NEAS[.]1bf8448eb04a2b7be5498feb905e7bc0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1bf8448eb04a2b7be5498feb905e7bc0.exe
Size

4.7MB
MD5

1bf8448eb04a2b7be5498feb905e7bc0
SHA1

f023c6119d570de118fc6e95be35afe2b9d8619b
SHA256

9c7ab6bf2f3cd47cef8704ecc9d4049bb7f08128bf5e6d25958aee521e33580d
SHA512

43a1bd813e4a62852b3410ae69232195fdc4868ebb5465183d5502c862dde585c2f6c44f14aa876127ba18901710aa9c2372519be0ef4cfa2b7ebd11ba45fea9
SSDEEP

98304:Z/Y6AbQc7lJ0YhRQ6WOw8bk+ZNXSIamXhwyt3EcKPp2B01:hYbPlJ7DCOdTNXLamRwA3gPpV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1bf8448eb04a2b7be5498feb905e7bc0.exe

Files

NEAS.1bf8448eb04a2b7be5498feb905e7bc0.exe
.exe windows:4 windows x86

0ffd13e68ddeaa0ba86572620cc7a98f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

shfolder

SHGetFolderPathW

wininet

InternetConnectA
InternetOpenA
InternetAttemptConnect
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetGetConnectedState

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

InitializeCriticalSection
DeleteCriticalSection
HeapFree
GetProcessHeap
lstrcmpiA
lstrlenW
lstrlenA
GetModuleFileNameA
GetVolumeInformationA
DeleteFileA
Process32Next
TerminateProcess
GetExitCodeProcess
OpenProcess
CloseHandle
Process32First
CreateToolhelp32Snapshot
ExitProcess
CreateProcessA
SetCurrentDirectoryA
ReadFile
GetFileSize
WriteFile
SetFileAttributesA
CreateFileA
GetTempFileNameA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateThread
InterlockedIncrement
InterlockedDecrement
CompareStringA
CompareStringW
MulDiv
HeapAlloc
FlushInstructionCache
GetCurrentProcess
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcmpA
GetModuleHandleA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
GetCurrentThreadId
CopyFileA
GetStringTypeW
GetTempPathA
GetFullPathNameW
LocalFree
SetFilePointer
LeaveCriticalSection
WaitForSingleObject
SetEvent
CreateEventA
CreateDirectoryA
RemoveDirectoryA
FindClose
FindNextFileA
FindFirstFileA
GetTickCount
Sleep
GetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetStringTypeA
GetOEMCP
GetTimeZoneInformation
SetStdHandle
GetStdHandle
SetHandleCount
HeapSize
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
GetStartupInfoA
GetDateFormatA
GetTimeFormatA
GetFileType
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
HeapReAlloc
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
FlushFileBuffers
GetUserDefaultLCID
EnterCriticalSection
GetLastError
RaiseException
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
SetEndOfFile
InterlockedExchange
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetLocaleInfoW
GetFullPathNameA
SetEnvironmentVariableA

user32

GetWindowPlacement
IsWindowVisible
SetWindowPlacement
GetMessageA
TranslateMessage
DispatchMessageA
RegisterWindowMessageA
GetWindowTextLengthA
SetWindowLongA
GetWindowLongA
MessageBoxA
wsprintfA
PostMessageA
UnregisterClassA
GetSystemMetrics
ShowWindow
DefWindowProcA
MoveWindow
GetDlgItem
GetKeyState
GetSysColor
GetWindowTextA
SetWindowTextA
RegisterClassExA
GetClassInfoExA
LoadCursorA
CreateWindowExA
CreateAcceleratorTableA
CharNextA
GetParent
GetClassNameA
SetWindowPos
RedrawWindow
GetWindowRect
PeekMessageA
SystemParametersInfoA
WaitForInputIdle
IsWindow
SendMessageA
DestroyAcceleratorTable
GetFocus
IsChild
GetWindow
SetFocus
BeginPaint
EndPaint
CallWindowProcA
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseDC
GetDC
GetClientRect
FillRect
SetCapture
ReleaseCapture
DestroyWindow

gdi32

DeleteObject
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetDeviceCaps
GetObjectA
GetStockObject
CreateSolidBrush
SelectObject

advapi32

FreeSid
RegQueryValueExA
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryInfoKeyA
RegEnumKeyExA
AllocateAndInitializeSid

shell32

ExtractIconA
SHBrowseForFolderA
SHGetPathFromIDListA
SHGetMalloc
SHFileOperationA
SHGetSpecialFolderPathA

ole32

CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
CoGetClassObject
CLSIDFromProgID
CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
OleUninitialize
CoCreateGuid
CoUninitialize
CoInitialize
CoSetProxyBlanket
OleInitialize

oleaut32

VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
VariantInit
VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
SysStringLen
SysStringByteLen
OleCreateFontIndirect

shlwapi

SHDeleteKeyW
SHDeleteKeyA
SHDeleteEmptyKeyA

Sections

.text
Size: 240KB - Virtual size: 238KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1020KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0ffd13e68ddeaa0ba86572620cc7a98f

Headers

File Characteristics

Imports

shfolder

wininet

version

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

Sections

.text Size: 240KB - Virtual size: 238KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 12KB - Virtual size: 1020KB

.rsrc Size: 4KB - Virtual size: 3KB

.text
Size: 240KB - Virtual size: 238KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 12KB - Virtual size: 1020KB

.rsrc
Size: 4KB - Virtual size: 3KB