NEAS[.]c602db8e565589ba4e46adb0bf7945d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c602db8e565589ba4e46adb0bf7945d0.exe
Size

411KB
MD5

c602db8e565589ba4e46adb0bf7945d0
SHA1

bb27fad297875b9c8238fe811a86b34447da1e5e
SHA256

81d9e49d6f044e47c8e17c699a5e46bd35a8776e9cf10adfb47472746c5278bd
SHA512

22be907e0abd472587dcf9fe1911b231c39ff504848b9c18b23b9cc552605f7dc647109f7ef9c24c84deb37815e61086cd0744d906362cd231911f7fe0068a94
SSDEEP

12288:B5N4X5VLxJdZ6q+fYdtfDY1lXZ68FHgy4Rqk2B7V:BWdnZ6URmZR0qk2

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c602db8e565589ba4e46adb0bf7945d0.exe

Files

NEAS.c602db8e565589ba4e46adb0bf7945d0.exe
.dll regsvr32 windows:6 windows x86

b39f8b06cc5ebf8c66b642c5e488d5b1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
LoadLibraryW
GetModuleHandleA
OutputDebugStringA
SetLastError
HeapFree
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
SetThreadLocale
WideCharToMultiByte
DuplicateHandle
ResumeThread
GetProcessHeap
GetThreadLocale
GetCurrentThreadId
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
LoadLibraryExW
LoadLibraryExA
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
LocalFree
GlobalFree
GlobalAlloc
LocalAlloc
SetErrorMode
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
UnmapViewOfFile
HeapDestroy
HeapReAlloc
HeapSize
OpenEventW
GlobalMemoryStatusEx
SetProcessWorkingSetSize
HeapCompact
K32GetProcessMemoryInfo
GetTickCount64
GetThreadTimes
CreateMutexW
ReleaseMutex
K32GetProcessImageFileNameW
GetCurrentProcessId
OpenProcess
SetEvent
OpenMutexW
FreeLibraryAndExitThread
WaitForSingleObject
TerminateProcess
GetCurrentProcess
WaitForMultipleObjects
CloseHandle
CreateThread
GetModuleHandleExW
CreateEventW
VerifyVersionInfoW
VerSetConditionMask
OutputDebugStringW
IsDebuggerPresent

advapi32

RegQueryInfoKeyW
RegDeleteKeyW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
EventWriteTransfer

ole32

OleUninitialize
CoMarshalInterThreadInterfaceInStream
CoCreateGuid
CoRegisterPSClsid
CoUnmarshalInterface
CoCreateInstance
StringFromGUID2
CoRevokeClassObject
CoDisconnectObject
OleInitialize
CoTaskMemAlloc
CoRegisterClassObject
CoGetInterfaceAndReleaseStream

oleaut32

SysAllocString
LoadTypeLi
SysFreeString
LoadRegTypeLi
SafeArrayLock
SafeArrayCopy
SafeArrayGetVartype
SysStringLen
SafeArrayCreate
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SafeArrayGetElement
SafeArrayDestroy
SafeArrayUnlock
VarBstrCat

vcruntime140

memcpy
__CxxFrameHandler3
__std_terminate
wcsstr
_except_handler4_common
__std_type_info_destroy_list
__std_exception_destroy
__std_exception_copy
_purecall
memset
_CxxThrowException
memchr
memcmp
memmove

msvcp140

?exceptions@ios_base@std@@QAEXH@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
_Mtx_destroy_in_situ
_Mtx_init_in_situ
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
??Bid@locale@std@@QAEIXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?always_noconv@codecvt_base@std@@QBE_NXZ
_Mtx_unlock
_Query_perf_frequency
_Query_perf_counter
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
_Mtx_lock
?_Throw_C_error@std@@YAXH@Z
?_Xbad_function_call@std@@YAXXZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z

api-ms-win-crt-heap-l1-1-0

malloc
free

api-ms-win-crt-string-l1-1-0

strncpy_s
strncmp
wcsncpy_s
_wcsnicmp
wcsncmp
tolower
towlower
wcscat_s
_wcsicmp
wcscpy_s

api-ms-win-crt-runtime-l1-1-0

_errno
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_initterm
_initterm_e
_execute_onexit_table
_seh_filter_dll
terminate
_cexit
_crt_atexit
_configure_narrow_argv
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment

api-ms-win-crt-stdio-l1-1-0

_get_stream_buffer_pointers
__stdio_common_vswprintf_s
ungetc
fgetc
fread
fclose
fwrite
fgetpos
_fseeki64
fsetpos
fputc
setvbuf
fflush

api-ms-win-crt-convert-l1-1-0

_itow_s
wcstombs_s

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char

gdi32

CreateCompatibleBitmap
DeleteDC
GetObjectW
CreateDCW
GetDIBits
CreateCompatibleDC
SelectObject

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 248KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b39f8b06cc5ebf8c66b642c5e488d5b1

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

ole32

oleaut32

vcruntime140

msvcp140

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

gdi32

api-ms-win-crt-filesystem-l1-1-0

Exports

Exports

Sections

.text Size: 109KB - Virtual size: 108KB

.rdata Size: 43KB - Virtual size: 43KB

.data Size: 6KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 248KB - Virtual size: 252KB

.text
Size: 109KB - Virtual size: 108KB

.rdata
Size: 43KB - Virtual size: 43KB

.data
Size: 6KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 248KB - Virtual size: 252KB