size: 110KB