NEAS[.]a3aef06035f6c4000fc05cafda6b56a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.a3aef06035f6c4000fc05cafda6b56a0.exe
Size

176KB
MD5

a3aef06035f6c4000fc05cafda6b56a0
SHA1

8d892b3b14f69ea7a9ae74cd8d59f45a04d4e140
SHA256

7d8571e453fa2f855056e0045f3fc8630f99f931b3d2a8e0729b9dad43b79583
SHA512

559e935eea7b0f94b8724a3e28e1e76d9575309c824634c266a812c44cc55b1c893fcf82d173e78bae2985dd1752d0bd225d36a1aec39a8cc12f677188cb85b4
SSDEEP

3072:si5TWBsPIJnY8dJxeiRjkT7+jW3fVqYdVG:NinY8JB5kmjkq

Score

10^/10

upx

Malware Config

Signatures

Nirsoft 1 IoCs

resource	yara_rule
sample	Nirsoft

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a3aef06035f6c4000fc05cafda6b56a0.exe

Files

NEAS.a3aef06035f6c4000fc05cafda6b56a0.exe
.exe windows:4 windows x86 arch:x86

199a383ac0250947dc4016efcec48175

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentProcessId
ReadProcessMemory
GetCurrentProcess
ExitProcess
SetErrorMode
DeleteFileW
WritePrivateProfileStringW
GetPrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
OpenProcess
GetSystemTimeAsFileTime
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
GlobalUnlock
WideCharToMultiByte
lstrcpyW
CompareFileTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
GetTempPathW
GetLocaleInfoW
GetLastError
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
GetFileSize
GetVersionExW
GetModuleHandleW
GetTimeFormatW
GetFileAttributesW
CloseHandle
GetWindowsDirectoryW
ReadFile
GetModuleFileNameW
WriteFile
CreateFileW
FindResourceW
LoadResource
GetNumberFormatW
LocalFree
MultiByteToWideChar
LockResource
GlobalAlloc
lstrlenW
LoadLibraryExW
GetSystemDirectoryW

advapi32

RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegCloseKey

comctl32

ImageList_SetImageCount
CreateStatusWindowW
ImageList_ReplaceIcon
ord17
ImageList_AddMasked
ImageList_Create
CreateToolbarEx

comdlg32

FindTextW
GetSaveFileNameW

gdi32

SetBkMode
DeleteObject
SetBkColor
GetStockObject
GetTextExtentPoint32W
SelectObject
GetDeviceCaps
SetTextColor
CreateFontIndirectW

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__fmode
_onexit
__dllonexit
_stricmp
strlen
qsort
_purecall
_wcslwr
_itow
modf
memcmp
wcstoul
__set_app_type
_controlfp
_except_handler3
_c_exit
wcsrchr
malloc
wcscmp
_wcsicmp
wcschr
free
_memicmp
??2@YAPAXI@Z
??3@YAXPAX@Z
wcslen
_wtoi
memcpy
_ultow
wcscpy
memset
wcscat
_snwprintf
wcsncat

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

user32

SetForegroundWindow
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
DispatchMessageW
KillTimer
BeginDeferWindowPos
ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetWindowRect
GetDlgItemInt
SendDlgItemMessageW
DrawTextExW
EndDialog
GetDlgItem
InvalidateRect
SetWindowTextW
SetDlgItemInt
UpdateWindow
SetDlgItemTextW
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPlacement
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
SendMessageW
LoadImageW
LoadIconW
SetWindowLongW
GetWindowLongW
SetFocus
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
CheckMenuItem
GetMenuItemCount
GetMenuStringW
CloseClipboard
GetCursorPos
SetClipboardData
EnableWindow
GetSysColor
MapWindowPoints
GetParent
GetMenu
GetDC
EmptyClipboard
GetSubMenu
EnableMenuItem
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
SetWindowPos
GetWindowTextW
LoadMenuW
IsDialogMessageW
SetTimer
EndDeferWindowPos
TranslateMessage

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

UPX0
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

199a383ac0250947dc4016efcec48175

Headers

File Characteristics

Imports

kernel32

advapi32

comctl32

comdlg32

gdi32

msvcrt

shell32

user32

version

Sections

UPX0 Size: 60KB - Virtual size: 60KB

UPX1 Size: 36KB - Virtual size: 36KB

.rsrc Size: 76KB - Virtual size: 76KB

UPX0
Size: 60KB - Virtual size: 60KB

UPX1
Size: 36KB - Virtual size: 36KB

.rsrc
Size: 76KB - Virtual size: 76KB