NEAS[.]41cea5c2a77bfb318c27e1a6f72267d0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.41cea5c2a77bfb318c27e1a6f72267d0.exe
Size

475KB
MD5

41cea5c2a77bfb318c27e1a6f72267d0
SHA1

baa4195ce910226328b7f607e1bfb46147586b74
SHA256

c2e0e0025b4a73516076233e31bf915c655a004db9210b4f674a9d576a339845
SHA512

0b6bdfca99f6a43f8c3036f6fa94a288c2b1f570e7c480b2ca59e9e92b0df16ebf9cb3dc1cd55199605d6b370fd4d2ba47972992df3b9457ae6937c71dbf292c
SSDEEP

12288:avS7fokOm54vdxeahHNuLKB7rG+eBl9mwkAck8qGBVIbSGJ:avafVOm54vdxeMH8Ls0mwVgD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.41cea5c2a77bfb318c27e1a6f72267d0.exe

Files

NEAS.41cea5c2a77bfb318c27e1a6f72267d0.exe
.dll windows:6 windows x86

dac1e85a63978d1c534dda8879fc5d39

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathCreateFromUrlA

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

MultiByteToWideChar
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameA
GlobalAlloc
GlobalUnlock
GlobalLock
MulDiv
lstrcmpA
SetErrorMode
GetUserDefaultLangID
DisableThreadLibraryCalls
FreeLibrary
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpiA
FindResourceA
IsDBCSLeadByte
VerSetConditionMask
VerifyVersionInfoW
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetComputerNameA
WaitForSingleObject
GlobalMemoryStatus
QueryPerformanceCounter
GetLocalTime
GetTickCount
GetCurrentProcessId
DeviceIoControl
LoadLibraryA
GetVersionExA
GetSystemInfo
LocalAlloc
LocalFree
VirtualProtect
VirtualQuery
VirtualAlloc
IsProcessorFeaturePresent
FlushInstructionCache
GetCurrentProcess
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
GetProcessHeap
HeapFree
HeapAlloc
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SetEvent
CloseHandle
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetLastError
CreateEventA
GetLastError
RaiseException
DecodePointer
OutputDebugStringA
VirtualFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetDiskFreeSpaceA

user32

SetTimer
KillTimer
BringWindowToTop
ShowWindow
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableA
ReleaseCapture
SetCapture
GetFocus
wsprintfA
CharNextA
GetDlgItem
SetWindowPos
MoveWindow
DestroyWindow
IsChild
IsWindow
LoadStringA
UnregisterClassA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
RegisterWindowMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassExA
GetClassInfoExA
CreateWindowExA
GetClientRect
LoadCursorA
GetWindow
GetClassNameA
GetParent
GetDesktopWindow
SetWindowLongA
GetWindowLongA
FillRect
GetSysColor
ScreenToClient
ClientToScreen
SetCursor
SetFocus

gdi32

GetObjectA
SelectObject
GetStockObject
GetDeviceCaps
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
CreateDIBSection
DeleteObject

advapi32

RegCloseKey
GetUserNameA
RegSetValueExA
RegQueryInfoKeyW
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegQueryValueExA
RegOpenKeyExA

ole32

OleInitialize
CoTaskMemFree
OleLockRunning
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CreateStreamOnHGlobal
CoUninitialize
CoInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

LoadRegTypeLi
LoadTypeLi
VariantClear
OleCreateFontIndirect
VarUI4FromStr
SysStringLen
SysAllocStringLen
SysAllocString
SysFreeString
VariantInit

msvcp140

?_Xlength_error@std@@YAXPBD@Z

vcruntime140

__std_terminate
memset
__CxxFrameHandler3
_CxxThrowException
_purecall
memcmp
memcpy
_except_handler4_common
__std_exception_copy
__std_exception_destroy
__std_type_info_destroy_list

api-ms-win-crt-heap-l1-1-0

_callnewh
free
calloc
_recalloc
malloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
terminate
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_invalid_parameter_noinfo_noreturn
_errno
_initterm
_initterm_e
_resetstkoflw

api-ms-win-crt-string-l1-1-0

wcscmp
wcslen
strcmp
strlen
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

api-ms-win-crt-multibyte-l1-1-0

_mbsstr
_mbsnbcpy_s

api-ms-win-crt-math-l1-1-0

_except1

Exports

Exports

GetAcrobatMPPInterface
WMCreateStreamForURL

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 255KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

dac1e85a63978d1c534dda8879fc5d39

Headers

DLL Characteristics

File Characteristics

Imports

shlwapi

version

kernel32

user32

gdi32

advapi32

ole32

oleaut32

msvcp140

vcruntime140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-multibyte-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 151KB - Virtual size: 150KB

.rdata Size: 37KB - Virtual size: 36KB

.data Size: 28KB - Virtual size: 30KB

.didat Size: 512B - Virtual size: 8B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 255KB - Virtual size: 256KB

.text
Size: 151KB - Virtual size: 150KB

.rdata
Size: 37KB - Virtual size: 36KB

.data
Size: 28KB - Virtual size: 30KB

.didat
Size: 512B - Virtual size: 8B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 255KB - Virtual size: 256KB