NEAS[.]d363c2dc7eadf1fbfc9bee1983f948677d4495ec13682c6298cfc8647fa47b54[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.d363c2dc7eadf1fbfc9bee1983f948677d4495ec13682c6298cfc8647fa47b54.exe
Size

1.1MB
MD5

c614eeeba2ea73c5d8c99c4b71f7ce30
SHA1

f02dba3b0424fac5e7d753ee7770305550802b4b
SHA256

d363c2dc7eadf1fbfc9bee1983f948677d4495ec13682c6298cfc8647fa47b54
SHA512

40284fc43c5e5a53ba2ab89bf113ab5bd69b4b872bb52a3b9f244487a8d4649a74466bd920b4ed73d8b5297f9b8c401a021c8faf7695330eecaabb418a74403a
SSDEEP

24576:F0DATiNHrdQUwAVOjoRRDTfiNjw8HCuyiNF0MLsN8qIRYrz:F0DATiNHrdQUwAVOERRDWPieTLsH6y

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d363c2dc7eadf1fbfc9bee1983f948677d4495ec13682c6298cfc8647fa47b54.exe

Files

NEAS.d363c2dc7eadf1fbfc9bee1983f948677d4495ec13682c6298cfc8647fa47b54.exe
.exe windows:5 windows x86

466e22e9276767c400bb06eb76531f4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wininet

InternetCloseHandle
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile
InternetCrackUrlA
InternetConnectA
HttpQueryInfoA
DeleteUrlCacheEntry

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

comctl32

ImageList_Draw
InitCommonControlsEx
ImageList_LoadImageA
_TrackMouseEvent

shlwapi

StrFormatByteSizeA

urlmon

URLDownloadToFileA

crypt32

CryptProtectData

kernel32

GlobalFree
FindClose
LoadLibraryA
FindNextFileA
WaitForSingleObject
GetTickCount
GetExitCodeThread
GetCurrentThreadId
DeleteFileA
CreateThread
lstrlenA
MultiByteToWideChar
lstrlenW
GetSystemTime
GetModuleFileNameA
MulDiv
CreateProcessA
GetTempPathA
OpenProcess
SetFilePointer
SetEndOfFile
GetCurrentProcess
UnlockFile
LockFile
FormatMessageA
WriteFile
FlushFileBuffers
GetLastError
SetLastError
MoveFileA
DuplicateHandle
FileTimeToLocalFileTime
LocalFree
GetWindowsDirectoryA
GetVolumeInformationA
CreateDirectoryA
GetTempFileNameA
GetSystemDefaultLangID
GetSystemDirectoryA
VerLanguageNameA
GlobalMemoryStatusEx
GetSystemInfo
GetVersionExA
CompareFileTime
SystemTimeToFileTime
WinExec
CreateMutexA
HeapFree
GetProcessHeap
GetExitCodeProcess
CopyFileA
OutputDebugStringA
SetThreadLocale
GetThreadLocale
GetFileTime
GetProcAddress
DosDateTimeToFileTime
SetFileTime
GetFileType
GetCurrentDirectoryA
FileTimeToDosDateTime
GetFileSize
UnmapViewOfFile
GetLocalTime
GetFileInformationByHandle
LCMapStringW
LCMapStringA
RtlUnwind
GetStartupInfoA
GetCommandLineA
GetTimeZoneInformation
ExitProcess
GetModuleHandleW
GetSystemTimeAsFileTime
SetStdHandle
GetFullPathNameA
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetDateFormatA
GetTimeFormatA
InterlockedDecrement
InterlockedIncrement
HeapSize
HeapReAlloc
HeapAlloc
HeapDestroy
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
CompareStringA
CompareStringW
HeapCreate
VirtualFree
VirtualAlloc
GetStdHandle
GetStringTypeA
GetStringTypeW
SetHandleCount
GetConsoleCP
FindFirstFileA
GlobalUnlock
ReadFile
Sleep
GlobalAlloc
GlobalLock
FreeLibrary
CloseHandle
LockResource
GetEnvironmentVariableA
GetConsoleMode
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
FileTimeToSystemTime
SizeofResource
WideCharToMultiByte
FindResourceExA
LoadResource
FindResourceA
CreateFileA
GetUserDefaultLCID
GetLocaleInfoA
GetCPInfo
GetACP
EnumSystemLocalesA
IsValidLocale
GetModuleHandleA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileW
SetEnvironmentVariableA
GetFileAttributesA
GetOEMCP

