NEAS[.]61e6e748b5acd44b3090d38e80b079d0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.61e6e748b5acd44b3090d38e80b079d0.exe
Size

552KB
MD5

61e6e748b5acd44b3090d38e80b079d0
SHA1

d10aed33840d180e8a2805369aa3da7fd344779a
SHA256

8af3a126d0fdbb75f766328e84c671e90e5a25fc68aeff2dfa86b259bf1caaeb
SHA512

51778a119eeae291868d55dce3f076e7bfc472dbe81ae24efa24aa544633f110230438690faa1cd28e217cab8283519c7a7e9967999d91aaa9fb8bd2faf85a28
SSDEEP

6144:Q4Lyj8BA593HvPYPkxbB+m7wsFOPpJBl7O70DBZE5AB9PDAF/OAmbqnEjE:DejxT3YPkxbB+ZiipJBxO70NZF8mqnE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.61e6e748b5acd44b3090d38e80b079d0.exe

Files

NEAS.61e6e748b5acd44b3090d38e80b079d0.exe
.dll regsvr32 windows:4 windows x86

afb8a4917b367048b993227c811e017b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

common

?CreateTXBuffer@Data@Util@@YAHPAPAUITXBuffer@@@Z
??1CTXCommPack@@UAE@XZ
?GetBufferOut@CTXCommPack@@QAEHAAVCTXBuffer@@@Z
??1CTXStringA@@QAE@XZ
?AddStrALenByte@CTXCommPack@@QAEHABVCTXStringA@@@Z
??0CTXStringA@@QAE@UtagUTF8@@PB_WH@Z
??0CTXCommPack@@QAE@XZ
?SBCToDBC@Convert@Util@@YA_NAAVCTXStringW@@@Z
??4CTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?SetInterval@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
??ACTXStringW@@QBE_WH@Z
?Length@CTXBSTR@@QBEIXZ
?SetAsyncCallback@TXTimer@@YAHPAUITXAsyncCallback@@I@Z
?AddBufLenWord@CTXCommPack@@QAEHABVCTXBuffer@@H@Z
??YCTXStringW@@QAEAAV0@ABVCTXBSTR@@@Z
?AddBufLenByte@CTXCommPack@@QAEHABVCTXBuffer@@@Z
?DoFormat@CFmtString@@QAEPB_WPB_W@Z
?PropertyLong@CFmtString@@QAEHPB_WJ0@Z
??0CFmtString@@QAE@XZ
??4CTXBSTR@@QAEAAV0@ABVCTXStringW@@@Z
?Utf8ToWS@Convert@Util@@YA?AVCTXStringW@@PBDH@Z
??4CTXBSTR@@QAEAAV0@PB_W@Z
?PropertyStr@CFmtString@@QAEHPB_W0@Z
?PropertyDWord@CFmtString@@QAEHPB_WK0@Z
??M@YA_NABVCTXStringW@@0@Z
?IsFileExist@FS@@YAHPB_W@Z
?GetGmtTm@CTXTime@@QBEPAUtm@@PAU2@@Z
?GetSpecialFolderPath@Sys@Util@@YAHHAAVCTXBSTR@@@Z
?LoadXmlByName@FS@Util@@YAHPB_WPAPAUIXMLDOMDocument@@@Z
?SetAsyncCallback@TXTimer@@YAHP6GXPAX@Z0@Z
??4CTXStringW@@QAEAAV0@PA_W@Z
??4CTXStringW@@QAEAAV0@ABV0@@Z
?IsEmpty@CTXStringW@@QBE_NXZ
??8@YA_NABVCTXStringW@@PB_W@Z
?MakeUpper@CTXStringW@@QAEAAV1@XZ
?Trim@CTXStringW@@QAEAAV1@XZ
?Mid@CTXStringW@@QBE?AV1@H@Z
?Left@CTXStringW@@QBE?AV1@H@Z
?Find@CTXStringW@@QBEH_WH@Z
ord26
?GetTXDataStr@Data@Util@@YAHPAUITXDataRead@@PB_WAAVCTXStringW@@@Z
?Detach@CTXBSTR@@QAEPA_WXZ
?ConvertToPureFile@FS@@YA?AVCTXStringW@@PB_W@Z
??0CTXTime@@QAE@XZ
??8CTXBSTR@@QBE_NPB_W@Z
??8CTXBSTR@@QBE_NABV0@@Z
?IsInFullScreen@WinScreenStatus@Util@@YAHPAPAUHWND__@@PAH1PAKPAPA_W1@Z
??9@YA_NABVCTXStringW@@0@Z
??4CTXBSTR@@QAEAAV0@ABV0@@Z
?CreateTXArray@Data@Util@@YAHPAPAUITXArray@@@Z
?GetBuffer@CTXStringW@@QAEPA_WXZ
ord25
?AppendFormat@CTXStringW@@QAAXPB_WZZ
?GetTXDataBuf@Data@Util@@YAHPAUITXDataRead@@PB_WAAVCTXBuffer@@@Z
??0CTXStringW@@QAE@ABVCTXBSTR@@@Z
?GetSession@TXLog@@YAKXZ
?GetLogByFilter@TXLog@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABVCTXStringW@@K0K@Z
?Format@CTXStringW@@QAAXPB_WZZ
??H@YA?AVCTXStringW@@ABV0@0@Z
?GetString@CTXStringW@@QBEPB_WXZ
??YCTXStringW@@QAEAAV0@ABV0@@Z
??0CTXBSTR@@QAE@XZ
?IsEmpty@CTXBSTR@@QAEHXZ
??ICTXBSTR@@QAEPAPA_WXZ
?LoadStringW@TXStringBundle@@YAPB_WPB_W@Z
?EraseTimerCallback@TXTimer@@YAHPAUITXTimerCallback@@I@Z
?GetLength@CTXStringW@@QBEHXZ
?CreateTXData@Data@Util@@YAHPAPAUITXData@@@Z
?Empty@CTXStringW@@QAEXXZ
??0CTXStringW@@QAE@ABV0@@Z
ord34
?SetTimeout@TXTimer@@YAHIPAUITXTimerCallback@@I@Z
?GetPlatformCore@Core@Util@@YAHPAPAUITXCore@@@Z
?TXLog_DoTXLogVW@@YAXPAUtagLogObj@@PB_W1PAD@Z
??0CTXStringW@@QAE@XZ
??4CTXStringW@@QAEAAV0@PB_W@Z
??BCTXStringW@@QBEPB_WXZ
?Record@Perf@Util@@YAJPB_WHH00@Z
??0CTXStringW@@QAE@PB_W@Z
??H@YA?AVCTXStringW@@PB_WABV0@@Z
??H@YA?AVCTXStringW@@ABV0@PB_W@Z
??0CTXBSTR@@QAE@PB_W@Z
?GetBSTR@CTXStringW@@QBEPA_WXZ
??1CFmtString@@QAE@XZ
??0CTXStringW@@QAE@PA_W@Z
??YCTXStringW@@QAEAAV0@PB_W@Z
?Mid@CTXStringW@@QBE?AV1@HH@Z
?FlushLog@TXLog@@YAXXZ
??0CTXBSTR@@QAE@ABVCTXStringW@@@Z
??BCTXBSTR@@QBEPA_WXZ
??1CTXBSTR@@QAE@XZ
??1CTXStringW@@QAE@XZ
??0CTXTime@@QAE@_J@Z
?GetRegulatedTime@Time@Util@@YA_NAA_J@Z

