NEAS[.]8c79f602cc12e78332a6487053fabdb0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.8c79f602cc12e78332a6487053fabdb0.exe
Size

336KB
MD5

8c79f602cc12e78332a6487053fabdb0
SHA1

4673125f83c3263fd9b7c4a56b91136755388d72
SHA256

1663ccb5953d5b8d46f5124a313b54013d2fae7d67c4e067d80a5348646d002b
SHA512

23305af270d50238c75790e9bcbedb246ae20159ccdf536f2c5835ebab2f15ca81f69b26a14eb86021f8151ca3e75dce107b06895310b5a0c65b64b41bbda9ed
SSDEEP

6144:oAl5cydx1njDWzzBu+eS9Vw1VzRDmwEyMjwP7+4KHDUOLo4MCLozRITq:oAhLlD5+Ti1pHP7BKHdLozRIO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8c79f602cc12e78332a6487053fabdb0.exe

Files

NEAS.8c79f602cc12e78332a6487053fabdb0.exe
.dll windows:6 windows x86

526243af5971219d2815434d951b074b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW

comctl32

ImageList_Create
ImageList_Add

kernel32

InitializeCriticalSectionEx
MultiByteToWideChar
GetLastError
RaiseException
LoadResource
FindResourceW
DecodePointer
GetProcAddress
DeleteCriticalSection
GetModuleHandleW
FreeLibrary
lstrcmpiW
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
SetLastError
GetCurrentThreadId
LockResource
TryEnterCriticalSection
CreateThread
CloseHandle
Sleep
GetExitCodeThread
TerminateThread
DisableThreadLibraryCalls
EncodePointer
LeaveCriticalSection
IsDebuggerPresent
GetModuleFileNameW
HeapAlloc
HeapFree
GetProcessHeap
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
EnterCriticalSection
VirtualQuery
VirtualProtect
GetSystemInfo
InitOnceBeginInitialize
InitOnceComplete
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LoadLibraryA
lstrlenA
GetSystemDefaultLCID
GetModuleFileNameA
LoadLibraryW
OutputDebugStringA
OutputDebugStringW
SizeofResource

ole32

CoTaskMemAlloc
CoCreateInstance
CoMarshalInterThreadInterfaceInStream
CoTaskMemRealloc
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoGetInterfaceAndReleaseStream

oleaut32

VarBstrCmp
SysStringByteLen
SysAllocStringLen
SysAllocString
LoadRegTypeLi
VarBstrCat
VariantInit
VariantClear
LoadTypeLi
SysFreeString
VarUI4FromStr
SysStringLen
SysAllocStringByteLen

vcruntime140

_purecall
wcsstr
memcpy
memcmp
_CxxThrowException
__std_terminate
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
memmove
memset
__current_exception
__current_exception_context
_except_handler4_common
__CxxFrameHandler3

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
_Mtx_unlock
_Mtx_lock
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?_Throw_C_error@std@@YAXH@Z
_Thrd_id
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-crt-heap-l1-1-0

malloc
free
_recalloc

api-ms-win-crt-runtime-l1-1-0

_cexit
_crt_atexit
_invalid_parameter_noinfo
_errno
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
terminate
_initterm_e
_initterm
abort
_invalid_parameter_noinfo_noreturn

api-ms-win-crt-string-l1-1-0

strncpy_s
strncat_s
wcsncpy_s
wcscpy_s
strcat_s
towlower

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnwprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char

api-ms-win-crt-math-l1-1-0

ceil

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 236KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

526243af5971219d2815434d951b074b

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

kernel32

ole32

oleaut32

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-math-l1-1-0

Exports

Exports

Sections

.text Size: 54KB - Virtual size: 54KB

.rdata Size: 19KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 3KB

.rsrc Size: 20KB - Virtual size: 20KB

.reloc Size: 236KB - Virtual size: 240KB

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 19KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 20KB - Virtual size: 20KB

.reloc
Size: 236KB - Virtual size: 240KB