3290d63a3e4f59bb1d707bf588d6fd20_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

3290d63a3e4f59bb1d707bf588d6fd20_NEAS
Size

1.3MB
MD5

3290d63a3e4f59bb1d707bf588d6fd20
SHA1

44cb06ccbe4696d84332357de1e49d08c7a58624
SHA256

c4fab8a1b7baf55b87531e51147e272d076bc31a9ef0cdcf450ea045017f725f
SHA512

70d26095823cfbe91da184abe91a8b76397b0db207c32537b5bae2d2e6560e716a6c012e628c0798da92d28072f1ccc16f283df3f0f6b4b7c8f6213aa2c18cb6
SSDEEP

24576:lFZ770+bu6BBE/XfeE77+YBb3X02FsCp5gV:F773ohLUYu

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
3290d63a3e4f59bb1d707bf588d6fd20_NEAS

Files

3290d63a3e4f59bb1d707bf588d6fd20_NEAS
.exe windows:4 windows x86 arch:x86

c71d2317af0393e96c6cc1c589e57685

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_DrawEx
InitCommonControlsEx
ord17

dsound

ord2
ord1

winmm

mmioClose
mmioRead
mmioDescend
mmioOpenA
mmioSeek
mmioAscend
mmioSetInfo
mmioAdvance
mmioGetInfo
joySetCapture
joyGetDevCapsA
joyReleaseCapture
mmioWrite
mmioCreateChunk
mixerSetControlDetails
mixerGetControlDetailsA
mixerGetLineControlsA
waveOutGetNumDevs
waveOutGetVolume
waveOutSetVolume
mixerGetLineInfoA

kernel32

LoadLibraryA
GetVersionExA
CreateFileA
GetLastError
DeviceIoControl
ResetEvent
MulDiv
MultiByteToWideChar
GetCurrentThreadId
WideCharToMultiByte
FindClose
FindFirstFileA
ReadFile
GetFileSize
SystemTimeToFileTime
GetLocalTime
FileTimeToSystemTime
SetFilePointer
WriteFile
GetTickCount
FindNextFileA
Sleep
TerminateThread
OpenFile
SetEvent
GetFileAttributesA
SetStdHandle
InterlockedIncrement
InterlockedDecrement
GetEnvironmentStringsW
GetCurrentDirectoryA
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RaiseException
GetFileType
GetStdHandle
SetHandleCount
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
DeleteCriticalSection
InitializeCriticalSection
HeapReAlloc
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
ExitProcess
GetVersion
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
HeapAlloc
HeapFree
RtlUnwind
GetLogicalDriveStringsA
GetDriveTypeA
WaitForSingleObject
CloseHandle
CreateEventA
CreateThread
SetThreadPriority
LoadLibraryExA
GetProcAddress
FreeLibrary
SetErrorMode
FlushFileBuffers
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
PeekNamedPipe
SetEndOfFile
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetFileInformationByHandle
GetEnvironmentStrings

user32

FillRect
BeginPaint
EndPaint
InvalidateRect
MoveWindow
EnableWindow
GetClientRect
SetCapture
RegisterClassExA
LoadCursorA
LoadIconA
CheckDlgButton
IsDlgButtonChecked
SetWindowPos
GetMessageA
DispatchMessageA
ReleaseCapture
ChangeDisplaySettingsA
PeekMessageA
RegisterClassA
TranslateMessage
GetKeyState
DrawFocusRect
GetFocus
GetKeyNameTextA
GetSysColor
UpdateWindow
RedrawWindow
GetWindowRect
MessageBoxA
UnregisterClassA
ShowWindow
CreateWindowExA
EnumDisplaySettingsA
FindWindowA
wsprintfA
ReleaseDC
GetDC
LoadImageA
LoadBitmapA
SetWindowRgn
DrawTextA
KillTimer
SetTimer
DefWindowProcA
ScreenToClient
ClientToScreen
TrackPopupMenu
CreateDialogParamA
DestroyWindow
DialogBoxParamA
EndDialog
GetDlgItem
GetWindowTextA
GetWindowLongA
SendMessageA
SendDlgItemMessageA
SetWindowTextA
SetFocus
SetWindowLongA
DestroyMenu
CreatePopupMenu
AppendMenuA
PostMessageA
GetKeyboardState
ToAscii
SetCursor
SetCursorPos

gdi32

DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
RoundRect
GetStockObject
CreatePen
BitBlt
SetTextAlign
SetTextColor
CreateDIBSection
GetDeviceCaps
DeleteObject
LineTo
MoveToEx
Polyline
CreateSolidBrush
SetPixel
GetObjectA
CreateFontIndirectA
TextOutA
StretchBlt
CombineRgn
CreateRectRgn
OffsetRgn
GetTextExtentExPointA
ExtCreateRegion
SetDIBitsToDevice
GetDIBits
SetBkMode
GetTextExtentPoint32A

comdlg32

GetSaveFileNameA
GetOpenFileNameA

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA
RegSetValueExA

shell32

SHGetSpecialFolderLocation
SHGetFileInfoA
SHGetDataFromIDListA
DragAcceptFiles
SHBrowseForFolderA
SHGetPathFromIDListA
SHFileOperationA
DragQueryPoint
DragQueryFileA
DragFinish
SHGetMalloc
ShellExecuteA
SHGetDesktopFolder

ole32

CoInitialize
CoUninitialize
CoCreateInstance

ws2_32

htons
WSACleanup
select
recv
closesocket
WSAStartup
socket
send
connect
gethostbyname

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 936KB - Virtual size: 934KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c71d2317af0393e96c6cc1c589e57685

Headers

File Characteristics

Imports

comctl32

dsound

winmm

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

ws2_32

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 92KB - Virtual size: 91KB

.data Size: 80KB - Virtual size: 118KB

.rsrc Size: 936KB - Virtual size: 934KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 80KB - Virtual size: 118KB

.rsrc
Size: 936KB - Virtual size: 934KB