NEAS[.]feded134af4a7cc8ad2df1192adc50c0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.feded134af4a7cc8ad2df1192adc50c0.exe
Size

1.5MB
MD5

feded134af4a7cc8ad2df1192adc50c0
SHA1

cdb0786666bd786ca1cb22a2daad95a965e61db8
SHA256

4f1e12eef33b16796891adee5a5c92377ba036fa685ca913cdc242e742522036
SHA512

bc2d08abcb243a208870ec6c6830785f7529e2eff9388562b3b70815b0308553a468a801461a3f237f609f3b9efc5951ea9ef82c355a0b124f5080b9fee0e699
SSDEEP

24576:a3Kg6n3KZIm2g+vDxxpWN1mxdVNTCP1ZqvCKV5F+H+1Rgt8ThrZ+T7IL/:FI6TCP1ZqvCKV5F+HIlYn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.feded134af4a7cc8ad2df1192adc50c0.exe

Files

NEAS.feded134af4a7cc8ad2df1192adc50c0.exe
.dll regsvr32 windows:4 windows x86

88e08788c48a80ebac9d83df6ae273ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetComputerNameA
InterlockedDecrement
CreateSemaphoreW
CreateEventA
PulseEvent
InterlockedIncrement
CreateEventW
OutputDebugStringA
LocalFree
OutputDebugStringW
ReadFile
GetFileSize
GetPrivateProfileStringA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExA
GetCurrentThreadId
WritePrivateProfileStringA
GetPrivateProfileIntA
VirtualQuery
GetSystemTime
GetThreadLocale
lstrcmpiA
SetErrorMode
GetThreadPriority
DuplicateHandle
GetSystemInfo
WaitForMultipleObjects
lstrcmpW
InterlockedExchange
GetVersionExW
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
LoadLibraryW
CreateSemaphoreA
SetThreadPriority
SetEvent
ReleaseSemaphore
ResetEvent
CreateThread
Sleep
lstrlenW
lstrcpyW
GetCurrentProcess
GetCurrentProcessId
GetModuleHandleW
WaitForSingleObject
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetLastError
WriteFile
CloseHandle
lstrcpyA
GetLocalTime
lstrlenA
LeaveCriticalSection
EnterCriticalSection
SetConsoleCtrlHandler
VirtualAlloc
FatalAppExitA
VirtualFree
HeapCreate
GetTimeFormatA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
CreateFileW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapReAlloc
FreeLibrary
DisableThreadLibraryCalls
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
GetModuleHandleA
ExitProcess
GetCommandLineA
GetProcessHeap
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
HeapSize
GetCPInfo
GetACP
GetOEMCP
GetEnvironmentStringsW

user32

IsDlgButtonChecked
wsprintfA
FindWindowW
SendMessageW
IsWindow
DefWindowProcW
DestroyWindow
EnumDisplayDevicesA
GetSystemMetrics
CopyRect
MessageBoxW
GetDesktopWindow
LoadStringA
GetDC
GetWindowRect
MonitorFromWindow
GetMonitorInfoW
SetRect
PtInRect
IntersectRect
IsRectEmpty
GetDlgCtrlID
MessageBoxA
GetDlgItemInt
SetDlgItemTextA
SendDlgItemMessageA
SetDlgItemInt
ShowWindow
CheckDlgButton
EnableWindow
SetWindowTextW
GetWindowTextA
InvalidateRect
GetDlgItem
SendMessageA
CheckRadioButton
SetWindowTextA
EnumDisplayDevicesW
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
RegisterWindowMessageW
GetQueueStatus
DispatchMessageW
GetWindowLongW
SetWindowLongW
CreateDialogParamW
MoveWindow
LoadStringW

gdi32

GetStockObject
DeleteDC
CreateDCA
ExtEscape
SetTextColor
SetBkMode
CreateDCW

advapi32

RegOpenKeyExA
RegSetValueW
CryptExportKey
CryptAcquireContextW
CryptReleaseContext
CryptImportKey
CryptDestroyKey
CryptGenRandom
CryptEncrypt
CryptAcquireContextA
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegQueryInfoKeyW
RegEnumKeyExW
RegCreateKeyExW
RegSetValueExW
RegCreateKeyW
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyA
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegDeleteKeyW

shell32

SHGetMalloc
ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA

ole32

CoTaskMemFree
CoCreateInstance
CoTaskMemAlloc
CoUninitialize
CoInitialize
StringFromGUID2
CoFreeUnusedLibraries

winmm

timeGetTime
timeSetEvent

pdh

PdhCollectQueryData
PdhAddCounterW
PdhCloseQuery
PdhOpenQueryW

psapi

GetProcessMemoryInfo

crypt32

CryptDecodeObjectEx

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 200KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

88e08788c48a80ebac9d83df6ae273ab

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

winmm

pdh

psapi

crypt32

oleaut32

Exports

Exports

Sections

.text Size: 1.2MB - Virtual size: 1.2MB

.rdata Size: 200KB - Virtual size: 197KB

.data Size: 80KB - Virtual size: 175KB

.rsrc Size: 24KB - Virtual size: 21KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 1.2MB - Virtual size: 1.2MB

.rdata
Size: 200KB - Virtual size: 197KB

.data
Size: 80KB - Virtual size: 175KB

.rsrc
Size: 24KB - Virtual size: 21KB

.reloc
Size: 48KB - Virtual size: 44KB