NEAS[.]4b073cc9a51d0825540d2cf4b38f0aa0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.4b073cc9a51d0825540d2cf4b38f0aa0.exe
Size

3.7MB
MD5

4b073cc9a51d0825540d2cf4b38f0aa0
SHA1

82ee440462267b5444851ffa658d3fb32c67f0b3
SHA256

4cf0672a97df54fd847fddf614b8e1dbe622946a5910bd56a3a7ffd10c7284f3
SHA512

0f3d047a9c6c1f8902465abf947f90867a48fa2dcfe336fbb048b2b84a36268532b21c7c77e1e7f43d4c3468f47bdd68b4beecb5b2b1db7102c47dd3dfe96299
SSDEEP

49152:H+/S3U0HNO97Xu1rjwPJxVtTgLRMNg76W8E33HilZYHSgTh7UKoLX4r2OAHPaa:HkSbW7Xu1r0hxViOe766ABGhYKyogP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.4b073cc9a51d0825540d2cf4b38f0aa0.exe

Files

NEAS.4b073cc9a51d0825540d2cf4b38f0aa0.exe
.exe windows:6 windows x86 arch:x86

6b16655a4257696e6a312e6094c6db49

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetConsoleMode
SetConsoleMode
LocalAlloc
LocalFree
SetFileAttributesA
InitializeCriticalSectionAndSpinCount
CreateIoCompletionPort
VerifyVersionInfoA
VerSetConditionMask
QueueUserAPC
TerminateThread
GetModuleHandleW
GetQueuedCompletionStatus
SetWaitableTimer
SetConsoleTitleA
GetModuleHandleA
SleepEx
SetEvent
CreateEventW
CreateWaitableTimerA
QueryPerformanceCounter
QueryPerformanceFrequency
GetCurrentThread
GetThreadTimes
DeleteCriticalSection
DecodePointer
RaiseException
InitializeCriticalSectionEx
HeapFree
WideCharToMultiByte
GetProcessHeap
HeapAlloc
SetConsoleTextAttribute
GetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
PostQueuedCompletionStatus
EnterCriticalSection
LeaveCriticalSection
GlobalAddAtomA
GlobalFindAtomA
LoadLibraryA
ExitProcess
WaitForSingleObject
CreateProcessA
GetTempPathA
GetLastError
GetProcAddress
LoadLibraryExA
MultiByteToWideChar
Sleep
DeviceIoControl
CloseHandle
CreateFileA
MapViewOfFile
CreateFileMappingA
GetCurrentProcessId
CreateMutexA
OpenMutexA
SetLastError
WaitForMultipleObjects
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
SetStdHandle
HeapSize
HeapReAlloc
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
FormatMessageA
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFullPathNameW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
GetTempPathW
AreFileApisANSI
CopyFileW
MoveFileExW
GetFileInformationByHandleEx
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryEnterCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
GetNativeSystemInfo
EncodePointer
LCMapStringEx
GetSystemTimeAsFileTime
GetTickCount64
GetStringTypeW
GetCPInfo
IsDebuggerPresent
OutputDebugStringW
VirtualFree
GetCurrentProcess
VirtualAlloc
TerminateProcess
InitializeCriticalSection
ResumeThread
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
DuplicateHandle
ResetEvent
GetTickCount
GetModuleFileNameW
FormatMessageW
Wow64DisableWow64FsRedirection
Wow64RevertWow64FsRedirection
Thread32Next
Thread32First
ReadFile
CreateNamedPipeW
CreateThread
OpenProcess
IsWow64Process
SuspendThread
OpenThread
CreateActCtxW
WriteFile
UnmapViewOfFile
DeleteFileW
GetTempFileNameW
CreateFileMappingW
ReleaseActCtx
ActivateActCtx
GetEnvironmentVariableW
GetSystemDirectoryW
DeactivateActCtx
GetSystemWow64DirectoryW
Module32FirstW
GetWindowsDirectoryW
WriteProcessMemory
VirtualProtectEx
GetThreadContext
VirtualAllocEx
ReadProcessMemory
CreateRemoteThread
VirtualFreeEx
SetThreadContext
VirtualQueryEx
GetSystemInfo
LoadLibraryW
FreeLibrary
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetFileSizeEx
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetCommandLineW
ReadConsoleW
GetConsoleOutputCP
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
GetModuleFileNameA
GetSystemTimeAsFileTime
GetModuleHandleA
CreateEventA
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleW
LoadResource
MultiByteToWideChar
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
WriteConsoleW
SetStdHandle
IsProcessorFeaturePresent
DecodePointer
GetCommandLineA
RaiseException
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
LCMapStringW
GetStringTypeW
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
VirtualQuery

user32

PostThreadMessageA
GetWindowThreadProcessId
SetWindowsHookExA
EnumWindows
wsprintfW
CharUpperBuffW

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
OpenThreadToken
RegOpenKeyExW
OpenProcessToken
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueW
RegEnumValueW
RegOpenKeyW
RegCreateKeyW
RegSetValueExW
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
AllocateAndInitializeSid
SetEntriesInAclA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetFileSecurityA
FreeSid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA

ws2_32

shutdown
setsockopt
ioctlsocket
WSASetLastError
closesocket
ntohl
recvfrom
getpeername
sendto
WSACleanup
htons
gethostbyname
socket
htonl
WSARecv
WSASocketW
listen
__WSAFDIsSet
recv
send
connect
getsockname
WSAIoctl
getaddrinfo
freeaddrinfo
WSAStartup
WSASend
WSAGetLastError
ntohs
getsockopt
WSAAddressToStringW
bind
select

mswsock

AcceptEx
GetAcceptExSockaddrs

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString

shlwapi

SHDeleteKeyW

crypt32

CertFreeCertificateContext
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA
CertAddCertificateContextToStore
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Sections

3FVxYJ]"
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

1.*F2Z_X
Size: 320KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

2*"'w@iQ
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

`i.8ZGcl
Size: 700KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Qb-"J0H4
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

8:C(,_$j
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ZJ6Vfn%g
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

1%0C/ja:
Size: 480B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.l1
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

6b16655a4257696e6a312e6094c6db49

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

mswsock

ole32

oleaut32

shlwapi

crypt32

Sections

3FVxYJ]" Size: 1.2MB - Virtual size: 1.2MB

1.*F2Z_X Size: 320KB - Virtual size: 320KB

2*"'w@iQ Size: 52KB - Virtual size: 52KB

`i.8ZGcl Size: 700KB - Virtual size: 700KB

Qb-"J0H4 Size: 4KB - Virtual size: 4KB

8:C(,_$j Size: 1.5MB - Virtual size: 1.5MB

ZJ6Vfn%g Size: 4KB - Virtual size: 4KB

1%0C/ja: Size: 480B - Virtual size: 480B

.l1 Size: 15KB - Virtual size: 15KB

3FVxYJ]"
Size: 1.2MB - Virtual size: 1.2MB

1.*F2Z_X
Size: 320KB - Virtual size: 320KB

2*"'w@iQ
Size: 52KB - Virtual size: 52KB

`i.8ZGcl
Size: 700KB - Virtual size: 700KB

Qb-"J0H4
Size: 4KB - Virtual size: 4KB

8:C(,_$j
Size: 1.5MB - Virtual size: 1.5MB

ZJ6Vfn%g
Size: 4KB - Virtual size: 4KB

1%0C/ja:
Size: 480B - Virtual size: 480B

.l1
Size: 15KB - Virtual size: 15KB