gf

?FreeData@Metadata@Util@@YAJAAPA_W@Z
?LoadImageW@GF@Util@@YAPAXPB_WIHHI@Z
?RawInitGFElementByXtml@GF@Util@@YAJPA_WPAUIGFElement@@10H@Z
?CreateObject@GF@Util@@YAJABU_GUID@@0PAPAX@Z
?RawCreateGFElementByXtml@GF@Util@@YAJPA_WPAPAUIGFElement@@PAU3@0H@Z
?ClosePopupWindows@GF@Util@@YAXXZ
?Get@Metadata@Util@@YAJPAUITXData@@PA_WPAPA_W@Z

apputil

?GetRoomHead@Misc@Util@@YA?AVCTXStringW@@KK@Z
?Show@MsgBox@Util@@YAHPAUIGFFrame@@VCTXStringW@@1HH@Z
?AppendMenuItem@Misc@Util@@YAXPAUIGFMenu@@PA_W1PAUITXData@@HHH@Z
?CloseBubbleTip@BubbleTipMgr@@YAJPAUIGFControl@@PA_W@Z
?ShowNoRet@MsgBox@Util@@YAXPAUIGFFrame@@VCTXStringW@@1H@Z
?GetRoomKindStr@Misc@Util@@YA?AVCTXStringW@@E@Z
?PopupBubbleTip@BubbleTipMgr@@YAJPAUIGFControl@@PA_W11UtagPOINT@@KHW4CustomerBubbleType@@@Z
?EnterRoom@Frame@Util@@YAHKHPAUITXData@@@Z
?GetRoomHeadSize@Misc@Util@@YAKW4RoomHeadType@@@Z
?MessageBoxW@MsgBox@Util@@YAHPAUIGFFrame@@VCTXStringW@@1HH@Z
?PlayMusic@Misc@Util@@YAHVCTXStringW@@@Z

