NEAS[.]997ce35e43df04546746edfcb6a00b50[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.997ce35e43df04546746edfcb6a00b50.exe
Size

475KB
MD5

997ce35e43df04546746edfcb6a00b50
SHA1

b191b70c3fe0fe19b2c83acae8cc48ee60580182
SHA256

89f8e470aa5a6a82079956f15d0bf5f41a0b9130a587dc8cd8b8d6b57dd5863c
SHA512

7d87a194f02d266de155f24a57db59d5890525c20fd06185a2dad7b1d2eb2c76297ef7f5f94ced0f1ab16afee5514a52663b20681dc320fe80c4597168a39328
SSDEEP

6144:0pWAhtmie2adfm8sOuSwS6H5Q830r2duU04VMU5lh7lyfFgprSbKotuZ2aSMiT8J:bZCr0r2F2ilh7w9gpRsLMDcNl9euU

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.997ce35e43df04546746edfcb6a00b50.exe

Files

NEAS.997ce35e43df04546746edfcb6a00b50.exe
.exe windows:5 windows x86

3bda2ee3eaad8cd4ff1535ec0fdc8477

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

LoadLibraryExA
CopyFileW
GetFileAttributesW
GetVersionExA
GetSystemInfo
GetSystemDefaultUILanguage
WaitForSingleObject
lstrcpyA
Sleep
CreateThread
CreateEventA
GetModuleHandleW
GetCurrentThreadId
SetEvent
GetCommandLineA
FindResourceA
HeapSize
GetProcessHeap
EncodePointer
DecodePointer
InterlockedExchange
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
HeapSetInformation
InterlockedCompareExchange
InterlockedIncrement
IsDBCSLeadByte
LoadLibraryA
FreeLibrary
LoadLibraryW
FileTimeToSystemTime
SetSystemTime
GetCurrentProcess
CloseHandle
lstrcmpiA
lstrlenA
GetModuleHandleA
GetProcAddress
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
HeapFree
HeapAlloc
HeapDestroy
HeapReAlloc

user32

CharNextA
CharNextW
CharUpperA
LoadStringA
PostThreadMessageA
GetMessageA
DispatchMessageA
TranslateMessage
MessageBoxA

winspool.drv

XcvDataW
OpenPrinterA
EnumPortsW
AddPrinterW
AddPrinterDriverW
GetPrinterDriverDirectoryW
DeletePrinterConnectionW
DeletePrinter
OpenPrinterW
ClosePrinter

advapi32

RegQueryInfoKeyA
CreateServiceA
RegQueryValueExA
SetServiceStatus
RegisterEventSourceA
ReportEventA
DeregisterEventSource
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegQueryValueA
RegSetValueA
RegCreateKeyA
RegOpenKeyA
RegEnumKeyA
RegEnumKeyExA
RegQueryInfoKeyW
RegRestoreKeyW
RegOpenKeyExW
RegSaveKeyW
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
ControlService
RegisterServiceCtrlHandlerA
StartServiceCtrlDispatcherA
DeleteService

shell32

SHChangeNotify

ole32

CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
CoRevokeClassObject
StringFromGUID2
CoCreateInstance
CoAddRefServerProcess
CoReleaseServerProcess
CoInitializeSecurity
CoTaskMemAlloc
CoRegisterClassObject

oleaut32

RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysFreeString

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

msvcr100

_ismbblead
exit
_cexit
__getmainargs
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_amsg_exit
_fmode
_XcptFilter
_controlfp_s
_invoke_watson
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_except_handler4_common
strcat_s
wcsncpy_s
strcpy_s
_wcsicmp
__set_app_type
_exit
??3@YAXPAX@Z
wcsrchr
_mbsnbcpy_s
_mbsstr
malloc
free
memcpy_s
_gmtime64
_time64
_CxxThrowException
_vswprintf
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
memcpy
memmove
??_V@YAXPAX@Z
calloc
_recalloc
??2@YAPAXI@Z
??0exception@std@@QAE@ABV01@@Z
_resetstkoflw
__CxxFrameHandler3
_purecall
memset
vfprintf
fprintf
remove
fclose
fseek
ftell
fopen
_mbsrchr
_mbsdec
_strdup
strnlen
_mbsinc
_mbschr
_mbscmp
memmove_s
_vscprintf
vsprintf_s
puts
_vsnprintf_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 404KB - Virtual size: 604KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3bda2ee3eaad8cd4ff1535ec0fdc8477

Headers

DLL Characteristics

File Characteristics

Imports

version

kernel32

user32

winspool.drv

advapi32

shell32

ole32

oleaut32

msvcp100

msvcr100

Sections

.text Size: 47KB - Virtual size: 47KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 404KB - Virtual size: 604KB

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 404KB - Virtual size: 604KB