NEAS[.]9e8dcfba52eafb44fea3da2d719f4f50[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9e8dcfba52eafb44fea3da2d719f4f50.exe
Size

332KB
MD5

9e8dcfba52eafb44fea3da2d719f4f50
SHA1

12beac150fb7d04ce2b9df9d875335f41b9962ca
SHA256

28e61d7c731641328d66b60ee1cbd816fadbe270f3d3402ec5d6da6a8d0982d4
SHA512

c83802d3844a1bd2a5e5468d103ca94b68e6865c9104c5cd4c12c8b2aec15fed265042ae114f06679c7550255b8f9a0ec5eefc59bf742df803d5ee89f7f76343
SSDEEP

6144:r1aMmYJgwJ6y9srOdK0BLguq6TB8YBpeO3pIkw:r/mha6y9rKR76Taap

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9e8dcfba52eafb44fea3da2d719f4f50.exe

Files

NEAS.9e8dcfba52eafb44fea3da2d719f4f50.exe
.dll regsvr32 windows:4 windows x86

1e515321949ad2a59ef53fd02c7a3852

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winmm

waveInGetNumDevs
waveOutGetNumDevs

common

ord197
ord400
ord360
ord162

network

?IsNetConnectionOK@UtilNetWorkHelper@@YAHXZ
?StringToIP@UtilNetWorkHelper@@YAKPB_W@Z

kernel

ord83

dsound

ord8
ord12
ord11
ord3

mfc80u

ord764
ord4475
ord3943
ord314
ord581
ord1200
ord1170
ord1168
ord1192
ord1115
ord1162
ord371
ord1093
ord1199
ord1197
ord1087
ord1033
ord315
ord765
ord2638
ord3703
ord6751
ord3713
ord3712
ord2527
ord2640
ord2311
ord283
ord1220
ord776
ord577
ord293
ord762
ord4255
ord1908
ord3327
ord3824
ord5379
ord1139
ord1079
ord1178
ord2534
ord1182
ord266
ord757
ord1123
ord566
ord4032
ord2832
ord4008
ord6272
ord265
ord3795
ord6274
ord4320
ord2054
ord2009
ord5579
ord3800
ord1007
ord5096
ord6215
ord5378
ord1176
ord3826
ord1911
ord2925
ord5220
ord5222
ord2239
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord6248
ord2725
ord1044
ord2829
ord4301
ord2708
ord3677

msvcr80

_CIacos
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__CxxFrameHandler3
exit
calloc
__iob_func
realloc
_CIcos
floor
_CIexp
_CIpow
_wcsicmp
isspace
_CIsqrt
rand
srand
fprintf
_ftol
memset
_vsnprintf
memmove
strncmp
strncpy
_mkdir
_time64
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@XZ
_purecall
?what@exception@std@@UBEPBDXZ
_endthread
??0exception@std@@QAE@ABQBD@Z
_beginthreadex
??1exception@std@@UAE@XZ
memmove_s
wcscat_s
_recalloc
_wsplitpath
wcsncpy_s
malloc
memcpy_s
free
wcscpy_s
_CIlog
memcpy
_CxxThrowException
_CIsin
_CIatan
_encode_pointer

kernel32

LockResource
WideCharToMultiByte
Sleep
WaitForMultipleObjects
GetCurrentThreadId
QueryPerformanceCounter
InterlockedDecrement
FindResourceExW
InterlockedIncrement
GetTickCount
WaitForSingleObject
SetEvent
ResumeThread
SetThreadPriority
SuspendThread
CloseHandle
CreateEventW
FreeLibrary
lstrcmpiW
SetCurrentDirectoryW
RaiseException
ResetEvent
LoadLibraryExW
FindResourceW
SizeofResource
GetModuleHandleW
DeleteCriticalSection
MultiByteToWideChar
GetLastError
EnterCriticalSection
InitializeCriticalSection
lstrlenW
GetACP
GetCurrentProcess
GetCurrentProcessId
LocalFree
LocalAlloc
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
LoadResource
GetModuleFileNameW
LeaveCriticalSection
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetThreadLocale
GetLocaleInfoA

user32

PostMessageW
CharNextW
UnregisterClassA

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW

shell32

SHGetFileInfoW

ole32

CoTaskMemFree
CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
StringFromCLSID
CLSIDFromString

oleaut32

SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VarBstrCmp
LoadRegTypeLi
UnRegisterTypeLi
SysStringLen
SysFreeString
RegisterTypeLi
LoadTypeLi
SysAllocString
VarUI4FromStr

msvcp80

??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 629KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e515321949ad2a59ef53fd02c7a3852

Headers

File Characteristics

Imports

winmm

common

network

kernel

dsound

mfc80u

msvcr80

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp80

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 56KB - Virtual size: 52KB

.data Size: 4KB - Virtual size: 629KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 15KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 56KB - Virtual size: 52KB

.data
Size: 4KB - Virtual size: 629KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 15KB