imdllbuild

?GetSelfName@Contact@Util@@YA?AVCTXStringW@@XZ
?GetMainID@Room@Util@@YAKK@Z
?GET_ROOM_OBJECT@Contact@Util@@YAHABVROOM_HANDLE@@PAPAUITCPMgr@@@Z
?Destroy@MVC_KERNEL@@YAXPB_WKABVROOM_HANDLE@@@Z
?Create@MVC_KERNEL@@YAPAVIMVCModule@@PB_WKABVROOM_HANDLE@@@Z
?GetUserCurrentRoom@Room@Util@@YAKVROOM_HANDLE@@K@Z
?RealTimeIncValue@Report@Util@@YAXKHK@Z
?RoomDataGetDWord@Room@Util@@YAKKH@Z
?IsSubRoomEx@Room@Util@@YAHKK@Z
?GetCusNumFmt@URL@Util@@YAXAAVCFmtString@@K@Z
?GetCurrentRoomID@Contact@Util@@YAKVROOM_HANDLE@@@Z
?GetStartupGameID@CommandLine@Util@@YA_JXZ
?GetSelfAccountName@Account@Util@@YA?AVCTXStringW@@XZ
?GetStartupGameST@CommandLine@Util@@YA?AVCTXStringW@@XZ
?GetSelfUin@Contact@Util@@YAKXZ
?ReportFeedBack@Report@Util@@YAHKEVCTXStringW@@0PAUITXCallback@@@Z
?GetServerConfigInt@Config@Util@@YAHPB_W0H@Z
?GetChatRoom@Contact@Util@@YAHABVROOM_HANDLE@@PAPAUITXChatRoom@@@Z
?GetSaveNameByTid@DataTypeID@@YA?AVCTXStringW@@H@Z
?RealTimeSetValue@Report@Util@@YAXKHK@Z
?GetStartupSubRoomID@CommandLine@Util@@YAKXZ
?IsSelectEnterSubRoomMode@CommandLine@Util@@YAHAAK0@Z
?IsSelectEnterRoomMode@CommandLine@Util@@YAHAAK@Z
?IsSelectGotoVipWebMode@CommandLine@Util@@YAHAAK0@Z
?GetVersionExW@Version@@YAXAAUtagVersionInfo@1@@Z
?MinimizeMemoryOnOnceIdle@Sys@Util@@YAXXZ
?OpenUrlInIM@URL@Util@@YAXABVCTXStringW@@W4URLMODIFYLEVEL@12@0@Z
?GetLangFmt@URL@Util@@YAXAAVCFmtString@@@Z
?RoomDataGetStr@Room@Util@@YA?AVCTXStringW@@KH@Z
?AdjustFormat@URL@Util@@YA?AVCFmtString@@W4URLMODIFYLEVEL@12@@Z
?GetStartupSelRoomID@CommandLine@Util@@YAHXZ
?GetShowID@Room@Util@@YA?AVCTXStringW@@K@Z
?GetStartupAccount@CommandLine@Util@@YA?AVCTXStringW@@XZ
?GetStartupExtParam@CommandLine@Util@@YAHVCTXStringW@@AAV3@@Z
?IsExistStartupExtParam@CommandLine@Util@@YAHXZ
?GetStartupReportData@CommandLine@Util@@YAHVCTXStringW@@AAV3@@Z
?IsExistStartupReportData@CommandLine@Util@@YAHXZ
?GetStartupQTExtParam@CommandLine@Util@@YAHVCTXStringW@@AAV3@@Z
?IsExistStartupQTExtParam@CommandLine@Util@@YAHXZ
?HideWindow@CommandLine@Util@@YAHXZ
?GetStartupRoomID@CommandLine@Util@@YAKXZ
?GetSignFmt@URL@Util@@YAXAAVCFmtString@@@Z

appview

?Get@MVC_VIEW@@YAPAVIMVCModule@@PB_WKABVROOM_HANDLE@@@Z
?Create@MVC_VIEW@@YAPAVIMVCModule@@PB_WKABVROOM_HANDLE@@@Z
?G_DestroyManager@MVC_VIEW@@YAJXZ
?Destroy@MVC_VIEW@@YAXPB_WKABVROOM_HANDLE@@@Z

