NEAS[.]e954ad51c34930bc53f5ece5685a1300[.]cab

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e954ad51c34930bc53f5ece5685a1300.cab
Size

496KB
MD5

e954ad51c34930bc53f5ece5685a1300
SHA1

891348f3793449f614086b09f6aa29b30f8c8d15
SHA256

55d6c478d26b4eac315625f745b7e990ba97d2587180294f31c798988ad30d26
SHA512

1e4d56c07f53f04e8af63b38b88f0d0ed5139ce2c7422a82dc9efc6222f75074e6d2223db4e33bb99f8afe713d4fb23246a6f69057b3df58791661ed23434931
SSDEEP

12288:Rs+WNSNsINrn9/Tv5AZiBqseQBYDcinsZqQxk5v+Q+zf:K+YQvn9/ThsQBSs3K5+Q6f

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/dxdiagn.dll

Files

NEAS.e954ad51c34930bc53f5ece5685a1300.cab
.cab
dxdiagn.dll
.dll regsvr32 windows:5 windows x86

a6867d9ac00577d08d8839f98f909840

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegOpenKeyW
RegOpenKeyA
RegQueryValueExA

user32

GetDlgItemTextW
SetWindowTextW
CheckRadioButton
EnableWindow
GetDlgItem
InflateRect
InvalidateRect
SetWindowPos
GetCursorPos
SetCursorPos
ShowCursor
SendMessageW
MessageBoxW
SetRect
PeekMessageW
GetWindowLongW
DefWindowProcW
GetWindowTextW
CreateWindowExW
ShowWindow
LoadImageW
GetKeyboardType
FindWindowW
LoadStringW
CharLowerBuffW
GetDC
ReleaseDC
EnumDisplaySettingsW
OffsetRect
CharNextW
GetSystemMetrics
GetWindowRect
SystemParametersInfoA
IntersectRect
IsDlgButtonChecked
EndDialog
SetTimer
KillTimer
PostMessageW
SetForegroundWindow
DialogBoxParamW
RegisterClassW

gdi32

SelectObject
BitBlt
GetStockObject
CreateCompatibleDC
GetObjectW
DeleteObject
GetDeviceCaps
CreateDCW
DeleteDC
GetClipBox
GetDCOrgEx

kernel32

RaiseException
SetFilePointer
IsBadCodePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
VirtualProtect
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
VirtualQuery
InterlockedExchange
HeapSize
IsBadWritePtr
VirtualAlloc
LCMapStringW
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentStringsW
SetStdHandle
FlushFileBuffers
ReadFile
IsProcessorFeaturePresent
FindResourceA
GetProcessHeap
GetProcAddress
LoadLibraryW
FreeLibrary
lstrlenW
GetLastError
CompareStringW
lstrcmpW
GetVersionExA
GetModuleHandleW
MultiByteToWideChar
GetSystemDirectoryW
lstrlenA
InterlockedDecrement
InterlockedIncrement
GetFileAttributesW
GetModuleFileNameW
OutputDebugStringW
GetWindowsDirectoryW
GetCurrentDirectoryW
GetLocaleInfoW
GetVersionExW
CloseHandle
CreateFileW
SystemTimeToFileTime
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileW
GetFullPathNameW
ExpandEnvironmentStringsW
lstrcmpiW
GetPrivateProfileStringW
GetSystemInfo
Sleep
SetPriorityClass
GetPriorityClass
GetCurrentProcess
GetProfileIntW
OpenProcess
GlobalMemoryStatus
GetSystemDefaultLCID
GetLocalTime
WriteFile
LockResource
LoadResource
SizeofResource
FindResourceW
GetTempPathW
DeleteFileW
LeaveCriticalSection
EnterCriticalSection
SetEvent
ResetEvent
WaitForSingleObject
DeleteCriticalSection
CreateEventW
InitializeCriticalSection
CreateFileA
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsSetValue
GetCommandLineA
HeapReAlloc
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
GetModuleHandleA
TlsFree
SetLastError
TlsGetValue
TlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
SetEndOfFile

winmm

waveOutMessage
mmioRead
mmioDescend
mmioOpenW
waveOutGetDevCapsW
timeGetTime
mmioClose

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ole32

CoInitialize
CoCreateInstance
CLSIDFromString
CoUninitialize
CoTaskMemFree

oleaut32

VariantInit
VariantClear
SysAllocString
SafeArrayUnaccessData
SysFreeString
SafeArrayAccessData
VariantCopy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 684KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a6867d9ac00577d08d8839f98f909840

Headers

File Characteristics

Imports

advapi32

user32

gdi32

kernel32

winmm

version

ole32

oleaut32

Exports

Exports

Sections

.text Size: 684KB - Virtual size: 680KB

.data Size: 36KB - Virtual size: 46KB

.rsrc Size: 1.3MB - Virtual size: 1.3MB

.reloc Size: 28KB - Virtual size: 26KB

.text
Size: 684KB - Virtual size: 680KB

.data
Size: 36KB - Virtual size: 46KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 28KB - Virtual size: 26KB