NEAS[.]279eb474c4af9ba47bd116f274978040[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.279eb474c4af9ba47bd116f274978040.exe
Size

448KB
MD5

279eb474c4af9ba47bd116f274978040
SHA1

0b4192500727a3260ffa5496b6c7309f9a96f40f
SHA256

20f242a0e1fbc78b3bf622a59d1530ffb31b4298d8268b1a6a7e4f7698b2ab38
SHA512

8a54de1f812838cc6e05e800eaa5199a9cc813b88f59a88589c470b33948d6c5fce6773e19336ea3f858cccf56514988c51e231b1c10738868dd9283d8745ec4
SSDEEP

12288:3mssat2vF3OkJUlRL9KcZzLwhmmsRVU2r8XUX49XWuR:Wsjte3DJUHL9KciVsR6XUXSXXR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.279eb474c4af9ba47bd116f274978040.exe

Files

NEAS.279eb474c4af9ba47bd116f274978040.exe
.dll regsvr32 windows:4 windows x86

565da0498a3e85f6206a1133c8e892b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

HeapAlloc
GetProcessHeap
HeapReAlloc
HeapFree
GetVersionExA
CreateFileA
LocalAlloc
InterlockedExchange
RaiseException
GetFileSize
SetFilePointer
ReadFile
DisableThreadLibraryCalls
FindClose
lstrcpyA
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GlobalAlloc
GlobalLock
GlobalUnlock
FreeResource
SizeofResource
SetLastError
WaitForSingleObject
CreateEventA
CreateThread
SetThreadPriority
CloseHandle
SetEvent
GetCurrentProcess
FlushInstructionCache
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetCurrentThreadId
lstrlenA
LoadLibraryA
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FindResourceA
LoadResource
LockResource

gdi32

SelectObject
SaveDC
SetTextColor
GetObjectA
CreateFontIndirectA
RestoreDC
DeleteObject
GetDeviceCaps

user32

CallNextHookEx
GetFocus
IsChild
SetFocus
UnhookWindowsHookEx
SendMessageA
GetDC
UnregisterClassA
SetWindowsHookExA
GetKeyState
PeekMessageA
TranslateMessage
GetWindowTextA
SetWindowTextA
SetRect
GetMessagePos
MoveWindow
MessageBeep
GetParent
CreateWindowExA
GetWindow
MapDialogRect
SetWindowContextHelpId
SendDlgItemMessageA
DestroyWindow
CallWindowProcA
DefWindowProcA
WinHelpA
IsIconic
ShowWindow
BringWindowToTop
PostQuitMessage
EnumChildWindows
CreateDialogParamA
EnableWindow
IsDlgButtonChecked
CheckDlgButton
LoadBitmapA
EndDialog
GetWindowLongA
PostMessageA
SetForegroundWindow
IsDialogMessageA
GetDlgItem
GetWindowRect
SetWindowPos
SetWindowLongA
GetSysColor
LoadCursorA
SetCursor
IsWindowUnicode
GetClientRect
ChildWindowFromPoint
DispatchMessageA

advapi32

RegEnumKeyA
RegEnumKeyExA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

oleaut32

SysStringLen
SysAllocStringLen
VariantInit
VariantClear
SysAllocString
LoadRegTypeLi
SysAllocStringByteLen
SysStringByteLen
OleCreateFontIndirect
SetErrorInfo
SafeArrayCreate
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VarBstrCat
SysFreeString

ole32

CLSIDFromString
CoTaskMemFree
StringFromGUID2
CreateStreamOnHGlobal
CoCreateInstance

wininet

DeleteUrlCacheEntryW
DeleteUrlCacheEntryA

atl70

ord23
ord61
ord15
ord46
ord30
ord49
ord64
ord22
ord18
ord48
ord60
ord38
ord40
ord42
ord44
ord43
ord31
ord58
ord10
ord11
ord32

msvcr70

wcscat
swprintf
wcstoul
wcsncat
_wtoi
malloc
realloc
free
memmove
wcschr
_purecall
_ltow
_itow
_wcsicmp
wcslen
wcsncpy
??2@YAPAXI@Z
??_U@YAPAXI@Z
wcscpy
_wcsnicmp
memset
wcscmp
??_V@YAXPAX@Z
??3@YAXPAX@Z
_wsplitpath
_except_handler3
_wmakepath
mbstowcs
_itoa
strtol
_wtol
_ltoa
wcstombs
wcsncmp
wcsrchr
_initterm
_adjust_fdiv
__dllonexit
_onexit

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
VSDllRegisterServer
VSDllUnregisterServer

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

565da0498a3e85f6206a1133c8e892b1

Headers

File Characteristics

Imports

kernel32

gdi32

user32

advapi32

oleaut32

ole32

wininet

atl70

msvcr70

Exports

Exports

Sections

.text Size: 172KB - Virtual size: 171KB

.data Size: 8KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 8KB

.reloc Size: 252KB - Virtual size: 252KB

.text
Size: 172KB - Virtual size: 171KB

.data
Size: 8KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 8KB

.reloc
Size: 252KB - Virtual size: 252KB