NEAS[.]6a7b7b43231b6b69a4de7c8703e6f5b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.6a7b7b43231b6b69a4de7c8703e6f5b0.exe
Size

480KB
MD5

6a7b7b43231b6b69a4de7c8703e6f5b0
SHA1

c9d885efedfbcfd76951b39ed1530678f656387a
SHA256

d52113db32e84f8da603997adfa58daec9f16281422ef43af2cd8439a82a1c25
SHA512

c23f64acae17d64a2e55e9475d9061706645fc063fc8503bb1cf1d3e5717eef386801df38f7d242b568db7789b3d2e947ecb45061c469d1df05264eaf5b98b7d
SSDEEP

6144:9JY7OW1q40CN5MHv+W6ysUnpCk4cPoWEIF0OgJKgoTAM9UHPXc8mn2QHcq:Xa99MHvP6BUph5PLzM/rm2Q8

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.6a7b7b43231b6b69a4de7c8703e6f5b0.exe

Files

NEAS.6a7b7b43231b6b69a4de7c8703e6f5b0.exe
.dll regsvr32 windows:4 windows x86

2bb1a8f7147c3fe1e055ca2fcb173018

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegCloseKey
RegOpenKeyW
RegQueryValueExW
RegSetValueExW

atl80

ord61
ord26
ord23
ord22
ord18
ord32
ord64
ord27
ord58
ord31
ord30
ord50
ord51
ord43
ord52
ord53
ord44
ord15

gdi32

SetWindowExtEx
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
GetDeviceCaps
LPtoDP
SaveDC
SetMapMode
SetWindowOrgEx
SetViewportOrgEx
DeleteDC
RestoreDC
SetTextAlign
TextOutW
CreateMetaFileW

kernel32

GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
SetLastError
FlushInstructionCache
GetCurrentProcess
FreeLibrary
LoadLibraryExW
OutputDebugStringW
VirtualQuery
LoadLibraryW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
IsDebuggerPresent
InterlockedDecrement
UnhandledExceptionFilter
TerminateProcess
Sleep
VirtualAlloc
GetProcAddress
IsProcessorFeaturePresent
LoadLibraryA
InterlockedCompareExchange
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
InterlockedIncrement
RemoveDirectoryW
GetPrivateProfileIntW
FindFirstFileW
GetTickCount
DeleteFileW
CreateFileW
DeviceIoControl
CloseHandle
GetDriveTypeW
InitializeCriticalSection
DeleteCriticalSection
GetThreadLocale
SetThreadLocale
LeaveCriticalSection
FindResourceExW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
LoadResource
LockResource
SizeofResource
FindResourceW
EnterCriticalSection
VirtualFree
lstrlenW
CreateDirectoryW
GetLastError
GetFileAttributesW
SetFileAttributesW
WaitForSingleObject
RaiseException
GetExitCodeProcess
GetVersionExW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetDiskFreeSpaceExW
GetLogicalDrives
MoveFileW
SetUnhandledExceptionFilter

livelog

?BitsToHexString2@@YA?AVCComBSTR@ATL@@PBEH@Z
?GetDNSStatus@@YA?AW4DNS_STATUS@@XZ
?CreateObjectFromFile2@@YAJAAPAUHINSTANCE__@@PB_WPAUIUnknown@@ABU_GUID@@3PAPAX@Z
?GetModulePath2@@YA?AVCComBSTR@ATL@@PAUHINSTANCE__@@@Z
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?DOLOG@@YAXPB_WZZ
?DeleteDirectory@@YAHPB_W@Z
?GetUserGuid@@YAXPADAAH@Z
?HexStringToBits@@YA_NPBDPAEAAH@Z

msvcp80

?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z

msvcr80

_encoded_null
_malloc_crt
?terminate@@YAXXZ
_except_handler4_common
_decode_pointer
_onexit
_initterm
_vscwprintf
__dllonexit
_unlock
strchr
isdigit
sscanf_s
abs
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
_invalid_parameter_noinfo
free
calloc
wcscmp
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_lock
strlen
wcsncpy_s
vswprintf_s
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
_itow_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
__RTDynamicCast
_purecall
_encode_pointer
wcstoul
_time64
sprintf_s
wcsrchr
wcscpy_s
strncpy_s
strcat_s
malloc
_resetstkoflw
??3@YAXPAX@Z
_recalloc
fclose
fwrite
wcslen
_wfopen_s
memcpy
__CxxFrameHandler3
rand
??_V@YAXPAX@Z
memset
wcsstr
swprintf_s
srand
wcscat_s
_wcsicmp
memcpy_s
??2@YAPAXI@Z
memmove_s
memcmp

ole32

OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
CoCreateInstance
CreateOleAdviseHolder
CoLoadLibrary
CoFreeLibrary
CoTaskMemAlloc
CreateDataAdviseHolder

oleaut32

SysAllocStringLen
OleCreatePropertyFrame
VariantChangeType
VariantClear
VariantInit
LoadTypeLi
LoadRegTypeLi
SysStringByteLen
VarBstrCmp
SysStringLen
SysAllocStringByteLen
SysAllocString
SysFreeString
GetErrorInfo
SetErrorInfo
CreateErrorInfo

shell32

SHGetFolderPathW
ShellExecuteExW

shlwapi

PathAppendW

user32

SetWindowPos
SetWindowRgn
OffsetRect
UnionRect
PtInRect
GetKeyState
InvalidateRect
GetParent
CreateWindowExW
UnregisterClassW
RegisterClassExA
GetClassInfoExA
LoadCursorA
KillTimer
SetTimer
IsWindow
SetFocus
UnregisterClassA
RegisterClassExW
GetClassInfoExW
LoadCursorW
DestroyWindow
EqualRect
DefWindowProcW
SetWindowLongW
GetWindowLongW
ShowWindow
BeginPaint
GetClientRect
EndPaint
GetFocus
IsChild
IntersectRect
CallWindowProcW

vscover100

VSCoverRegisterAssembly

ws2_32

htonl
ntohl
inet_addr
WSACleanup
WSAStartup
inet_ntoa
gethostbyname
gethostname

Exports

Exports

CreateP2PAppCtrl
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
FinalReleaseP2PAppCtrl
ReleaseP2PAppCtrl

Sections

.text
Size: 284KB - Virtual size: 280KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vscov
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vscovmp
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vscovex
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2bb1a8f7147c3fe1e055ca2fcb173018

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

atl80

gdi32

kernel32

livelog

msvcp80

msvcr80

ole32

oleaut32

shell32

shlwapi

user32

vscover100

ws2_32

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 280KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 8KB - Virtual size: 8KB

.vscov Size: 4KB - Virtual size: 568B

.vscovmp Size: 76KB - Virtual size: 75KB

.vscovex Size: 4KB - Virtual size: 20B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 284KB - Virtual size: 280KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 8KB - Virtual size: 8KB

.vscov
Size: 4KB - Virtual size: 568B

.vscovmp
Size: 76KB - Virtual size: 75KB

.vscovex
Size: 4KB - Virtual size: 20B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 32KB - Virtual size: 28KB