NEAS[.]17ec8f8548260933ecf79441f0da42d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.17ec8f8548260933ecf79441f0da42d0.exe
Size

2.0MB
MD5

17ec8f8548260933ecf79441f0da42d0
SHA1

e6f434afcf8192de5e58035401e594b15701ee02
SHA256

172b7183ae7f7ff3f57086fc118018b7e15d7af75e38707322718c289fd7ffb2
SHA512

f828c26671c50f6542223d7748d39dd6ba9be27a5871a801aa8e8bb84de2d3bd822f50a67e995973b17cf803bcbf6a26b6c428f5d6ae221e568ae4565506471b
SSDEEP

24576:CJo4blisaCgnkN7B+XZCj0nyoNclWlsndHsYDRNCyp:WRblqa7MCj0/NOysnbDayp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.17ec8f8548260933ecf79441f0da42d0.exe

Files

NEAS.17ec8f8548260933ecf79441f0da42d0.exe
.exe windows:4 windows x64 arch:x64

84ca21c90e5bbbc4475d05612cefcbad

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

propsys

PropVariantToUInt32
PropVariantCompareEx

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInterfaceDetailW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LoadLibraryExW
GetLocaleInfoW
EnumResourceLanguagesW
GetVersion
ConvertDefaultLocale
GetCurrentThread
TlsGetValue
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
FileTimeToSystemTime
GlobalFlags
SetErrorMode
FileTimeToLocalFileTime
GetFileTime
GetTickCount
HeapAlloc
GetStartupInfoW
HeapReAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
ExitThread
CompareStringA
HeapSize
SetUnhandledExceptionFilter
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlVirtualUnwind
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CreateFileA
SetEnvironmentVariableA
SuspendThread
SetThreadPriority
GetCurrentProcessId
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
lstrcmpW
GetModuleHandleW
GetVersionExA
GetModuleFileNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetThreadLocale
lstrcmpA
FormatMessageW
MulDiv
SetLastError
RaiseException
LoadLibraryA
GetProcessHeap
HeapFree
lstrlenA
LocalFree
LocalAlloc
GetFileAttributesW
GetFirmwareEnvironmentVariableA
CreateMutexW
ResumeThread
DuplicateHandle
GetExitCodeThread
MultiByteToWideChar
DeleteCriticalSection
InitializeCriticalSection
OutputDebugStringW
FreeLibrary
LoadLibraryW
GetUserDefaultUILanguage
FindResourceExW
GetSystemInfo
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
WaitForMultipleObjects
SetEvent
CreateThread
CreateEventW
Sleep
WaitForSingleObject
QueryFullProcessImageNameW
CreateFileW
GetLastError
DeviceIoControl
GetVersionExW
CreateProcessW
GetSystemDirectoryW
GetSystemDirectoryA
lstrlenW
WideCharToMultiByte
CloseHandle
GetCurrentProcess
OpenProcess
GetModuleHandleA
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
GetCurrentThreadId
FindResourceW
LoadResource
LockResource
SizeofResource
ExitProcess