user32

UpdateWindow
GetWindow
IsDialogMessageA
DrawTextA
SetRectEmpty
InflateRect
UnionRect
GetSysColor
GetClassNameA
InsertMenuItemA
GetSubMenu
DeleteMenu
LoadMenuA
TrackPopupMenuEx
GetCursorPos
SystemParametersInfoA
PostQuitMessage
KillTimer
LoadStringA
CreateWindowExA
SendMessageTimeoutA
LoadAcceleratorsA
LoadImageA
DestroyIcon
GetUserObjectInformationA
GetThreadDesktop
SetTimer
GetSystemMetrics
UnhookWindowsHookEx
SetWindowsHookExA
BringWindowToTop
CharUpperA
CallNextHookEx
SetActiveWindow
ClientToScreen
SetCapture
GetPropA
RemovePropA
PtInRect
GetCapture
DrawFocusRect
SetPropA
CopyIcon
InvalidateRect
ReleaseCapture
CallWindowProcA
WaitForInputIdle
GetDC
OffsetRect
GetWindowTextA
RegisterClassExA
SetWindowLongA
DefWindowProcA
IsWindow
SetDlgItemTextA
GetDlgCtrlID
SetForegroundWindow
AttachThreadInput
GetForegroundWindow
GetWindowThreadProcessId
GetWindowRect
MessageBoxA
SetWindowPos
MoveWindow
EndPaint
DestroyWindow
SetCursor
GetSystemMenu
CreateDialogParamA
IsIconic
FillRect
GetFocus
GetParent
LoadIconA
IsWindowEnabled
GetClientRect
SetFocus
SendMessageA
BeginPaint
GetWindowLongA
EnableMenuItem
GetDlgItem
EndDialog
EnumChildWindows
ShowWindow
SetWindowTextA
EnableWindow
LoadCursorA
DialogBoxParamA
GetMessageA
wsprintfA
TranslateMessage
PeekMessageA
PostMessageA
DispatchMessageA
IsWindowVisible
RegisterWindowMessageA
FindWindowA
ScreenToClient
ReleaseDC

gdi32

SetBkColor
DeleteObject
CreateSolidBrush
CreateFontIndirectA
SelectObject
CreatePen
GetTextMetricsA
RoundRect
GetTextExtentPoint32A
SetBkMode
ExtTextOutA
SetTextColor
GetObjectA
GetDeviceCaps

advapi32

GetTokenInformation
OpenProcessToken
RegEnumKeyA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegSetValueExA
RegFlushKey
RegQueryValueA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyA
RegDeleteValueA
RegCreateKeyExA
RegQueryInfoKeyA

shell32

Shell_NotifyIconA
SHCreateDirectoryExA
ShellExecuteExA
SHAppBarMessage
ShellExecuteA

ole32

OleCreate
CLSIDFromString
StringFromGUID2
CoCreateGuid
OleSetContainedObject
CoTaskMemAlloc
OleInitialize
OleUninitialize
CoTaskMemFree

oleaut32

VariantClear
SafeArrayAccessData
SafeArrayDestroy
SafeArrayCreate
VariantInit
SafeArrayUnaccessData
SysFreeString
GetErrorInfo
SysAllocString

ws2_32

send
gethostbyname
closesocket
socket
recv
shutdown
htons
inet_addr
connect

Sections

.text
Size: 588KB - Virtual size: 588KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 358KB - Virtual size: 358KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

466e22e9276767c400bb06eb76531f4e

Headers

DLL Characteristics

File Characteristics

Imports

wininet

version

comctl32

shlwapi

urlmon

crypt32

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

Sections

.text Size: 588KB - Virtual size: 588KB

.rdata Size: 139KB - Virtual size: 139KB

.data Size: 9KB - Virtual size: 20KB

.rsrc Size: 358KB - Virtual size: 358KB

.text
Size: 588KB - Virtual size: 588KB

.rdata
Size: 139KB - Virtual size: 139KB

.data
Size: 9KB - Virtual size: 20KB

.rsrc
Size: 358KB - Virtual size: 358KB