3232a31f0034b3237ec3456f480d2a90_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

3232a31f0034b3237ec3456f480d2a90_NEAS
Size

6.6MB
MD5

3232a31f0034b3237ec3456f480d2a90
SHA1

cec6b3a45cb2e81c102668ba7450f901845e05a7
SHA256

3ccca88eaf36ad7900269a451bd27b4192d4970b0e0493f99cfbfd43c6cf0946
SHA512

45ac1ae0f5db709265a954fe3c3abf17a617da511c7ea5bce1ed0e65adea267bb54a57952dddc45e6d80dd1c62c91b3db3fa2e2f04882bd656611f7cbdb2c4f8
SSDEEP

98304:Ac+llAkh+SXE3ewsIpwRAaER0iozy8ZKbVqBuMnYcxAV4NIu0NkGgLwEb61eY9:M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3232a31f0034b3237ec3456f480d2a90_NEAS

Files

3232a31f0034b3237ec3456f480d2a90_NEAS
.exe windows:6 windows x64 arch:x64

b107d826bb72b546227224d1ed712508

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Imports

dwmapi

DwmIsCompositionEnabled

gdi32

ChoosePixelFormat
SetPixelFormat

iphlpapi

GetAdaptersAddresses
GetIfEntry2
GetIpForwardTable

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
PropVariantClear

oleaut32

SysAllocString
SysFreeString
SysStringLen
VariantClear
VariantInit

ws2_32

WSAGetLastError
WSAGetOverlappedResult
WSAIoctl
WSAStartup
bind
closesocket
freeaddrinfo
getaddrinfo
inet_ntop
recv
setsockopt
socket

ntdll

NtPowerInformation
NtQueryInformationProcess
NtQuerySystemInformation
RtlGetVersion

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiOpenDevRegKey

hid

HidD_FreePreparsedData
HidD_GetManufacturerString
HidD_GetPreparsedData
HidD_GetProductString
HidD_GetSerialNumberString
HidP_GetCaps

wtsapi32

WTSEnumerateSessionsExW
WTSFreeMemory
WTSFreeMemoryExW
WTSQuerySessionInformationW

kernel32

CancelIo
CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
CreateNamedPipeW
CreateProcessA
CreateToolhelp32Snapshot
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FlushConsoleInputBuffer
FreeLibrary
GetComputerNameExW
GetConsoleMode
GetConsoleScreenBufferInfo
GetCurrentConsoleFont
GetCurrentConsoleFontEx
GetCurrentProcess
GetDiskFreeSpaceExW
GetDriveTypeW
GetFileAttributesA
GetFileAttributesExW
GetFileSizeEx
GetFinalPathNameByHandleW
GetLastError
GetLogicalDriveStringsW
GetLogicalProcessorInformationEx
GetModuleFileNameW
GetNativeSystemInfo
GetOverlappedResult
GetProcAddress
GetStdHandle
GetSystemFirmwareTable
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
GetTickCount64
GetUserDefaultLocaleName
GetVolumeInformationW
GlobalFree
GlobalMemoryStatusEx
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
Module32FirstW
Module32NextW
MultiByteToWideChar
OpenProcess
PeekConsoleInputW
QueryDosDeviceW
QueryFullProcessImageNameA
QueryPerformanceCounter
QueryPerformanceFrequency
ReadConsoleInputW
ReadFile
SetConsoleCtrlHandler
SetConsoleMode
SetConsoleOutputCP
SetErrorMode
SetUnhandledExceptionFilter
Sleep
SleepEx
TerminateProcess
TlsGetValue
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile
__C_specific_handler

user32

CreateWindowExW
DefWindowProcW
DispatchMessageA
DisplayConfigGetDeviceInfo
EnumDisplayDevicesW
EnumDisplayMonitors
GetDC
GetGuiResources
GetMessageW
GetMonitorInfoW
GetRawInputDeviceInfoW
GetRawInputDeviceList
PostQuitMessage
QueryDisplayConfig
RegisterClassW
SystemParametersInfoW

