NEAS[.]e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.exe
Size

3.3MB
MD5

5c320953f68110bc451f42495ef0a296
SHA1

3fa90ce53a399dbcb765990a18dbd5c71b407cfc
SHA256

e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a
SHA512

7f3ac111b6b1656cb261f3fd9bb8d5c99ebcf400183775ebd32cbc1ddbb9161056bb0b6622899546c2e07f527c5fa64dda1c095de146a94dfd943118df812e91
SSDEEP

49152:OPX0ONuiBg8FsUMQMX/mH/xnJhMrqF3Ie73PpwfeTPYZylg5QrFRbZS2bvLra+Po:quirsUMti/jC2eiMmqQ7bZSoXPo

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.exe

Files

NEAS.e6001e502a2913ee4a5f96c0203a146d84e41844675d3d65041e79aca532f20a.exe
.exe windows:6 windows x64 arch:x64

5f091eecefc1b49cd7a2a9cf6847cbb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

CreatePropertySheetPageW
PropertySheetW
InitCommonControlsEx

ws2_32

getaddrinfo
freeaddrinfo
ioctlsocket
listen
accept
WSAPoll
send
getpeername
connect
WSAGetLastError
ntohl
WSAAddressToStringW
htonl
htons
WSACleanup
WSAStartup
select
ntohs
getsockname
setsockopt
recv
bind
socket
WSASetLastError
closesocket
getsockopt
gethostname

iphlpapi

GetAdaptersInfo
GetAdaptersAddresses

shlwapi

PathIsURLW
PathIsRelativeW
PathRelativePathToW
PathIsSameRootW
PathRemoveBackslashW
PathAddBackslashW
PathAppendW
PathFileExistsW

rpcrt4

UuidCreate
UuidToStringW

fwpuclnt

FwpmTransactionCommit0
FwpmEngineClose0
FwpmEngineOpen0
FwpmTransactionBegin0
FwpmCalloutAdd0
FwpmSubLayerAdd0
FwpmFilterAdd0

kernel32

GetTimeFormatW
GetDateFormatW
GetModuleHandleW
FindResourceW
SizeofResource
LoadResource
LockResource
FormatMessageA
LocalFree
GetLastError
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetFileSize
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
DeleteFileW
MoveFileExW
Sleep
DeviceIoControl
CancelIo
GetOverlappedResult
LoadLibraryW
GetProcAddress
VirtualProtect
WriteProcessMemory
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetLocalTime
CreateDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GetFileTime
InitializeCriticalSection
DeleteCriticalSection
ResumeThread
SetThreadPriority
GetTickCount
SetProcessWorkingSetSize
GetVersionExW
GetSystemInfo
OpenMutexW
CreateMutexW
SetUnhandledExceptionFilter
CreateEventW
CreateThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
ResetEvent
FreeResource
MulDiv
ReleaseMutex
FormatMessageW
GetStartupInfoW
GetEnvironmentStringsW
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
CompareStringW
RtlVirtualUnwind
RtlCaptureContext
InitializeCriticalSectionAndSpinCount
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
PeekNamedPipe
GetFileInformationByHandle
SetFilePointerEx
IsProcessorFeaturePresent
IsDebuggerPresent
GetCommandLineW
GetCPInfo
FileTimeToSystemTime
GetDriveTypeW
FindFirstFileExW
FindClose
FileTimeToLocalFileTime
LoadLibraryExW
ExitThread
GetFileType
RtlPcToFileHeader
DecodePointer
EncodePointer
GetStringTypeW
ExpandEnvironmentStringsW
SetLastError
SleepEx
DeleteFileA
AreFileApisANSI
GetSystemTime
GetTempPathA
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetDiskFreeSpaceA
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetTempPathW
FlushFileBuffers
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
OutputDebugStringW
LockFile
UnlockFile
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
ReadFile
WriteFile
SetEnvironmentVariableA
SetFilePointer
CreateFileA
FreeEnvironmentStringsW
GetConsoleCP
GetConsoleMode
LCMapStringW
IsValidLocale
GetLocaleInfoW
ReadConsoleW
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
ExitProcess
IsValidCodePage
GetModuleHandleExW
GetACP
GetOEMCP
UnhandledExceptionFilter
SetStdHandle
GetTimeZoneInformation
GetCurrentDirectoryW
SetEnvironmentVariableW
WriteConsoleW
TlsFree

user32

ReleaseDC
GetDesktopWindow
CheckRadioButton
SystemParametersInfoW
IsWindowVisible
GetDC
DestroyWindow
SetDlgItemTextA
SendMessageW
LoadIconW
EndDialog
GetParent
LoadStringW
EnableWindow
GetWindowTextLengthW
GetDlgItem
SetDlgItemTextW
SetDlgItemInt
GetDlgItemInt
TranslateMessage
GetMessageW
SendNotifyMessageW
CheckMenuItem
GetCursorPos
GetAncestor
WindowFromPoint
GetSystemMetrics
RegisterWindowMessageW
PostQuitMessage
KillTimer
LoadImageW
SetTimer
AnimateWindow
InsertMenuItemW
PostMessageW
InsertMenuW
GetSubMenu
LoadMenuW
SetWindowTextW
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
AppendMenuW
CreatePopupMenu
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
CreateDialogParamW
CreateWindowExW
MapDialogRect
ShowWindow
SetWindowPos
CallWindowProcW
SendDlgItemMessageW
GetDlgItemTextW
GetMenu
MoveWindow
SetFocus
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
GetWindowRect
MessageBoxW
DialogBoxParamW
RegisterClassW
LoadCursorW
DefWindowProcW
EndPaint
FillRect
BeginPaint
GetClientRect
GetDlgCtrlID
InvalidateRect
GetWindowLongW
SetWindowLongW
CheckDlgButton
SetWindowLongPtrW
GetWindowTextW
IsDlgButtonChecked
GetWindowLongPtrW
DispatchMessageW

gdi32

GetDeviceCaps
GetStockObject
DeleteObject
CreateSolidBrush
CreateFontIndirectW

comdlg32

ChooseColorW
GetOpenFileNameW
GetSaveFileNameW

advapi32

DeleteService
RegQueryValueExW
RegCloseKey
RegDeleteValueW
ControlService
QueryServiceStatus
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
CreateServiceW
OpenSCManagerW
StartServiceW
RegOpenKeyExW
RegSetValueExW

shell32

ord155
ShellExecuteW
Shell_NotifyIconW
ord680
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CreateStreamOnHGlobal
CoInitializeEx

oleaut32

OleLoadPicture

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 541KB - Virtual size: 540KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f091eecefc1b49cd7a2a9cf6847cbb0

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

ws2_32

iphlpapi

shlwapi

rpcrt4

fwpuclnt

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.rdata Size: 541KB - Virtual size: 540KB

.data Size: 26KB - Virtual size: 50KB

.pdata Size: 74KB - Virtual size: 73KB

.rsrc Size: 1.0MB - Virtual size: 1.0MB

.reloc Size: 18KB - Virtual size: 17KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 541KB - Virtual size: 540KB

.data
Size: 26KB - Virtual size: 50KB

.pdata
Size: 74KB - Virtual size: 73KB

.rsrc
Size: 1.0MB - Virtual size: 1.0MB

.reloc
Size: 18KB - Virtual size: 17KB