NEAS[.]9fd1065cbf6a4ffde3eaef9371647b00[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9fd1065cbf6a4ffde3eaef9371647b00.exe
Size

1.2MB
MD5

9fd1065cbf6a4ffde3eaef9371647b00
SHA1

4f9e547983013b606bf97d36751627631e561b6d
SHA256

a51f79f8d3eed013837f01d32a9138bda10c2e65dc02f9e0cdd2cd1b392c1725
SHA512

e61d4cf18376cdb8197b365642a7ef8fb7ea5a6bce573ddd15ce6a5d267387f9b8e8b51d116a544823cd02f079df0e52352215cdf30c3e8e3eaaf04f421922b5
SSDEEP

24576:djlAryfHIqcuLkNT9z7PfgMA/wdy8CLmFjKX2PgFEviTFVj6e2:diVrfgMAJ83jKX2PgSOF/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9fd1065cbf6a4ffde3eaef9371647b00.exe

Files

NEAS.9fd1065cbf6a4ffde3eaef9371647b00.exe
.dll regsvr32 windows:6 windows x86

e97ffd5a1c7c38482961981793d04feb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

RaiseException
SetLastError
ReleaseSemaphore
WaitForSingleObject
GetCurrentProcess
GetCurrentThreadId
FlushInstructionCache
GetVersionExW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
lstrcmpW
CreateSemaphoreW
GetTempFileNameA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetWindowsDirectoryA
GetWindowsDirectoryW
MoveFileExW
CreateFileA
GetFileAttributesA
SetFileAttributesA
GetFullPathNameW
GetFileInformationByHandle
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
DisableThreadLibraryCalls
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
FindResourceW
GetSystemDirectoryA
LocalAlloc
LocalFree
GlobalSize
LockResource
GetCurrentThread
GetUserDefaultLCID
DecodePointer
GetCommandLineA
EncodePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetTempPathW
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
ExitProcess
SetHandleCount
GetStdHandle
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
IsProcessorFeaturePresent
GetStringTypeW
InterlockedExchange
LoadLibraryW
LCMapStringW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleW
GetProcessHeap
RemoveDirectoryW
RemoveDirectoryA
GetTempFileNameW
GetFileType
GetFileSize
DeleteFileW
DeleteFileA
CreateFileW
CreateDirectoryW
CreateDirectoryA
IsValidLocale
CopyFileW
CopyFileA
GetSystemTimeAsFileTime
Sleep
CloseHandle
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
FindNextFileW
FindFirstFileW
FindClose
SetFileAttributesW
GetFileAttributesW
GetTickCount
GetModuleFileNameW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
OutputDebugStringA
MultiByteToWideChar
lstrlenW
lstrlenA
FormatMessageW
FormatMessageA
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
GetLastError
WideCharToMultiByte
SetErrorMode
IsDebuggerPresent
GetDriveTypeA
SetCurrentDirectoryW
SetEnvironmentVariableW
LoadLibraryA
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetCurrentDirectoryW
CompareStringA
CompareStringW
GetSystemDefaultLCID
GetVersionExA
GetTempPathA
GetModuleHandleA
FindResourceExW
GetVersion
GetDiskFreeSpaceA

gdi32

GetObjectW
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
GetTextExtentExPointW
GetTextExtentExPointA

version

VerQueryValueW
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

advapi32

GetNamedSecurityInfoW
RevertToSelf
MapGenericMask
ImpersonateSelf
AccessCheck
OpenThreadToken
OpenProcessToken
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteValueA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

ole32

OleLockRunning
OleUninitialize
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
CLSIDFromProgID
CLSIDFromString
CoCreateInstance
CoGetClassObject
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoTaskMemFree
CoDisconnectObject
CoTaskMemRealloc
CoGetMalloc
CreateBindCtx
CreateItemMoniker
StringFromCLSID
CreatePointerMoniker
OleInitialize

oleaut32

SysStringLen
LoadTypeLi
LoadRegTypeLi
SysAllocStringLen
OleCreateFontIndirect
SetErrorInfo
GetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreateVector
SysStringByteLen
SysAllocStringByteLen
CreateErrorInfo
SysFreeString
SysAllocString
VariantInit
VariantClear

winspool.drv

StartDocPrinterW
StartPagePrinter
OpenPrinterA
OpenPrinterW
WritePrinter
ClosePrinter
EndDocPrinter
StartDocPrinterA
EndPagePrinter

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HxGetObjectCA

Sections

.text
Size: 598KB - Virtual size: 597KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 38KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 382KB - Virtual size: 384KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e97ffd5a1c7c38482961981793d04feb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

gdi32

version

advapi32

ole32

oleaut32

winspool.drv

Exports

Exports

Sections

.text Size: 598KB - Virtual size: 597KB

.data Size: 38KB - Virtual size: 47KB

.rsrc Size: 251KB - Virtual size: 250KB

.reloc Size: 382KB - Virtual size: 384KB

.text
Size: 598KB - Virtual size: 597KB

.data
Size: 38KB - Virtual size: 47KB

.rsrc
Size: 251KB - Virtual size: 250KB

.reloc
Size: 382KB - Virtual size: 384KB