NEAS[.]c96ac268634132aad64f24df4b04d340[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c96ac268634132aad64f24df4b04d340.exe
Size

3.8MB
MD5

c96ac268634132aad64f24df4b04d340
SHA1

9d42fb2b4eac629fcee33f2535f8aa0b0a9885ed
SHA256

00781f9436c3b01adfea75e032800d4b04a5f2d4c9142d6338d97f342429855a
SHA512

318da9382615e2d5a743bbad8e602de35a1b26d5de1a4fb13e45cee973170e2d9e3c59df12d912eb1612ff54da709ab390b21ee88f224e60c2951dd5df46ce7c
SSDEEP

98304:A1rGMipXMlxgKHb5tp/WbGMgOxOtJ+KFEqPN:JrcPp/WbngOxe0KK4N

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c96ac268634132aad64f24df4b04d340.exe

Files

NEAS.c96ac268634132aad64f24df4b04d340.exe
.exe windows:5 windows x86

801b15e7c27d41455c553978eb640add

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW

wininet

InternetConnectA
InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpQueryInfoA
InternetOpenW
InternetCrackUrlW
InternetConnectW
HttpOpenRequestW
InternetGetConnectedState
InternetReadFile
InternetSetOptionA
CommitUrlCacheEntryA
HttpOpenRequestA
CreateUrlCacheEntryA

comctl32

ord17

wsock32

WSAStartup
ioctlsocket
select
WSAGetLastError
htons
shutdown
setsockopt
recv
bind
connect
__WSAFDIsSet
WSASetLastError
closesocket
gethostbyname
send
listen
accept
inet_addr
gethostname
inet_ntoa
htonl
recvfrom
sendto
getpeername
getsockopt
ntohs
getsockname
WSACleanup
getservbyport
socket
getservbyname
gethostbyaddr

dnsapi

DnsQuery_A
DnsFree

kernel32

CopyFileA
SetFileAttributesA
LoadLibraryA
WritePrivateProfileStringA
lstrcmpiA
GetModuleHandleA
GetVersionExA
CompareFileTime
GetSystemTimeAsFileTime
ReadFile
HeapAlloc
HeapFree
GetProcessHeap
GetTimeZoneInformation
GetDiskFreeSpaceA
FindNextFileA
GetDiskFreeSpaceExA
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
OutputDebugStringA
GetProcAddress
FormatMessageW
SetLastError
QueryPerformanceFrequency
WaitForSingleObject
PeekNamedPipe
WaitForMultipleObjects
GetFileType
GetStdHandle
QueryPerformanceCounter
GetEnvironmentVariableA
MultiByteToWideChar
VerifyVersionInfoA
VerSetConditionMask
SystemTimeToFileTime
GetSystemTime
FreeLibrary
GetCurrentProcessId
OpenEventA
FindClose
RemoveDirectoryA
LocalFree
CreateProcessA
ConvertThreadToFiber
ConvertFiberToThread
GetModuleHandleExW
VirtualFree
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualLock
DeleteFiber
CreateFiber
SwitchToFiber
InterlockedCompareExchange64
InterlockedExchangeAdd
SetConsoleMode
ReadConsoleW
ReadConsoleA
GetEnvironmentVariableW
GetExitCodeProcess
CreateDirectoryA
GetSystemDirectoryA
FileTimeToSystemTime
Sleep
GetVolumeInformationA
GetCommandLineA
GetDateFormatA
SetEvent
GetTimeFormatA
SystemTimeToTzSpecificLocalTime
MoveFileExA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
OpenMutexA
GetStartupInfoA
InitializeCriticalSection
GetCurrentProcess
DeleteFileA
GetTempPathA
CloseHandle
GetTempFileNameA
GetLastError
WriteFile
SetEnvironmentVariableA
CompareStringW
GetDriveTypeW
LoadLibraryW
SetConsoleCtrlHandler
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetLocaleInfoW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameA
SetEndOfFile
FatalAppExitA
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
WriteConsoleW
CreateFileW
SetHandleCount
SetStdHandle
ExitProcess
GetModuleHandleW
HeapSize
GetTickCount
CreateFileA
VirtualQuery
GetFileAttributesA
FindFirstFileA
GetWindowsDirectoryA
SleepEx
IsProcessorFeaturePresent
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
FindFirstFileExA
GetDriveTypeA
HeapReAlloc
RaiseException
GetStartupInfoW
HeapSetInformation
CreateThread
GetCurrentThreadId
ExitThread
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetFileInformationByHandle
FileTimeToLocalFileTime
LocalFileTimeToFileTime
SetFileTime
InterlockedExchange
DecodePointer
EncodePointer
DeleteFileW
CreateToolhelp32Snapshot
lstrlenA
InitializeCriticalSectionAndSpinCount
TryEnterCriticalSection
SetCriticalSectionSpinCount
ResetEvent
ReleaseMutex
ReleaseSemaphore
CancelWaitableTimer
SetWaitableTimer
LocalAlloc
CreateEventA
CreateMutexA
CreateSemaphoreA
CreateWaitableTimerA
OpenProcess
FormatMessageA
FindFirstFileW
FindNextFileW
GetShortPathNameA
WritePrivateProfileSectionA
GetPrivateProfileSectionA
GetVersion
GetComputerNameA
GetModuleFileNameW
LoadLibraryExA
InterlockedCompareExchange
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
SetFilePointer
Process32First
Process32Next