user32

InvalidateRgn
SetCapture
ReleaseCapture
GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatW
PostThreadMessageW
GetCursorPos
ValidateRect
MoveWindow
SetWindowTextW
IsDialogMessageW
IsWindowEnabled
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
UnregisterClassA
RemovePropW
GetFocus
IsWindow
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
IsRectEmpty
GetMenu
MessageBoxW
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
CreateDialogIndirectParamW
PtInRect
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
SetWindowLongW
OffsetRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
TabbedTextOutW
GetDC
ReleaseDC
IntersectRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
LoadIconW
IsWindowVisible
DispatchMessageW
PostQuitMessage
SendInput
MapVirtualKeyW
TranslateMessage
PeekMessageW
RegisterDeviceNotificationW
KillTimer
UnregisterDeviceNotification
EnumDisplaySettingsW
ChangeWindowMessageFilter
CallNextHookEx
SetTimer
FindWindowExW
RegisterWindowMessageW
CharUpperW
SetWindowPos
DrawFocusRect
InflateRect
SetRect
CopyRect
RedrawWindow
CopyAcceleratorTableW
CharNextW
UnregisterClassW
DestroyMenu
GetSysColorBrush
DrawTextW
LoadCursorW
SetWindowContextHelpId
MapDialogRect
SetCursor
EnableWindow
SendMessageW
GetDesktopWindow
GetWindow
GetClientRect
GetParent
GetWindowRect
UnregisterPowerSettingNotification
RegisterPowerSettingNotification
EnumThreadWindows
InvalidateRect
SetForegroundWindow
GetForegroundWindow
GetWindowThreadProcessId
UnhookWindowsHookEx
UpdateWindow
SetWindowsHookExW
ShowWindow
GetWindowLongW
SystemParametersInfoW
GetSysColor
PostMessageW
GetNextDlgTabItem
EndDialog
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
CheckMenuItem
EnableMenuItem
GetMessageW
EqualRect
GetActiveWindow
GetPropW

gdi32

PtVisible
RectVisible
TextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
GetBkColor
GetTextColor
GetRgnBox
GetDeviceCaps
GetWindowExtEx
GetStockObject
GetViewportExtEx
GetMapMode
CreateCompatibleBitmap
DeleteObject
CreateDIBSection
GetObjectW
SetDIBColorTable
BitBlt
CreateCompatibleDC
DeleteDC
CreateFontW
SelectObject
GetClipBox
SetMapMode
SetTextColor
SetBkMode
RestoreDC
SaveDC
CreateBitmap
CreateRectRgnIndirect
SetBkColor
ExtTextOutW

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

LookupPrivilegeValueW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegOpenKeyW
AdjustTokenPrivileges
RegCloseKey
OpenProcessToken
RegDeleteValueW
RegNotifyChangeKeyValue
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCW
PathFindFileNameW
PathFindExtensionW
PathStripToRootW

oledlg

OleUIBusyW

ole32

StringFromGUID2
CLSIDFromString
PropVariantClear
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeSecurity
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CoInitialize
CoFreeUnusedLibrariesEx
FreePropVariantArray
PropVariantCopy
CLSIDFromProgID
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoSetProxyBlanket
CoFreeUnusedLibraries

oleaut32

VariantInit
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
OleCreateFontIndirect
VariantChangeType
GetErrorInfo
VariantCopy
SafeArrayPutElement
SysFreeString
SafeArrayCreateVector
SysAllocStringLen
SafeArrayAccessData
VariantClear
SysAllocString
SafeArrayUnaccessData

gdiplus

GdipGetImagePixelFormat
GdipDisposeImage
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipGetImagePaletteSize
GdipAlloc
GdiplusShutdown
GdipFree
GdiplusStartup
GdipCloneImage
GdipGetImagePalette
GdipDrawImageI
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits

Sections

.text
Size: 738KB - Virtual size: 738KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 976KB - Virtual size: 980KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

84ca21c90e5bbbc4475d05612cefcbad

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

propsys

setupapi

version

kernel32

user32

gdi32

msimg32

comdlg32

winspool.drv

advapi32

shell32

comctl32

shlwapi

oledlg

ole32

oleaut32

gdiplus

Sections

.text Size: 738KB - Virtual size: 738KB

.rdata Size: 233KB - Virtual size: 232KB

.data Size: 25KB - Virtual size: 54KB

.pdata Size: 47KB - Virtual size: 47KB

.rsrc Size: 976KB - Virtual size: 980KB

.text
Size: 738KB - Virtual size: 738KB

.rdata
Size: 233KB - Virtual size: 232KB

.data
Size: 25KB - Virtual size: 54KB

.pdata
Size: 47KB - Virtual size: 47KB

.rsrc
Size: 976KB - Virtual size: 980KB