shell32

SHCreateItemFromParsingName
SHGetFolderPathA
SHGetKnownFolderPath
StrStrIA

advapi32

GetUserNameW
RegCloseKey
RegEnumKeyExW
RegGetValueW
RegOpenKeyExW
RegQueryInfoKeyW

api-ms-win-crt-convert-l1-1-0

_ultoa
_ultow
mbrtowc
mbsrtowcs
strtol
strtoll
strtoul
strtoull
wcrtomb
wcstod
wcstol
wcstoul

api-ms-win-crt-environment-l1-1-0

__p__environ
__p__wenviron
getenv

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-heap-l1-1-0

_set_new_mode
calloc
free
malloc
realloc

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
___mb_cur_max_func
localeconv
setlocale

api-ms-win-crt-private-l1-1-0

memchr
memcmp
memcpy
memmove
strchr
strrchr
strstr

api-ms-win-crt-runtime-l1-1-0

__p___argc
__p___argv
__p___wargv
_cexit
_configure_narrow_argv
_configure_wide_argv
_crt_at_quick_exit
_crt_atexit
_errno
_exit
_initialize_narrow_environment
_initialize_wide_environment
_initterm
_set_app_type
_set_invalid_parameter_handler
abort
exit
signal
strerror

api-ms-win-crt-stdio-l1-1-0

__acrt_iob_func
__p__commode
__p__fmode
__stdio_common_vfprintf
__stdio_common_vfwprintf
_get_osfhandle
_getc_nolock
_isatty
fclose
fflush
fgetwc
fopen
fputc
fputs
fputwc
fread
fseek
ftell
fwrite
getc
putchar
puts
setvbuf
ungetc
ungetwc

api-ms-win-crt-string-l1-1-0

_isctype
_stricmp
_strnicmp
isalpha
isspace
iswctype
isxdigit
mbrlen
memset
strcmp
strcpy
strlen
strncat
strncmp
strncpy
tolower
toupper
towlower
wcscmp
wcslen
wcsncmp

api-ms-win-crt-time-l1-1-0

__daylight
__timezone
__tzname
_localtime64
_tzset
strftime

api-ms-win-crt-utility-l1-1-0

qsort

api-ms-win-crt-math-l1-1-0

__setusermatherr

Sections

.text
Size: 679KB - Virtual size: 679KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 454KB - Virtual size: 454KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.buildid
Size: 512B - Virtual size: 53B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/18
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 599KB - Virtual size: 599KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/42
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/53
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/67
Size: 657KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b107d826bb72b546227224d1ed712508

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

dwmapi

gdi32

iphlpapi

ole32

oleaut32

ws2_32

ntdll

version

setupapi

hid

wtsapi32

kernel32

user32

shell32

advapi32

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

api-ms-win-crt-math-l1-1-0

Sections

.text Size: 679KB - Virtual size: 679KB

.rdata Size: 454KB - Virtual size: 454KB

.buildid Size: 512B - Virtual size: 53B

.data Size: 1024B - Virtual size: 14KB

.pdata Size: 9KB - Virtual size: 8KB

.tls Size: 512B - Virtual size: 16B

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 7KB - Virtual size: 6KB

/4 Size: 149KB - Virtual size: 149KB

/18 Size: 1.6MB - Virtual size: 1.6MB

/30 Size: 599KB - Virtual size: 599KB

/42 Size: 1.9MB - Virtual size: 1.9MB

/53 Size: 379KB - Virtual size: 378KB

/67 Size: 657KB - Virtual size: 656KB

.text
Size: 679KB - Virtual size: 679KB

.rdata
Size: 454KB - Virtual size: 454KB

.buildid
Size: 512B - Virtual size: 53B

.data
Size: 1024B - Virtual size: 14KB

.pdata
Size: 9KB - Virtual size: 8KB

.tls
Size: 512B - Virtual size: 16B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 7KB - Virtual size: 6KB

/4
Size: 149KB - Virtual size: 149KB

/18
Size: 1.6MB - Virtual size: 1.6MB

/30
Size: 599KB - Virtual size: 599KB

/42
Size: 1.9MB - Virtual size: 1.9MB

/53
Size: 379KB - Virtual size: 378KB

/67
Size: 657KB - Virtual size: 656KB