NEAS[.]aec802a2c06d54b6313b0f2e00aa7260[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.aec802a2c06d54b6313b0f2e00aa7260.exe
Size

2.0MB
MD5

aec802a2c06d54b6313b0f2e00aa7260
SHA1

917e3e99ea3ee602a103ee42dfdeb63f7e856b9a
SHA256

0ba50591b455dcc5c000860a693a64d5d11b38256f46d0b95ccd7b7396664892
SHA512

3a516380740039c6a6bd17819a36654135953553e5d9fffc2a1c853aa9326aa8bea6c14b6e29aed51ef902533abf19b9f94604d20dbdbf0e8aa9667fd354f3cc
SSDEEP

24576:S1Qtb8AtvWCfLeu3UNz6WWR/HFkR4hr2cesa8EQwCXjj+/ANq+Dfo6J+Fi:S1Q59BYz6W8/lkR4SQNj8HwIi

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.aec802a2c06d54b6313b0f2e00aa7260.exe

Files

NEAS.aec802a2c06d54b6313b0f2e00aa7260.exe
.dll windows:4 windows x86

2fc163efbcd2261c17c4803b859e955d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

IIDFromString
CreateStreamOnHGlobal
CoCreateGuid
OleInitialize
CoCreateInstance
StringFromGUID2

shlwapi

PathIsNetworkPathW

msvcr80

_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
_except_handler4_common
fwprintf_s
vsprintf_s
wcscpy_s
vswprintf_s
_wassert
_beginthreadex
_endthreadex
ceil
strchr
modf
_errno
strtod
_ecvt_s
_wtol
isxdigit
_wcsnicmp
tolower
wcsncpy
toupper
srand
isdigit
_wtoi
fopen_s
fputs
fputws
fclose
_wcslwr_s
_wcsupr_s
wcsstr
_setjmp3
_wcsicmp
rand
wcsrchr
longjmp
ldiv
??0exception@std@@QAE@ABV01@@Z
_invalid_parameter_noinfo
_CxxThrowException
__CxxFrameHandler3
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
memcmp
atoi
_localtime64_s
wcstok_s
_stricmp
_vsnprintf
_time64
malloc
_vsnwprintf
memmove
free
_wsplitpath_s
towupper
memcpy
wcsncmp
wcschr
memset
iswctype
wcstol

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z

advapi32

RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
OpenThreadToken
GetUserNameA
SetThreadToken
RegOpenKeyExA
RegCloseKey

kernel32

GetDriveTypeW
GetModuleHandleW
ExpandEnvironmentStringsW
FindFirstFileW
GetFileAttributesW
GetShortPathNameW
GetFullPathNameW
GetTempPathW
GetComputerNameW
DeleteFileW
GetTempFileNameW
LoadLibraryExW
GetLocaleInfoW
GetModuleHandleA
GetCurrentThread
IsDBCSLeadByte
GetDateFormatA
GetTimeFormatA
GetCurrencyFormatA
GetNumberFormatA
MultiByteToWideChar
WideCharToMultiByte
GetDateFormatW
RaiseException
GetCurrentThreadId
CreateThread
WaitForSingleObject
ResetEvent
SetEvent
CreateEventA
GetComputerNameA
GlobalMemoryStatus
GetSystemInfo
HeapFree
GetProcessHeap
HeapAlloc
SetThreadPriority
ResumeThread
GetFileInformationByHandle
UnlockFile
LockFile
WriteFile
GetFileType
SetFilePointer
GetFileSize
FlushFileBuffers
GetLocaleInfoA
CreateFileW
GetFileSizeEx
ReadFile
Sleep
FindFirstFileA
FindClose
GetTempPathA
CloseHandle
GetLastError
GetVersionExA
DeleteFileA
LoadLibraryW
GetSystemDirectoryW
LoadLibraryA
VirtualProtect
QueryPerformanceCounter
GetCurrentProcessId
CreateProcessA
GetTempFileNameA
InterlockedExchange
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
LeaveCriticalSection
DisableThreadLibraryCalls
VirtualAlloc
VirtualQuery
VirtualFree
GetUserDefaultLCID
FreeLibrary
GetProcAddress
GetTickCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LocalAlloc
GetLocalTime

oleaut32

SafeArrayLock
VariantChangeType
SysStringLen
SysFreeString
SafeArrayDestroy
SafeArrayPutElement
SysAllocString
VariantClear
SafeArrayCreateVector
VariantInit
VarBstrCmp
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
SafeArrayUnlock
SafeArrayAccessData
SafeArrayCreate
SafeArrayUnaccessData

user32

TranslateMessage
CharUpperW
DispatchMessageA

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2fc163efbcd2261c17c4803b859e955d

Headers

DLL Characteristics

File Characteristics

Imports

ole32

shlwapi

msvcr80

msvcp80

advapi32

kernel32

oleaut32

user32

Sections

.text Size: 1.3MB - Virtual size: 1.3MB

.data Size: 280KB - Virtual size: 280KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 352KB - Virtual size: 352KB

.text
Size: 1.3MB - Virtual size: 1.3MB

.data
Size: 280KB - Virtual size: 280KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 352KB - Virtual size: 352KB