user32

SetForegroundWindow
ReleaseDC
GetDC
LoadMenuA
LoadImageA
EnumWindows
EnumChildWindows
ExitWindowsEx
GetClassNameA
GetWindowThreadProcessId
MessageBoxW
CreateWindowExA
TranslateMessage
LoadIconA
GetUserObjectInformationW
PostQuitMessage
RegisterClassExA
GetWindowRect
GetMessageA
DefWindowProcA
SetWindowTextA
PostMessageA
SetWindowPos
GetClientRect
KillTimer
GetSystemMetrics
GetDesktopWindow
ShowWindow
LoadStringA
GetProcessWindowStation
DispatchMessageA
UpdateWindow
LoadCursorA
MoveWindow
TranslateAcceleratorA
DestroyWindow

advapi32

AddAccessAllowedAce
RegSetKeySecurity
RegSaveKeyA
RegFlushKey
CreateProcessAsUserA
CryptDestroyKey
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersW
CryptDecrypt
CryptSetHashParam
CryptSignHashW
CryptExportKey
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenProcessToken
DuplicateTokenEx
CryptAcquireContextW
CryptGenRandom
ConvertSidToStringSidA
CheckTokenMembership
SetFileSecurityA
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
LookupPrivilegeValueA
AdjustTokenPrivileges
SetTokenInformation
SetSecurityInfo
RegEnumKeyExA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegCreateKeyExA
RegDeleteKeyA
InitializeSecurityDescriptor
GetLengthSid
InitializeAcl
OpenServiceA
CloseServiceHandle
QueryServiceStatus
RegQueryInfoKeyA
OpenSCManagerA
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CryptHashData
CryptAcquireContextA
CryptCreateHash
FreeSid
AllocateAndInitializeSid
EqualSid
GetTokenInformation
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegEnumKeyA
RegOpenKeyA
RegEnumValueA
SetSecurityDescriptorDacl

shell32

ShellExecuteA
SHGetSpecialFolderPathA

ole32

OleRun
OleInitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

GetErrorInfo
VariantInit
VariantClear
LoadTypeLi
SysAllocString
SysFreeString
VariantChangeType
SetErrorInfo
CreateErrorInfo
DispGetIDsOfNames

shlwapi

SHCopyKeyA

crypt32

CertEnumCertificatesInStore
CertOpenSystemStoreA
CertGetIntendedKeyUsage
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertCloseStore
CertGetEnhancedKeyUsage

ws2_32

getaddrinfo
freeaddrinfo
WSAIoctl
WSACloseEvent
WSAEventSelect
WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
WSASetEvent

wldap32

ord217
ord211
ord22
ord50
ord26
ord30
ord200
ord32
ord35
ord79
ord33
ord301
ord27
ord60
ord46
ord41
ord143

gdi32

GetDeviceCaps

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 644KB - Virtual size: 643KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

801b15e7c27d41455c553978eb640add

Headers

DLL Characteristics

File Characteristics

Imports

version

wininet

comctl32

wsock32

dnsapi

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

crypt32

ws2_32

wldap32

gdi32

Sections

.text Size: 3.1MB - Virtual size: 3.1MB

.rdata Size: 644KB - Virtual size: 643KB

.data Size: 26KB - Virtual size: 57KB

.rsrc Size: 5KB - Virtual size: 4KB

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 644KB - Virtual size: 643KB

.data
Size: 26KB - Virtual size: 57KB

.rsrc
Size: 5KB - Virtual size: 4KB