NEAS[.]5a879d8d83565f715158c833e06595e0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5a879d8d83565f715158c833e06595e0.exe
Size

716KB
MD5

5a879d8d83565f715158c833e06595e0
SHA1

584a69f05beff53e5373f93a71c9b6b8485fd0c3
SHA256

34355b53f8c102ca28f98fe6794e78e3ef71480403e0cec763fc37d19d0db39e
SHA512

79a70de59137521569497437a6557a9dbd9343364923a8fa9fc321e5b6171cc61c2da91c5a53c627d8efe5bbec8a296e966e068d4c7c2f0ebe8290f1c4bbe37e
SSDEEP

12288:QNseUYIRBIai1QgqrBsxxWfztQ5IJ3fCgFxNmDAfT:wfUYIkvNFCztQo3flv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5a879d8d83565f715158c833e06595e0.exe

Files

NEAS.5a879d8d83565f715158c833e06595e0.exe
.exe windows:4 windows x86 arch:x86

6b120ccb79b8dd40413a095be8a8c4e5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindResourceA
LoadResource
LockResource
GetModuleHandleA
GetCommandLineA
SetUnhandledExceptionFilter
GetOEMCP
IsBadCodePtr
VirtualProtect
GetACP
WriteFile
LCMapStringW
SetEnvironmentVariableW
GetSystemTimeAsFileTime
VirtualLock
QueryPerformanceFrequency
QueryPerformanceCounter
SetThreadPriority
CreateThread
TerminateThread
GetCurrentProcess
FreeLibrary
Sleep
GetTempPathA
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetVersionExA
GetProcAddress
LoadLibraryA
CreateEventA
CloseHandle
SetEvent
WaitForSingleObject
MultiByteToWideChar
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
CopyFileA
SetCurrentDirectoryA
GetCurrentDirectoryA
FindClose
FindFirstFileA
GetFileAttributesA
FindNextFileA
GetFullPathNameA
EnterCriticalSection
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
RtlUnwind
GetVersion
RaiseException
GetTimeZoneInformation
GetSystemTime
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
LCMapStringA
FileTimeToLocalFileTime
GetCPInfo
CompareStringA
CompareStringW
TerminateProcess
SetFilePointer
HeapSize
GetLastError
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
IsBadReadPtr
ExitProcess
FileTimeToSystemTime
FlushFileBuffers
VirtualAlloc
IsBadWritePtr
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeA
GetStringTypeW
CreateFileA
GetLocaleInfoW
ReadFile
SetEnvironmentVariableA
SetStdHandle
SetEndOfFile

user32

EnableWindow
GetDlgItem
GetWindowTextA
EndDialog
SetTimer
UpdateWindow
CreateWindowExA
RegisterClassA
LoadCursorA
UnregisterClassA
DestroyWindow
ShowWindow
ClientToScreen
GetClientRect
SetCursorPos
DefWindowProcA
SetCapture
ReleaseCapture
EndPaint
BeginPaint
PostMessageA
SetCursor
ScreenToClient
GetCursorPos
DispatchMessageA
PeekMessageA
SetForegroundWindow
GetWindowLongA
GetWindowRect
SetWindowPos
SetWindowLongA
InvalidateRect
MoveWindow
GetSystemMetrics
ShowCursor
ToAscii
MapVirtualKeyA
DrawTextA
SystemParametersInfoA
MessageBoxA
GetForegroundWindow
SendDlgItemMessageA
SetWindowTextA
GetDesktopWindow
DialogBoxParamA
KillTimer
GetMessageA

wsock32

inet_ntoa
ntohl
recvfrom
sendto
closesocket
getsockname
select
setsockopt
htons
htonl
ntohs
getpeername
recv
send
accept
gethostbyname
bind
socket
connect
ioctlsocket
listen
WSAStartup
WSACleanup

winmm

timeGetDevCaps
timeSetEvent
timeKillEvent
timeBeginPeriod
timeGetTime
timeEndPeriod
mixerGetLineControlsA
mciGetErrorStringA
mixerGetLineInfoA
mciSendCommandA
mixerGetControlDetailsA
mixerGetNumDevs
mixerOpen
mixerSetControlDetails
mixerClose

dplayx

ord4

ddraw

DirectDrawCreateEx
DirectDrawEnumerateExA

dinput

DirectInputCreateEx

gdi32

AddFontResourceA
CreateFontA
CreateCompatibleDC
SetMapMode
SetTextCharacterExtra
SelectObject
GetTextMetricsA
DeleteDC
SetBkColor
SetTextColor
DeleteObject
RemoveFontResourceA
GetStockObject

shell32

ShellExecuteA

ole32

CoUninitialize
CoInitialize
CoCreateInstance

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

msacm32

acmStreamOpen
acmStreamSize
acmStreamPrepareHeader
acmFormatSuggest
acmStreamClose
acmStreamUnprepareHeader
acmStreamConvert

Exports

Exports

_bbWinMain@0
runtimeGetRuntime

Sections

.text
Size: 548KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 84KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6b120ccb79b8dd40413a095be8a8c4e5

Headers

File Characteristics

Imports

kernel32

user32

wsock32

winmm

dplayx

ddraw

dinput

gdi32

shell32

ole32

advapi32

msacm32

Exports

Exports

Sections

.text Size: 548KB - Virtual size: 547KB

.rdata Size: 40KB - Virtual size: 39KB

.data Size: 84KB - Virtual size: 278KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 32KB - Virtual size: 31KB

.text
Size: 548KB - Virtual size: 547KB

.rdata
Size: 40KB - Virtual size: 39KB

.data
Size: 84KB - Virtual size: 278KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 32KB - Virtual size: 31KB