chatframe

?Get@MVC_APPCONTROL@@YAPAVIMVCModule@@PB_WKABVROOM_HANDLE@@@Z
?Destroy@MVC_APPCONTROL@@YAXPB_WKABVROOM_HANDLE@@@Z
?G_DestroyManager@MVC_APPCONTROL@@YAJXZ
?Create@MVC_APPCONTROL@@YAPAVIMVCModule@@PB_WKABVROOM_HANDLE@@@Z

qtcommon

?GetProfileIntW@Profile@Config@QTCommon@@YAHPB_W0H@Z
?GetConfigValue@Config@QTCommon@@YAHPA_WH00HPAX@Z
?IsEmailAccount@Misc@QTCommon@@YAHAAVCTXStringW@@@Z
?SetConfigValue@Config@QTCommon@@YAHPA_WH00HPAX@Z
?CheckRoomIDValid@Misc@QTCommon@@YAHPA_W@Z

kernel32

lstrlenW
lstrcmpiW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetModuleHandleW
InterlockedIncrement
InterlockedDecrement
GlobalMemoryStatusEx
QueryPerformanceFrequency
GetSystemInfo
SystemTimeToFileTime
GetLocalTime
SetThreadLocale
GetThreadLocale
CloseHandle
MapViewOfFile
CreateFileMappingW
GetModuleFileNameW
SetFilePointer
GetFileType
DuplicateHandle
GetCurrentProcess
WriteFile
UnmapViewOfFile
ReadFile
FileTimeToSystemTime
FileTimeToDosDateTime
GetFileSize
GetSystemTime
GetFileInformationByHandle
WideCharToMultiByte
GetVersionExW
FlushInstructionCache
Sleep
WaitForSingleObject
SetEvent
ResumeThread
CreateThread
ResetEvent
CreateEventW
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetProcAddress
CreateMutexW
GetCurrentProcessId
OpenMutexW
ReleaseMutex
OpenFileMappingW
VirtualQuery
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
CreateFileW

user32

SetWindowPos
GetClientRect
GetWindowPlacement
MoveWindow
GetWindowLongW
KillTimer
UnregisterClassA
GetSystemMetrics
CopyRect
PtInRect
SetRect
SetRectEmpty
InflateRect
UnionRect
EqualRect
CallWindowProcW
SetWindowsHookExW
SetFocus
GetFocus
CallNextHookEx
ClientToScreen
GetForegroundWindow
GetDoubleClickTime
EnumChildWindows
GetWindowThreadProcessId
MapWindowPoints
GetClassNameW
DestroyIcon
GetActiveWindow
RegisterWindowMessageW
PostMessageW
MonitorFromPoint
SetForegroundWindow
IsZoomed
GetKeyState
EnumDisplayMonitors
GetCursorPos
FindWindowW
GetMessagePos
GetAsyncKeyState
MonitorFromWindow
GetMonitorInfoW
SystemParametersInfoW
SetWindowLongW
SendMessageW
IsWindow
SendMessageTimeoutW
IsWindowVisible
GetWindowRect
CharNextW
UpdateWindow
ShowWindow
IsIconic
SetTimer
DefWindowProcW

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegEnumKeyExW
RegCloseKey

shell32

ShellExecuteW
SHAppBarMessage
Shell_NotifyIconW
SHGetFileInfoW

ole32

CoCreateInstance
StringFromCLSID
CoTaskMemFree

oleaut32

SysFreeString
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString

atl80

ord23
ord64
ord22
ord18
ord15
ord32
ord31
ord30
ord58
ord61

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
memmove
_wtoi
wcsncpy
_mktime64
memcpy
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_recalloc
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
memmove_s
??_V@YAXPAX@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_time64
_invalid_parameter_noinfo
__CxxFrameHandler3
memset
_purecall
wcsncpy_s
wcscpy_s
_CxxThrowException
free
malloc
_tzset
??3@YAXPAX@Z
_crt_debugger_hook
__clean_type_info_names_internal
_stricmp
memcpy_s

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 340KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

afb8a4917b367048b993227c811e017b

Headers

File Characteristics

Imports

common

gf

apputil

imdllbuild

appview

chatframe

qtcommon

kernel32

user32

advapi32

shell32

ole32

oleaut32

atl80

msvcp80

msvcr80

Exports

Exports

Sections

.text Size: 340KB - Virtual size: 337KB

.rdata Size: 120KB - Virtual size: 117KB

.data Size: 16KB - Virtual size: 15KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 68KB - Virtual size: 66KB

.text
Size: 340KB - Virtual size: 337KB

.rdata
Size: 120KB - Virtual size: 117KB

.data
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 68KB - Virtual size: 66KB