NEAS[.]afa25acb78a919dbf6ebc2e40219d300[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.afa25acb78a919dbf6ebc2e40219d300.exe
Size

603KB
MD5

afa25acb78a919dbf6ebc2e40219d300
SHA1

198f4e8919691419140f410eef41ddb9e5d3d77b
SHA256

1e941fc6b208c0dae999510c1c23a1df10f3e12f461a13cf1fbf9adfc9ca032b
SHA512

b5d6ab0749cfdb8667a0e74757ad2f639490799133133f7879417bd045d674c020bbebd73372b283871a30fb9349209a8c14a5b6ce39bdd7e0ca9456ab3ee773
SSDEEP

12288:+HOwFBEpilI7XHgZ5KhJgeaX/uVnuq/jn1zRlq0xFS3tVd0:+HOwFepiSLHgZAJ8/uhHfq0yO

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.afa25acb78a919dbf6ebc2e40219d300.exe

Files

NEAS.afa25acb78a919dbf6ebc2e40219d300.exe
.dll windows:6 windows x86

90bac6481b62589762819f837be85612

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

wcsrchr
vsprintf_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
_CxxThrowException
__CxxFrameHandler3
memset
memmove
??_V@YAXPAX@Z
memcmp
memcpy
_invalid_parameter_noinfo_noreturn
memcpy_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
__clean_type_info_names_internal
__lconv_init
_except_handler4_common
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
strncpy_s
_vsnprintf_s
realloc
malloc
free
wcsncat_s
wcscpy_s
bsearch
??2@YAPAXI@Z
??_U@YAPAXI@Z
swscanf_s
wcsncpy_s
wcscmp
wcschr
??3@YAXPAX@Z

advapi32

OpenProcessToken
AddAccessAllowedAce
AddAccessDeniedAce
AllocateAndInitializeSid
CheckTokenMembership
CopySid
CreateWellKnownSid
EqualSid
FreeSid
GetLengthSid
GetSecurityDescriptorDacl
InitializeAcl
GetTokenInformation
RegGetValueW
RegQueryValueExA
RegOpenKeyExA
RegEnumKeyW
EventWrite
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
InitializeSecurityDescriptor
IsValidSid
SetSecurityDescriptorDacl
ConvertSidToStringSidA
ConvertStringSecurityDescriptorToSecurityDescriptorW
EventUnregister
EventRegister
RegSetValueExW
RegQueryInfoKeyW
RegCreateKeyExW
OpenThreadToken

kernel32

LocalAlloc
LocalFree
LoadLibraryA
GetFileType
GetTempPathW
SizeofResource
GetModuleFileNameA
GetShortPathNameA
GetCurrentThread
EncodePointer
DecodePointer
GetLastError
SetLastError
CompareStringW
CloseHandle
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
WaitForSingleObjectEx
GetCurrentThreadId
Sleep
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
ReadFile
WriteFile
CreateFileW
GetModuleFileNameW
LoadResource
FindResourceW
LocaleNameToLCID
GetUserDefaultLocaleName
IsValidLocale
GetSystemDefaultLCID
GetUserDefaultLCID
CompareStringEx
LCIDToLocaleName
GetSystemDefaultLocaleName
HeapAlloc
HeapFree
GetProcessHeap
RaiseFailFastException
DeleteFileW
SetFileAttributesW
ReleaseMutex
GetSystemTimeAsFileTime
GetLocalTime
GetTickCount64
GetDiskFreeSpaceExW
GetFileAttributesExW
GetFileSize
GlobalMemoryStatusEx
GetSystemDirectoryW
GetVersionExW
GetProductInfo
GetModuleHandleW
GetProcAddress
GetTimeZoneInformation
GetUserGeoID
GetUserDefaultUILanguage
CreateDirectoryW
GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetTickCount
GlobalFree
RaiseException
CreateMutexA
OpenMutexA
GlobalAlloc
QueryPerformanceCounter
HeapSetInformation
VirtualProtect
WerRegisterMemoryBlock
LoadLibraryExW
InterlockedExchange
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
RtlCaptureStackBackTrace
TlsGetValue
IsWow64Process
GetNativeSystemInfo

ole32

CoCreateGuid

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

msvcp100

?_Xlength_error@std@@YAXPBD@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xout_of_range@std@@YAXPBD@Z

Sections

.text
Size: 144KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 196KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

90bac6481b62589762819f837be85612

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

advapi32

kernel32

ole32

version

msvcp100

Sections

.text Size: 144KB - Virtual size: 144KB

.data Size: 196KB - Virtual size: 203KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 260KB - Virtual size: 260KB

.text
Size: 144KB - Virtual size: 144KB

.data
Size: 196KB - Virtual size: 203KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 260KB - Virtual size: 260KB