NEAS[.]8ed58ad87a3c71910c271031916c9600[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.8ed58ad87a3c71910c271031916c9600.exe
Size

399KB
MD5

8ed58ad87a3c71910c271031916c9600
SHA1

4c4d83ca6ad2f526965ba63823b043df7ff17017
SHA256

0a41a2691425d7da0e3d49d3655e52e68d86d8366f1ce87c0f1bf9d8e9ebc781
SHA512

9f6054843fa52dac181d538bed7f4f2695a65e9d8553172f0310380b384402eee6b82b959f43e13c5f664462e1c66cc193d0c83eb3542154732a7ff7c149954e
SSDEEP

12288:TJsI2aLlGV9zoEuga24kVYJeASN6+TwFOJFR98eI1otgndUX6CRUO7fr:TJsf/c4k7vC+k6GqCRUOr

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.8ed58ad87a3c71910c271031916c9600.exe

Files

NEAS.8ed58ad87a3c71910c271031916c9600.exe
.dll regsvr32 windows:4 windows x86

4017561c8d7de31a0370916d31b2cdb7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
fopen_s
fwprintf_s
fclose
vsprintf_s
wcscpy_s
vswprintf_s
wcsrchr
_vsnprintf
memcpy
memset
_splitpath_s
_makepath_s

kernel32

GetLastError
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
GetProcAddress
LoadLibraryExA
GetModuleHandleW
GetModuleFileNameA
GetStringTypeExA
GetLocaleInfoA
GetSystemDefaultLCID
GetUserDefaultLangID
GetACP
GlobalUnlock
GlobalLock
GlobalAlloc
GlobalSize
SetLastError
lstrlenW
CloseHandle
GetCurrentProcess
UnmapViewOfFile
MapViewOfFile
MulDiv
IsDBCSLeadByte
GetTickCount
GetCurrentProcessId
GetModuleHandleA
GetFileAttributesW
GetVersion
GetFileAttributesA
FormatMessageW
FormatMessageA
FindResourceA
LoadResource
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
LockResource
CompareStringA
VirtualProtect
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetProcessHeap
CreateProcessA
GetTempFileNameA
GetTempPathA
HeapFree
HeapAlloc
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
LoadLibraryA

shell32

DragQueryFileW

oleaut32

SysAllocString
SysStringLen
SysAllocStringLen
SysFreeString
VariantClear
VariantInit

ole32

ReleaseStgMedium
CreateDataAdviseHolder
CreateOleAdviseHolder
OleRegGetUserType
OleRegEnumVerbs
CoTaskMemFree
CoTaskMemAlloc
WriteFmtUserTypeStg
WriteClassStg
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoAllowSetForegroundWindow
RevokeDragDrop
RegisterDragDrop
CreateStreamOnHGlobal
CoCreateInstance
CoTaskMemRealloc

gdi32

CreateCompatibleBitmap
SetBkColor
BitBlt
CreateFontIndirectA
EnumFontFamiliesExA
GetDeviceCaps
GetBkColor
GetTextColor
SetTextAlign
LineTo
MoveToEx
CreatePen
Polyline
CreateCompatibleDC
GetStockObject
GetTextMetricsA
DeleteDC
CreateSolidBrush
SetBkMode
SetTextColor
SelectObject
DeleteObject

advapi32

RegOpenKeyExW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

user32

CreateDialogIndirectParamA
CreateDialogIndirectParamW
GetClassNameA
ShowCursor
MapDialogRect
OffsetRect
LoadMenuA
IsClipboardFormatAvailable
EnableMenuItem
GetMenuItemID
GetMenuItemCount
RemoveMenu
GetSubMenu
SetWindowLongW
GetWindowLongA
GetWindowLongW
InsertMenuA
InsertMenuW
RegisterClipboardFormatA
LoadStringA
LoadStringW
SetWindowTextA
SetWindowTextW
TranslateAcceleratorA
TranslateAcceleratorW
IsDialogMessageA
IsDialogMessageW
PeekMessageW
IsWindowUnicode
PeekMessageA
MessageBeep
RegisterWindowMessageA
GetWindow
GetAsyncKeyState
IsIconic
SetForegroundWindow
LoadAcceleratorsA
IsChild
SetParent
EnableWindow
PostMessageW
MessageBoxW
FindWindowA
CreateWindowExW
GetFocus
GetCapture
SetCursor
LoadCursorA
IsWindowEnabled
IsWindowVisible
ShowWindow
GetKeyState
IntersectRect
IsRectEmpty
EnumChildWindows
EqualRect
CreateMenu
DestroyMenu
GetSysColor
DrawIconEx
GetWindowDC
GetForegroundWindow
SetFocus
GetKeyboardLayout
ActivateKeyboardLayout
GetKeyboardLayoutList
MessageBoxA
ChildWindowFromPointEx
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
KillTimer
ClientToScreen
GetCursorPos
PtInRect
WindowFromPoint
SetTimer
InflateRect
DrawFocusRect
SetWindowPos
UpdateWindow
InvalidateRect
GetDlgCtrlID
GetDlgItem
ScreenToClient
GetWindowRect
GetClientRect
GetParent
DestroyWindow
RegisterClassW
CreateWindowExA
RegisterClassA
GetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetWindowTextLengthW
CallWindowProcA
CallWindowProcW
DefWindowProcA
DefWindowProcW
SendMessageW
SetWindowLongA
MapWindowPoints

mso

ord815
ord639
ord2586
ord3200
ord2555
ord1479
ord1504
ord1465
ord329
ord833
ord1235
ord821
ord7956
ord6779
ord467
ord6290
ord6857
ord6260
ord6284
ord6202
ord6133
ord6158
ord6565
ord6566
ord6220
ord1955
ord6157
ord6010
ord6788
ord6016
ord6884
ord797
ord7315
ord1289
ord2532
ord6738
ord6570
ord1455
ord1461
ord1727
ord6818
ord6794
ord726
ord1474
ord1086
ord7927
ord796
ord294
ord7628
ord1378
ord1836
ord750
ord6118
ord295
ord6877
ord590
ord2410
ord330
ord840
ord6945
ord2335
ord6141
ord6889
ord652
ord7312
ord7306
ord929
ord2398
ord7607
ord2539
ord6285
ord6051
ord2408
ord340
ord673
ord2411
ord2381
ord393
ord3175
ord3238
ord383
ord6193
ord5768
ord861
ord1835
ord817
ord836
ord610
ord7629
ord2766
ord7632
ord6728
ord735
ord7375
ord7609
ord6873
ord6011
ord6848
ord7608
ord2473
ord1726
ord10004
ord6888
ord805
ord2472
ord6048

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 262KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4017561c8d7de31a0370916d31b2cdb7

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

kernel32

shell32

oleaut32

ole32

gdi32

advapi32

user32

mso

Exports

Exports

Sections

.text Size: 130KB - Virtual size: 129KB

.data Size: 3KB - Virtual size: 6KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 262KB - Virtual size: 264KB

.text
Size: 130KB - Virtual size: 129KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 262KB - Virtual size: 264KB