NEAS[.]9225c389d96a04081e56d1f188a171c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9225c389d96a04081e56d1f188a171c0.exe
Size

256KB
MD5

9225c389d96a04081e56d1f188a171c0
SHA1

e3db5bdcbb6dc6143748b326250cf8737cdff111
SHA256

f1a858fa904c97707eae28fdd76558bf6c761fbb06a3ece0aa1673114c5e24d6
SHA512

ebfa68f39d249ff0e4cb8501abe7b43da59d4f6ae3513d7ee3885742c2ac79d0ec9fed3a0270c0f9f15645d5108ce3fb6403a800b17d18fdbd16af241f2a7d1c
SSDEEP

3072:WWhV5q/EeTyKw91X1Y4jkX2iVExX0aETWkZfhP/Abmr7l+lBOhMY:WWP5q/EeTy1Rs7aXH0WaPB7U3O

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9225c389d96a04081e56d1f188a171c0.exe

Files

NEAS.9225c389d96a04081e56d1f188a171c0.exe
.exe windows:4 windows x86

1dd3d2d233b1b5798fe7ac7da5771368

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcr80

__setusermatherr
_configthreadlocale
_initterm_e
_adjust_fdiv
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
wcsncmp
_itow
_wcsicmp
wcsstr
iswspace
_wtol
wcstok
wcsncpy
fprintf
fopen
fclose
calloc
_recalloc
_ltow
wcscmp
wcscpy
wcscat
memcmp
??2@YAPAXI@Z
_resetstkoflw
??3@YAXPAX@Z
__p__commode
__p__fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_except_handler4_common
_invoke_watson
_controlfp_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
malloc
__CxxFrameHandler3
??_U@YAPAXI@Z
??_V@YAXPAX@Z
vswprintf_s
_vscwprintf
free
wcscat_s
memmove_s
memcpy_s
wcslen
_except_handler3
memset
_initterm

mfc80u

ord331
ord2340
ord3249
ord1172
ord5316
ord6282
ord1571
ord5327
ord6293
ord442
ord6751
ord314
ord2531
ord2725
ord2829
ord4301
ord2708
ord2534
ord2527
ord3712
ord3713
ord3703
ord2638
ord3943
ord4255
ord590
ord3629
ord4475
ord3422
ord1176
ord3596
ord3603
ord2809
ord1908
ord1178
ord1182
ord581
ord1200
ord1170
ord1168
ord1192
ord1115
ord1162
ord371
ord1093
ord1199
ord1197
ord1087
ord1033
ord1079
ord315
ord765
ord372
ord2132

kernel32

GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
LocalAlloc
LocalFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetStartupInfoW
InterlockedCompareExchange
InterlockedExchange
GetUserDefaultUILanguage
GetTempPathW
CreateMutexW
ReleaseMutex
WritePrivateProfileStringW
GetPrivateProfileIntW
FindFirstFileW
FindClose
GetLocalTime
FindResourceExW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
FindResourceW
LoadResource
LockResource
SizeofResource
GetCommandLineW
GetCurrentThreadId
GetModuleHandleW
CreateEventW
CreateThread
Sleep
SetEvent
WaitForSingleObject
CloseHandle
GetUserDefaultLCID
RaiseException
CreateProcessW
GetLastError
FormatMessageW
lstrlenA
GetPrivateProfileStringW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DeleteCriticalSection
InitializeCriticalSection
MultiByteToWideChar
GetVersionExW

user32

CharNextW
TranslateMessage
PostThreadMessageW
GetMessageW
DispatchMessageW
CharUpperW
UnregisterClassA
UnregisterClassW
LoadStringW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegOpenKeyW

shell32

SHGetFolderPathW

shlwapi

PathFindExtensionW
PathRemoveFileSpecW
PathAppendW

ole32

CoTaskMemFree
StringFromCLSID
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoInitializeEx
CoCreateInstance

oleaut32

LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
LPSAFEARRAY_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
GetRecordInfoFromTypeInfo
SafeArrayCreateEx
SafeArrayPutElement
VariantClear
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayDestroyData
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysFreeString
VariantInit
SysAllocString

atl80

ord32
ord11
ord10
ord17
ord31
ord18
ord22
ord64
ord61
ord23
ord58
ord20
ord30

rpcrt4

CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrStubCall2
NdrStubForwardingFunction
IUnknown_Release_Proxy
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1dd3d2d233b1b5798fe7ac7da5771368

Headers

File Characteristics

Imports

msvcr80

mfc80u

kernel32

user32

advapi32

shell32

shlwapi

ole32

oleaut32

atl80

rpcrt4

Sections

.text Size: 120KB - Virtual size: 116KB

.orpc Size: 8KB - Virtual size: 4KB

.rdata Size: 68KB - Virtual size: 64KB

.data Size: 16KB - Virtual size: 17KB

.idata Size: 8KB - Virtual size: 7KB

.rsrc Size: 32KB - Virtual size: 28KB

.text
Size: 120KB - Virtual size: 116KB

.orpc
Size: 8KB - Virtual size: 4KB

.rdata
Size: 68KB - Virtual size: 64KB

.data
Size: 16KB - Virtual size: 17KB

.idata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 32KB - Virtual size: 28KB