NEAS[.]f48372b5131128cf9ffd2c114f1e11d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f48372b5131128cf9ffd2c114f1e11d0.exe
Size

543KB
MD5

f48372b5131128cf9ffd2c114f1e11d0
SHA1

ef9e8634187215b6310886f2e35290885205ec0f
SHA256

70fe64b049e8ad34d7f010940190816c789ea98f503bdd45b7dbb7793081b4ab
SHA512

2533ab4cba9b41712e8f3e044b9cd04689e5eebe19d2dcd70b796870626dc37daec40ff6541c4810b4aec04713f4acd007d7de8fdb4defaccff82750b7d9e7cb
SSDEEP

12288:1UW+3zFM3jhq+ZgDM40xVtUCOGxlbS/Ndep:1UP3zl+Rfr15p

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f48372b5131128cf9ffd2c114f1e11d0.exe

Files

NEAS.f48372b5131128cf9ffd2c114f1e11d0.exe
.dll regsvr32 windows:6 windows x86

1644c51447a86adfc5e532442b88312b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OpenProcess
CopyFileW
WideCharToMultiByte
InitializeCriticalSection
FindResourceExW
LockResource
GlobalReAlloc
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetCurrentProcess
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
LoadLibraryExA
GetTempPathW
SetFileAttributesW
DeleteFileW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetTimeZoneInformation
WriteFile
GetStringTypeW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
CloseHandle
FindFirstFileExW
FindClose
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetStdHandle
LCMapStringW
CompareStringW
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileInformationByHandle
GetDriveTypeW
GetFileAttributesExW
VirtualQuery
VirtualProtect
GetSystemInfo
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlUnwind
LocalFree
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ReadFile
GetFileSize
CreateFileW
SetThreadLocale
GetThreadLocale
EncodePointer
lstrcmpiW
FindResourceW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalLock
GlobalUnlock
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
TerminateProcess
GlobalAlloc
GetCurrentThreadId
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
FindNextFileW
DecodePointer

user32

DestroyWindow
IsChild
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
MoveWindow
DefWindowProcW
PostMessageW
RegisterWindowMessageW
CharLowerBuffW
UnregisterClassW
SendMessageW
SetWindowPos
CallWindowProcW
GetDlgItem
CharNextW
SetFocus
GetFocus
SetCapture
ReleaseCapture
SetTimer
GetWindowThreadProcessId
PeekMessageW
SetParent
ShowWindow
FindWindowW
IsClipboardFormatAvailable
EmptyClipboard
GetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
OffsetRect
FillRect
GetSysColor
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer

advapi32

CryptDestroyHash
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGetHashParam
CryptImportKey
CryptDecrypt
CryptCreateHash
CryptHashData
RegCloseKey

ole32

CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx
OleInitialize
OleUninitialize
OleDraw
OleLockRunning
HWND_UserSize
CoTaskMemRealloc

shell32

SHGetDesktopFolder

oleaut32

SysAllocString
VarBstrCmp
SysAllocStringLen
VariantInit
VariantClear
OleCreateFontIndirect
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetUBound
LoadRegTypeLi
SafeArrayLock
VariantCopy
RegisterTypeLi
UnRegisterTypeLi
OleLoadPicture
SafeArrayDestroy
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayRedim
SafeArrayCopy
SafeArrayGetVartype
VariantChangeType
VarI4FromStr
VarBstrFromI4
SysStringLen
SysFreeString
SafeArrayGetLBound
LoadTypeLi

gdi32

SetEnhMetaFileBits
GetDIBits
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
DeleteEnhMetaFile
CreateDIBSection
CopyEnhMetaFileW
SetBrushOrgEx
GetObjectW
SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
SelectObject
GetStockObject
BitBlt
DeleteObject
GetDeviceCaps
CreateCompatibleDC
CreateSolidBrush
DeleteDC

urlmon

CreateURLMonikerEx
CoInternetSetFeatureEnabled

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrClientCall2
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrOleAllocate
NdrOleFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1644c51447a86adfc5e532442b88312b

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

urlmon

rpcrt4

Exports

Exports

Sections

.text Size: 177KB - Virtual size: 176KB

.orpc Size: 512B - Virtual size: 245B

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 9KB - Virtual size: 12KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 280KB - Virtual size: 280KB

.text
Size: 177KB - Virtual size: 176KB

.orpc
Size: 512B - Virtual size: 245B

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 9KB - Virtual size: 12KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 280KB - Virtual size: 280KB