NEAS[.]cf23ce73203df699cbf8104b0d09fed0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cf23ce73203df699cbf8104b0d09fed0.exe
Size

128KB
MD5

cf23ce73203df699cbf8104b0d09fed0
SHA1

2774e54dd0a68f5d783a381c27a1ecb02e4c1614
SHA256

71d39f05abdee1e5aaf889e2b812a3bb5cc1a34cced1438200ca808b7aa8493c
SHA512

9878ed21c9ab302322c73872b6203b29752bb84ff46282a5e88f89287e158dc6aab0b017d64031ee02114cee1545175baa1b1f5f26b4683602abffbb07ea4df2
SSDEEP

3072:Vdir8JZnD04TN+uFesTgtwSCtSFtUoN6Nm9/rq9aqGzO:ar8DD02MuFYtwIqGS

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cf23ce73203df699cbf8104b0d09fed0.exe

Files

NEAS.cf23ce73203df699cbf8104b0d09fed0.exe
.dll windows:4 windows x86

4b2a6f7d32ba923c5330a679c638610c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42u

ord823
ord4405
ord4913
ord4773
ord5793
ord2069
ord1940
ord5299
ord4693
ord5711
ord3348
ord3658
ord817
ord565
ord2836
ord2718
ord2021
ord2099
ord5446
ord5436
ord6379
ord6390
ord541
ord801
ord537
ord925
ord6279
ord6278
ord6874
ord6139
ord668
ord1972
ord3176
ord3173
ord4053
ord2773
ord2762
ord356
ord5852
ord5438
ord3313
ord3495
ord4124
ord2756
ord798
ord1989
ord6403
ord5461
ord5188
ord533
ord4074
ord4199
ord5706
ord5679
ord922
ord4969
ord4221
ord1135
ord4329
ord6655
ord6868
ord6654
ord1155
ord1179
ord342
ord1240
ord1194
ord1563
ord1248
ord1250
ord1571
ord600
ord826
ord269
ord1165
ord1568
ord1173
ord523
ord791
ord3712
ord967
ord1987
ord4857
ord4441
ord2024
ord5478
ord5807
ord5304
ord2717
ord860
ord6466
ord1106
ord1244
ord3785
ord861
ord538
ord2822
ord3806
ord2813
ord858
ord6665
ord2810
ord354
ord535
ord942
ord5180
ord6381
ord1971
ord665
ord800
ord540
ord815
ord825
ord561
ord3733
ord4418
ord4616
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord5475
ord1115
ord1594
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord3142
ord2977
ord5710
ord5285
ord5303
ord4692
ord5857
ord4269
ord927
ord1570

msvcrt

exit
wprintf
_CxxThrowException
_adjust_fdiv
malloc
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
free
_wtoi
wcscat
wcscpy
swprintf
wcscmp
_wcsicmp
wcsrchr
__CxxFrameHandler
sprintf

kernel32

InterlockedIncrement
DeviceIoControl
CreateFileA
MultiByteToWideChar
lstrlenA
LocalAlloc
LocalFree
GetSystemDirectoryW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetFileSize
ReadFile
SetFileTime
GetFileTime
GetLongPathNameW
GetShortPathNameW
GetWindowsDirectoryW
MoveFileExW
GetVersionExW
LoadLibraryW
GetProcAddress
RemoveDirectoryW
Sleep
DeleteCriticalSection
GetModuleFileNameW
WaitForSingleObject
GetExitCodeThread
TerminateThread
GetLastError
CreateDirectoryW
DeleteFileW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
CreateFileW
WriteFile
CloseHandle
OutputDebugStringW
InterlockedDecrement

user32

SetTimer
KillTimer
PostThreadMessageW

advapi32

RegCloseKey
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW

ole32

OleRun
CoInitialize
CoUninitialize
CoCreateInstance

wsock32

send
listen
inet_ntoa
gethostname
gethostbyname
inet_addr
WSAGetLastError
setsockopt

dbghelp

MakeSureDirectoryPathExists

netapi32

Netbios

zip

unzip
zip

lanmap

??1CSToChar@@UAE@XZ
??0CSToChar@@QAE@VCString@@@Z
inet_addr1
strcpy1
atoi1
?ToChar@CSToChar@@QAEPADXZ

oleaut32

GetErrorInfo
VariantClear
SysFreeString
SafeArrayGetElement
VariantChangeType
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString

msvcirt

?cout@@3Vostream_withassign@@A
??6ostream@@QAEAAV0@PBD@Z
?endl@@YAAAVostream@@AAV1@@Z
??6ostream@@QAEAAV0@H@Z

Exports

Exports

DelClientFromID
InitialOnlineClient
InitialOnlineServer
InitialRecordClient
InitialRecordServer
SetInternalTime
StopAllThread

Sections

.text
Size: 72KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4b2a6f7d32ba923c5330a679c638610c

Headers

File Characteristics

Imports

mfc42u

msvcrt

kernel32

user32

advapi32

ole32

wsock32

dbghelp

netapi32

zip

lanmap

oleaut32

msvcirt

Exports

Exports

Sections

.text Size: 72KB - Virtual size: 68KB

.rdata Size: 16KB - Virtual size: 14KB

.data Size: 24KB - Virtual size: 30KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 7KB

.text
Size: 72KB - Virtual size: 68KB

.rdata
Size: 16KB - Virtual size: 14KB

.data
Size: 24KB - Virtual size: 30KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 7KB