NEAS[.]67a29f52d5b681dc1685233f61280900[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.67a29f52d5b681dc1685233f61280900.exe
Size

84KB
MD5

67a29f52d5b681dc1685233f61280900
SHA1

4aa7cdcddadfa015abba7cc69d2b4b6d503764d3
SHA256

5b639ca28a7fdcf6e0ec88ba7478819799ca23254ed0315c137b3a5d7f065c46
SHA512

0e45f838f806faa26d6d697cf8861e2e505eb6193202056b18f29ee595596f27d0ae91ca036a34cea53d086ac2de7fef1588e88592df43c02ecd0ed6a1b372f2
SSDEEP

1536:CKXzvYnNYsmV1CXO0LvlTn9cOBzbYwC+wN5Q:CkQNYsmVgXBn9cOBzMz+wN5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.67a29f52d5b681dc1685233f61280900.exe

Files

NEAS.67a29f52d5b681dc1685233f61280900.exe
.dll regsvr32 windows:4 windows x86

ae233ffb2d97c8e8562e2ca6707d5a1d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetCurrentThreadId
CompareStringA
GetModuleHandleA
GetModuleFileNameA
GetWindowsDirectoryA
GetSystemDirectoryA
LoadLibraryA
FlushInstructionCache
HeapAlloc
LoadResource
SizeofResource
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
MulDiv
GetProcessHeap
HeapFree
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetVersionExA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
ExitProcess
LocalAlloc
RaiseException
GetThreadLocale
GetLocaleInfoA
GetACP
SetLastError
LocalFree

advapi32

RegCloseKey

user32

GetDC
DestroyWindow
PtInRect
UnionRect
GetKeyState
ReleaseDC
InvalidateRect
EndPaint
GetClientRect
BeginPaint
IsChild
GetFocus
IsWindow
IntersectRect
EqualRect
OffsetRect
SetWindowRgn
SetWindowPos
GetSysColor
GetParent
SetFocus
ShowWindow

gdi32

DeleteDC
RestoreDC
GetDeviceCaps
SetMapMode
SaveDC
LPtoDP
DeleteMetaFile
CloseMetaFile
SetViewportOrgEx
DeleteObject
SelectObject
CreateSolidBrush
Rectangle
SelectClipRgn
CreateRectRgn
SetBkMode
CreateRectRgnIndirect
SetWindowExtEx
SetTextColor
SetWindowOrgEx

mfc71lu

ord1162
ord1087
ord1079
ord1200
ord1170
ord1168
ord1192
ord1115
ord371
ord1093
ord1199
ord1197
ord1033
ord315
ord765
ord3677
ord4032
ord4008
ord6272
ord3795
ord6274
ord2054
ord5579
ord3800
ord6215
ord5378
ord3826
ord1911
ord2925
ord5220
ord5222
ord3942
ord4562
ord5226
ord5209
ord5562
ord2531
ord2725
ord2829
ord4301
ord2708
ord2832
ord2534
ord2640
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4475
ord4255
ord3327
ord757
ord1182
ord1178
ord764
ord3824
ord1043
ord314
ord266
ord2239
ord1908
ord265
ord762
ord4320
ord2009
ord1007
ord5096
ord566
ord577
ord870
ord1472
ord2121
ord776
ord293
ord280
ord774
ord1220
ord283
ord581

mslur71

malloc
free
memset
_except_handler3
memcpy
__CxxFrameHandler
_purecall
wcsncpy
realloc
_resetstkoflw
wcscpy
wcslen
?terminate@@YAXXZ
??1type_info@@UAE@XZ
__dllonexit
_onexit
_initterm
_adjust_fdiv
__CppXcptFilter
__security_error_handler
memcmp

shlwapi

PathFindExtensionW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
OleRegEnumVerbs
OleRegGetUserType
OleRegGetMiscStatus
CreateDataAdviseHolder
CreateOleAdviseHolder
OleLoadFromStream
WriteClassStm
OleSaveToStream
CoTaskMemAlloc

oleaut32

LoadTypeLi
OleCreatePropertyFrame
SysStringLen
LoadRegTypeLi
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VariantClear
VariantInit
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ae233ffb2d97c8e8562e2ca6707d5a1d

Headers

File Characteristics

Imports

kernel32

advapi32

user32

gdi32

mfc71lu

mslur71

shlwapi

ole32

oleaut32

Exports

Exports

Sections

.text Size: 44KB - Virtual size: 42KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 8KB - Virtual size: 6KB

.reloc Size: 8KB - Virtual size: 6KB

.text
Size: 44KB - Virtual size: 42KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 8KB - Virtual size: 6KB

.reloc
Size: 8KB - Virtual size: 6KB