NEAS[.]26eb75a050386fc88b08350247102b00[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.26eb75a050386fc88b08350247102b00.exe
Size

1.1MB
MD5

26eb75a050386fc88b08350247102b00
SHA1

0815e3f084fe734ab4e35e1df4356279c785601c
SHA256

956422a0669e430b89698151fc7b63e57cda383ffdf1c27cb9ef97c842fd6cfd
SHA512

f5ea8cfeec4a208c1af55c2bed9933a30cbb152f81138ab9001b9d98383e77a8b3018a24396706e60c6e57f2c0b3ba71ab13fb20e057e4ab295987bd4fd0846d
SSDEEP

24576:Q9T9vBtJxiTHXWVlBBqKucN8Ehqgw1oBW10Rft7:Q9TVAklPucaEhqb0RV

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.26eb75a050386fc88b08350247102b00.exe

Files

NEAS.26eb75a050386fc88b08350247102b00.exe
.dll regsvr32 windows:4 windows x86

4e5470b029163279fdbc2e88f00a9509

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
fopen_s
fwprintf_s
fclose
vsprintf_s
vswprintf_s
wcsncpy_s
_beginthreadex
_wtol
_resetstkoflw
wcscpy_s
swscanf_s
_wcsdup
_setjmp3
longjmp
wcsstr
strncmp
_wsplitpath_s
_wcsnicmp
_CIsqrt
realloc
_vsnwprintf
_wtoi64
_wtoi
wcstod
_wcsicmp
_recalloc
wcstoul
wcsncmp
_CxxThrowException
_CIpow
strtod
__iob_func
fprintf
fread
fflush
fwrite
strncpy
memmove
malloc
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
_invalid_parameter_noinfo
memcpy_s
wcsrchr
wcschr
memset
abort
sprintf
memmove_s
free
calloc
__CxxFrameHandler3
memcpy

msvcp80

?_Xlen@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIPB_W@Z
?assign@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W0@Z
?_Copy_s@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPA_WIII@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??A?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAA_WI@Z
?find_first_of@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEIPB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??Y?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
?substr@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBE?AV12@II@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@I_W@Z
?append@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@PB_W@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IABV12@@Z
?insert@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@IPB_W@Z
?rfind@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEI_WI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@II@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHIIABV12@@Z
?_Xran@_String_base@std@@SAXXZ
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHABV12@@Z
?npos@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@2IB
?erase@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV12@II@Z
?resize@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEXI@Z
?compare@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEHPB_W@Z
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??4?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAEAAV01@PB_W@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ

kernel32

SystemTimeToFileTime
LocalAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
LoadLibraryW
GetTempPathA
GetTempFileNameA
CreateProcessA
GetProcAddress
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
FreeLibrary
DisableThreadLibraryCalls
HeapDestroy
RaiseException
LockFile
LockFileEx
UnlockFileEx
UnlockFile
GetFileInformationByHandle
SetEndOfFile
WaitForSingleObject
SetEvent
CreateEventW
FlushFileBuffers
GetDiskFreeSpaceExW
GlobalAlloc
GlobalFree
lstrcmpiW
MultiByteToWideChar
LoadLibraryA
HeapCreate
HeapAlloc
HeapReAlloc
GetProcessHeap
HeapFree
WriteFile
GetTempPathW
GetTempFileNameW
GlobalLock
GlobalUnlock
MoveFileW
DeleteFileW
SetFilePointer
ReadFile
CloseHandle
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
lstrlenW
GetUserDefaultLCID
LCMapStringW
GetLastError

user32

ReleaseDC
GetDC
GetDesktopWindow
LoadImageW
FindWindowA
LoadStringW
CharNextW
UnregisterClassA

advapi32

RegQueryValueExA
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExA
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW

ole32

CLSIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoInitializeEx
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoUninitialize

gdi32

GetDIBits
GetObjectW
DeleteObject

oleaut32

VarUI4FromStr
SafeArrayDestroy
VarBstrCmp
SysFreeString
SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
VariantCopy

wininet

InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetGetConnectedState
HttpQueryInfoW
InternetErrorDlg

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 708KB - Virtual size: 708KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 401KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4e5470b029163279fdbc2e88f00a9509

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

msvcp80

kernel32

user32

advapi32

ole32

gdi32

oleaut32

wininet

Exports

Exports

Sections

.text Size: 708KB - Virtual size: 708KB

.data Size: 34KB - Virtual size: 40KB

.rsrc Size: 14KB - Virtual size: 13KB

.reloc Size: 401KB - Virtual size: 404KB

.text
Size: 708KB - Virtual size: 708KB

.data
Size: 34KB - Virtual size: 40KB

.rsrc
Size: 14KB - Virtual size: 13KB

.reloc
Size: 401KB - Virtual size: 404KB