NEAS[.]b937b7445a4563b9288901e04597d2b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b937b7445a4563b9288901e04597d2b0.exe
Size

134KB
MD5

b937b7445a4563b9288901e04597d2b0
SHA1

7b0ae73d0bf336937fab1c598f71e1d2ba7044bb
SHA256

1e567b2cb1eb347fe518126b0c21407c124264a054844a9b246cfa152b894848
SHA512

57dc3b4a156339f989bfed8aa588a5d673306e5bfea8246f430adf199b7b151b012fab514aa2d089f6265b709d45fc65dc523a93fdff30d71e6bea5374f874f9
SSDEEP

3072:GUvE9MygGwY6KP593B4jk3Wo4rs+EqnjQZCsb7i4qa:TER6KPf3B4ho4A6njC/F

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b937b7445a4563b9288901e04597d2b0.exe

Files

NEAS.b937b7445a4563b9288901e04597d2b0.exe
.dll regsvr32 windows:4 windows x86

f61dedd86879f7499c765229df94e0f1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
InterlockedCompareExchange
Sleep
InterlockedExchange
IsDebuggerPresent

rpcrt4

NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease

ole32

HWND_UserMarshal
HWND_UserSize
HWND_UserUnmarshal
HWND_UserFree

oleaut32

VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
BSTR_UserSize

mozcrt19

_encoded_null
_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_malloc_crt
_encode_pointer
memcmp
free

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 1024B - Virtual size: 630B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 108KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

f61dedd86879f7499c765229df94e0f1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

rpcrt4

ole32

oleaut32

mozcrt19

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 2KB

.orpc Size: 1024B - Virtual size: 630B

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 1024B - Virtual size: 928B

.reloc Size: 2KB - Virtual size: 1KB

.text Size: 108KB - Virtual size: 112KB

.text
Size: 3KB - Virtual size: 2KB

.orpc
Size: 1024B - Virtual size: 630B

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 928B

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 108KB - Virtual size: 112KB