NEAS[.]d174a05da5980cf8d478ff2b82f950b0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.d174a05da5980cf8d478ff2b82f950b0.exe
Size

1.1MB
MD5

d174a05da5980cf8d478ff2b82f950b0
SHA1

5a4626f5a4abbf016e4f188cab1287652593118a
SHA256

6732c91574817884a43e2469a17d9b1403bfc0739e77092a5be70221527e3334
SHA512

93c7bc586d4488ae425e50f47333376c80c58368eca099d564c7254ad6b7e9a50f2c0ffe3975cad80751ee3ee0bdf53a750a8c0d63735c16226ead47d9702e16
SSDEEP

12288:2Zp3G4V1mrjgysx3Mho+a8AvBwEAha45KPozfmyx2Zq2713I2W2nTHzWR8t6z3n4:cFD13ps8t608MNhWe09CD1UsqoFV0k

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.d174a05da5980cf8d478ff2b82f950b0.exe

Files

NEAS.d174a05da5980cf8d478ff2b82f950b0.exe
.dll regsvr32 windows:6 windows x86

0e27bc8869e81421e7a8836954f74986

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
EncodePointer
InitializeCriticalSectionAndSpinCount
DecodePointer
LoadLibraryExA
lstrlenA
GetProcAddress
GetModuleFileNameA
GetTickCount
GetEnvironmentVariableA
FlushViewOfFile
MapViewOfFileEx
SetFilePointer
LoadLibraryExW
GetFullPathNameW
ExpandEnvironmentStringsW
DeviceIoControl
GetFileType
DeleteFileW
GetLastError
LoadLibraryA
SwitchToThread
InterlockedExchange
FreeLibrary
LocalAlloc
GetCurrentThreadId
InterlockedCompareExchange
Sleep
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
LocalFree
FormatMessageW
SetLastError
GetVersion
GetSystemInfo
MultiByteToWideChar
CreateFileW
GetFileSize
CloseHandle
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
LCMapStringW
GetFileAttributesW
SetFileAttributesW
CopyFileExW
WideCharToMultiByte
VirtualAlloc
VirtualFree

msvcr120_clr0400

_snwprintf_s
malloc
_time32
fprintf
fopen_s
__crtTerminateProcess
__crtUnhandledException
_crt_debugger_hook
_except_handler4_common
__clean_type_info_names_internal
_onexit
__dllonexit
_calloc_crt
_unlock
_lock
??1type_info@@UAE@XZ
__CxxFrameHandler3
?terminate@@YAXXZ
_initterm_e
_initterm
_malloc_crt
free
_amsg_exit
__CppXcptFilter
wcscpy_s
memcpy_s
wcsncpy_s
qsort
??_V@YAXPAX@Z
??3@YAXPAX@Z
_callnewh
swprintf_s
_CxxThrowException
memcpy
_purecall
_wcsdup
wcscat_s
_wmakepath_s
_wsplitpath_s
_vsnwprintf
memset
wcsncmp
_wcsicmp
fclose
strcpy_s
strcat_s
memmove
strstr
bsearch
_wsopen
strncmp
wcschr
iswdigit
__unDName
fread
fseek
_wfsopen
sprintf_s
strncpy_s
wcstoul
strchr
_wcsnicmp
towlower
wcsncat_s
wcsrchr
_wfullpath
_chsize
_close
_read
_write
_lseeki64
_get_osfhandle
_open_osfhandle
_stricmp
ftell
_wdupenv_s
_mbscmp
_memicmp
strrchr
calloc
_recalloc

mscoree

GetCORVersion

ole32

StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc

advapi32

RegSetValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExA

Exports

Exports

CreateNGenPdbWriter
DllCanUnloadNow
DllGetClassObject
DllGetClassObjectInternal
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 708KB - Virtual size: 707KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 425KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0e27bc8869e81421e7a8836954f74986

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

msvcr120_clr0400

mscoree

ole32

advapi32

Exports

Exports

Sections

.text Size: 708KB - Virtual size: 707KB

.data Size: 6KB - Virtual size: 10KB

.idata Size: 4KB - Virtual size: 3KB

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 425KB - Virtual size: 428KB

.text
Size: 708KB - Virtual size: 707KB

.data
Size: 6KB - Virtual size: 10KB

.idata
Size: 4KB - Virtual size: 3KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 425KB - Virtual size: 428KB