NEAS[.]43d0d883e3b72b00f2b6c1613f174fb0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.43d0d883e3b72b00f2b6c1613f174fb0.exe
Size

821KB
MD5

43d0d883e3b72b00f2b6c1613f174fb0
SHA1

30e844edd457cdd8337c5814436e1b3c885f9874
SHA256

596dfcd725b452c84a0318c904507bdbd1adac02582de7a3d04996c0918f4edd
SHA512

a1ed4f53b526f42544ba86829e3b1fefe7a59afbf75f1869e5f5b0e33e4ba4361704646f59b90e42d07b58d10464da6ce18e4a3aa42b9165769bc0bce293632e
SSDEEP

24576:tmgFy4YRp+yAsoeZd1F4YCLHgZNJ8gsJ7pC:txFy4+nHo5YCLHUJ8g

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.43d0d883e3b72b00f2b6c1613f174fb0.exe

Files

NEAS.43d0d883e3b72b00f2b6c1613f174fb0.exe
.dll regsvr32 windows:6 windows x86

0cea6f3d63ce2550d87a424b0f528d07

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

_resetstkoflw
??_U@YAPAXI@Z
??_V@YAXPAX@Z
memcpy_s
strcpy_s
strcat_s
strncpy_s
strstr
wcsncpy_s
memcmp
memset
iswspace
wcsncat_s
_snwprintf_s
_recalloc
malloc
free
??2@YAPAXI@Z
memcpy
_invalid_parameter_noinfo_noreturn
memmove
wcschr
wcscmp
swscanf_s
_wcsicmp
_i64tow_s
_wcsnicmp
wcscat_s
_initterm
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
__lconv_init
_except_handler4_common
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
??3@YAXPAX@Z
_encoded_null
_malloc_crt
realloc
_vsnprintf_s
bsearch
vsprintf_s
swprintf_s
wcsstr
__CxxFrameHandler3
_CxxThrowException
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
wcscpy_s
_vscwprintf
vswprintf_s
wcsrchr
_wtoi

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ

kernel32

GetSystemDefaultLocaleName
GetUserDefaultLocaleName
LocaleNameToLCID
LoadLibraryA
LocalFree
LocalAlloc
CreateFileW
GetFileType
RaiseException
GetLastError
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetModuleFileNameA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryExA
LoadResource
SizeofResource
lstrcmpiA
lstrlenA
lstrlenW
FindResourceA
MultiByteToWideChar
WideCharToMultiByte
IsDBCSLeadByte
LoadLibraryExW
CompareStringW
GetLocaleInfoW
GetStringTypeExW
SetLastError
IsValidCodePage
GetACP
InitializeCriticalSectionEx
GetCurrentThreadId
GetTempPathW
GetLongPathNameW
CreateDirectoryW
DeleteFileW
GetFileAttributesExW
SetFileAttributesW
WriteFile
CloseHandle
GetCurrentProcessId
GetTickCount
GetTimeZoneInformation
CompareStringEx
RtlCaptureStackBackTrace
GetCurrentThread
TlsGetValue
ReleaseMutex
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
LCIDToLocaleName
GetSystemDefaultLCID
IsValidLocale
RaiseFailFastException
GetDiskFreeSpaceExW
GetFileSize
ReadFile
GlobalMemoryStatusEx
GetSystemDirectoryW
GetVersionExW
GetNativeSystemInfo
GetProductInfo
GetModuleFileNameW
GetUserGeoID
GetUserDefaultUILanguage
GetUserDefaultLCID
WaitForSingleObjectEx
GetCurrentProcess
TerminateProcess
GlobalFree
IsWow64Process
CreateMutexA
OpenMutexA
GlobalAlloc
QueryPerformanceCounter
GetProcessHeap
HeapSetInformation
VirtualProtect
WerRegisterMemoryBlock
HeapAlloc
HeapFree
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FindResourceW
GetShortPathNameA
GetLocaleInfoEx
LockResource
EnumCalendarInfoExEx
EnumSystemLocalesEx
GetDateFormatEx
GetCalendarInfoEx
EnumDateFormatsExEx
EnumTimeFormatsEx
GetThreadUILanguage
IsProcessorFeaturePresent
GetShortPathNameW
GetUserDefaultLangID

ole32

CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateFreeThreadedMarshaler
StringFromIID
CoTaskMemFree

oleaut32

VarBstrCmp
UnRegisterTypeLi
RegisterTypeLi
SysFreeString
SysStringLen
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysAllocString

advapi32

RegEnumKeyExA
RegCreateKeyExW
OpenThreadToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
SetSecurityDescriptorDacl
IsValidSid
InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
EqualSid
CreateWellKnownSid
CopySid
CheckTokenMembership
AllocateAndInitializeSid
AddAccessDeniedAce
AddAccessAllowedAce
GetTokenInformation
OpenProcessToken
RegDeleteKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryInfoKeyA
RegQueryInfoKeyW
RegSetValueExA
RegOpenKeyExW
RegQueryValueExW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegGetValueW
EventWrite
EventRegister
EventUnregister
RegEnumValueA
RegEnumKeyW
RegQueryValueExA
RegDeleteValueA
DeregisterEventSource
RegisterEventSourceW
ReportEventW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 306KB - Virtual size: 306KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 212KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 297KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0cea6f3d63ce2550d87a424b0f528d07

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

msvcp100

kernel32

ole32

oleaut32

advapi32

version

Exports

Exports

Sections

.text Size: 306KB - Virtual size: 306KB

.data Size: 212KB - Virtual size: 213KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 297KB - Virtual size: 300KB

.text
Size: 306KB - Virtual size: 306KB

.data
Size: 212KB - Virtual size: 213KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 297KB - Virtual size: 300KB