NEAS[.]b21d8b0f83a6fcf4bd6a469a8ade748f[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b21d8b0f83a6fcf4bd6a469a8ade748f.exe
Size

215KB
MD5

b21d8b0f83a6fcf4bd6a469a8ade748f
SHA1

13f1a3e56f842c58cd943d929277de073f1883f2
SHA256

4317910a4c95122f9e2bc34e337d70868aa95e948a1bb8ee99a6be3e858f54e6
SHA512

3963d15b7ba51eee98b8e3dde84ab40fe118b50ded8b1c2b457deb499c6be19b077f6c340d0ee1a4c179ae5d0d90b965188904480ffb375f026c5b17eae4154e
SSDEEP

6144:l+Gupq7CAM0TDJZJ8uMYG83Qnqi9p07Sl:l+GmwCt0PWNsJiK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b21d8b0f83a6fcf4bd6a469a8ade748f.exe

Files

NEAS.b21d8b0f83a6fcf4bd6a469a8ade748f.exe
.exe windows:4 windows x86 arch:x86

fc654781844d06a6ccaad40505274c80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateSemaphoreA
CreateNamedPipeA
GetUserDefaultLangID
lstrcmpW
GetModuleHandleA
OpenSemaphoreA
FindResourceW
GetSystemDefaultLangID
IsValidCodePage
CopyFileA
CreateNamedPipeW
GetProcAddress

user32

DefDlgProcA
CreateDialogIndirectParamA
GetCaretPos
GetClassNameA
CheckDlgButton
SetWindowTextA
WaitForInputIdle
InvalidateRect
GetMenuItemInfoA
ActivateKeyboardLayout
LoadIconW
SetWindowRgn
MonitorFromPoint
DrawTextW
CharNextW
PostQuitMessage
EnumWindows
GetDesktopWindow
GetDCEx
GetMenuItemID
ChildWindowFromPoint
GetDlgItemTextW
TrackPopupMenuEx
InvalidateRgn
CharPrevA
WinHelpA
CharNextA
CreateWindowExA
PeekMessageW
GetMenu
LoadCursorW
UpdateWindow
DialogBoxIndirectParamA
EnumDesktopsA
MessageBoxIndirectW
GetWindowTextLengthW
GetCapture
DestroyCursor
LoadImageA
CreateDesktopW
CreateDesktopA
LoadMenuA
PeekMessageA
GetActiveWindow
GetSysColor
SetMenu

gdi32

SetColorSpace
GetROP2
SetEnhMetaFileBits
GetEnhMetaFileHeader
AnimatePalette
SetTextCharacterExtra
CreateDIBPatternBrush
SelectBrushLocal
GetPolyFillMode
CreateFontIndirectW
GetSystemPaletteEntries
CreatePolygonRgn

advapi32

RegCloseKey
RegSaveKeyA
RegSaveKeyW
RegReplaceKeyA
RegOpenKeyW
RegCreateKeyExW

shlwapi

PathFindExtensionA
SHSetThreadRef
PathIsSameRootW
SHOpenRegStreamW
SHRegGetBoolUSValueA
SHStrDupA
PathRemoveBackslashW
PathAddBackslashW

oleaut32

VarUI2FromI8
VarUI4FromUI1
SafeArrayGetLBound
VarI4FromUI2
DispCallFunc
VarCyMul

setupapi

SetupDiGetClassDevsW
CM_Get_Device_ID_Size
SetupCreateDiskSpaceListW
SetupQueueCopyA
SetupDiOpenClassRegKeyExW
CM_Set_Class_Registry_PropertyA
SetupCommitFileQueueW
pSetupGetRealSystemTime
CM_Get_Class_Registry_PropertyW
CM_Get_Device_Interface_List_SizeA

ws2_32

htonl
sendto
WSARecvDisconnect

winmm

PlaySoundA
mxd32Message
waveInAddBuffer
waveOutClose
mciGetErrorStringA
midiOutPrepareHeader

winspool.drv

FindNextPrinterChangeNotification
CloseSpoolFileHandle
EndDocPrinter
PrinterMessageBoxW
SetPrinterA
DeletePrintProcessorW
DevQueryPrintEx
DeletePrinterDriverExW
StartDocPrinterW

oledlg

OleUIUpdateLinksW
OleUIPasteSpecialW
OleUIEditLinksW
OleUIInsertObjectW
OleUIChangeIconA
OleUIAddVerbMenuA
OleUIBusyW
OleUIInsertObjectA

Sections

.NZx
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.Px
Size: 4KB - Virtual size: 292KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tU
Size: 3KB - Virtual size: 377KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.S
Size: 4KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.HdkoD
Size: 4KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 131KB - Virtual size: 448KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.UYbwZ
Size: 1KB - Virtual size: 386KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fc654781844d06a6ccaad40505274c80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

oleaut32

setupapi

ws2_32

winmm

winspool.drv

oledlg

Sections

.NZx Size: 11KB - Virtual size: 10KB

.Px Size: 4KB - Virtual size: 292KB

.tU Size: 3KB - Virtual size: 377KB

.S Size: 4KB - Virtual size: 33KB

.HdkoD Size: 4KB - Virtual size: 150KB

.data Size: 131KB - Virtual size: 448KB

.UYbwZ Size: 1KB - Virtual size: 386KB

.rsrc Size: 54KB - Virtual size: 53KB

.reloc Size: 1024B - Virtual size: 738B

.NZx
Size: 11KB - Virtual size: 10KB

.Px
Size: 4KB - Virtual size: 292KB

.tU
Size: 3KB - Virtual size: 377KB

.S
Size: 4KB - Virtual size: 33KB

.HdkoD
Size: 4KB - Virtual size: 150KB

.data
Size: 131KB - Virtual size: 448KB

.UYbwZ
Size: 1KB - Virtual size: 386KB

.rsrc
Size: 54KB - Virtual size: 53KB

.reloc
Size: 1024B - Virtual size: 738B