NEAS[.]5829002aeabffda7bee43d215763b6d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5829002aeabffda7bee43d215763b6d0.exe
Size

484KB
MD5

5829002aeabffda7bee43d215763b6d0
SHA1

bfb70e527db83696a2c70ed4305d33f5d446a87f
SHA256

5e52526c063bc6b33f582aed11094f04a415724118780d2b46013797653be539
SHA512

aee5147bb6a067349eb0641f7f34d55c4c03d2d49fd0acd6c8769fb3686a02007a0cc7c2cca7f81f83814570a9df56cb50cb454b4b2b0fe30c1e7df5e2e623d2
SSDEEP

6144:A5m5Q1Qo0zjaIeDFhXxJopwRm3DPmcphOIMarBwQsjmHb7KD9O/1U:AtQpz4avDlBhYcKJO/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5829002aeabffda7bee43d215763b6d0.exe

Files

NEAS.5829002aeabffda7bee43d215763b6d0.exe
.dll regsvr32 windows:4 windows x86

770937f2739cb7287c6f5fdcdb017b41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

atl80

ord61
ord32
ord58
ord31
ord30
ord15
ord18
ord22
ord64
ord23

crypt32

CertCloseStore
CryptQueryObject
CryptMsgGetParam
CertCreateCertificateContext
CryptDecodeObject
CertFindRDNAttr
CertRDNValueToStrW
CertFreeCertificateContext
CryptMsgClose

httpdownload

??1CHttpDownloadUIInterface@@UAE@XZ
??0CHttpDowndExports@@QAE@XZ
??0CHttpDownloadUIInterface@@IAE@XZ
?OnRedirected@CHttpDownloadUIInterface@@UAEXPB_W@Z
??1CHttpDowndExports@@QAE@XZ
?CancelDownload@CHttpDowndExports@@QAEXXZ
?Download@CHttpDowndExports@@QAEIPB_W0@Z
?SetAutoResume@CHttpDowndExports@@QAEXH@Z
?SetUIInterface@CHttpDowndExports@@QAEXPAVCHttpDownloadUIInterface@@@Z

kernel32

TerminateProcess
Process32NextW
OpenProcess
GetVersion
Process32FirstW
CreateToolhelp32Snapshot
GetLocalTime
RaiseException
SetThreadLocale
GetThreadLocale
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
CreateEventW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetFileAttributesW
Sleep
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
OutputDebugStringW
MultiByteToWideChar
FormatMessageW
DeleteCriticalSection
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
WideCharToMultiByte
GetLastError
CloseHandle
FreeLibrary
LoadLibraryExW
VirtualQuery
GetModuleFileNameW
lstrlenW
LoadLibraryW
GetProcAddress
GetModuleHandleW
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
InitializeCriticalSection
DeleteFileW
WaitForSingleObject
InterlockedCompareExchange
SetEvent
DisableThreadLibraryCalls
GetCurrentThreadId

livelog

?CheckDirectoryExist@@YAHPB_W@Z
?CreateAllDirectory@@YAHPB_W@Z
?KillOtherQQLivePlayerApp@@YAHPB_W@Z
?GetAppDataPath@@YA?AV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@XZ
?CheckFileExist@@YAHPB_W@Z
?DOLOG@@YAXPB_WZZ

msvcp80

?length@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
?find@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
?capacity@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
?empty@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE_NXZ
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEAB_WI@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?reserve@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?size@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIXZ
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_WI@Z
?replace@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IIABV12@@Z

msvcr80

_except_handler4_common
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
??3@YAXPAX@Z
??_V@YAXPAX@Z
memset
__CxxFrameHandler3
strcpy_s
_CxxThrowException
memcpy_s
wcscmp
wcscpy_s
wcscat_s
wcslen
wcsrchr
_vswprintf_c_l
_purecall
??2@YAPAXI@Z
_invalid_parameter_noinfo
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
??0exception@std@@QAE@XZ
_resetstkoflw
malloc
free
memcmp
memmove_s
_recalloc
calloc
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
memcpy
wcschr
wcsncmp
wcstol
_vswprintf
wcsstr
fwrite
fread
ftell
fseek
_wfopen
memmove
wcscat
fclose
_wcsicmp
_vscwprintf
vswprintf_s
wprintf_s
wcstoul
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter

ole32

CoCreateInstance
CoLoadLibrary

oleaut32

LoadTypeLi
VariantClear
SysAllocString
SysStringLen
SysAllocStringLen
VariantInit
SysFreeString
LoadRegTypeLi
SysStringByteLen
SysAllocStringByteLen

shell32

ShellExecuteW

shlwapi

StrCmpW

user32

MsgWaitForMultipleObjects
DestroyWindow
IsWindow
SetWindowLongW
CreateWindowExW
UnregisterClassW
PeekMessageW
PostQuitMessage
TranslateMessage
DispatchMessageW
UnregisterClassA
SetTimer
KillTimer
GetWindowLongW
DefWindowProcW
LoadCursorW
RegisterClassExW

vscover100

VSCoverRegisterAssembly

wintrust

WinVerifyTrust

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 284KB - Virtual size: 281KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vscov
Size: 4KB - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vscovmp
Size: 80KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vscovex
Size: 4KB - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

770937f2739cb7287c6f5fdcdb017b41

Headers

DLL Characteristics

File Characteristics

Imports

atl80

crypt32

httpdownload

kernel32

livelog

msvcp80

msvcr80

ole32

oleaut32

shell32

shlwapi

user32

vscover100

wintrust

Exports

Exports

Sections

.text Size: 284KB - Virtual size: 281KB

.rdata Size: 56KB - Virtual size: 54KB

.data Size: 8KB - Virtual size: 7KB

.vscov Size: 4KB - Virtual size: 568B

.vscovmp Size: 80KB - Virtual size: 77KB

.vscovex Size: 4KB - Virtual size: 20B

.rsrc Size: 12KB - Virtual size: 9KB

.reloc Size: 32KB - Virtual size: 28KB

.text
Size: 284KB - Virtual size: 281KB

.rdata
Size: 56KB - Virtual size: 54KB

.data
Size: 8KB - Virtual size: 7KB

.vscov
Size: 4KB - Virtual size: 568B

.vscovmp
Size: 80KB - Virtual size: 77KB

.vscovex
Size: 4KB - Virtual size: 20B

.rsrc
Size: 12KB - Virtual size: 9KB

.reloc
Size: 32KB - Virtual size: 28KB