NEAS[.]1f63072808d449ee7eb0fbddbf14c4d0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1f63072808d449ee7eb0fbddbf14c4d0.exe
Size

358KB
MD5

1f63072808d449ee7eb0fbddbf14c4d0
SHA1

a6eba89696762025bde211a474559253acab29c6
SHA256

03f1c5138d845ffccb03afb3759d9b08f1f8765d014f1e444365cb950d3ba8c7
SHA512

ce04805911b569185f05fa72d7b44a77a50953722381054991c371f0d5ab4c5c2db7297764ae4560a9805e30adbb49c393d645d3c41a403ad58928a8ad697a69
SSDEEP

6144:BgH82F3WQUkEg7uY7EImWji3T+Wg1YKUz+cA5Knjumj2NI6iJld1xibVq1bFLD:BstyDJWj31YKUz+/kjumcI6cik/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1f63072808d449ee7eb0fbddbf14c4d0.exe

Files

NEAS.1f63072808d449ee7eb0fbddbf14c4d0.exe
.dll windows:4 windows x86

e5439b82e42d0327e353935c25b5874b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

wcscpy_s
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
vswprintf_s
wcsrchr
??2@YAPAXI@Z
memcpy
??3@YAXPAX@Z
wcspbrk
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
fopen_s
fwprintf_s
fclose
_strnicmp
_wcsnicmp
_wcsicmp
_vsnprintf
strrchr
memset
vsprintf_s

kernel32

GetCurrentProcessId
LoadLibraryExW
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
LocalAlloc
RaiseException
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsBadWritePtr
IsBadReadPtr
GetACP
lstrlenA
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
GetFileAttributesA
SearchPathA
LoadLibraryW
GetLastError
SetLastError
GetModuleFileNameW
OutputDebugStringA
GetUserDefaultLCID
FreeLibrary
LoadLibraryA
InterlockedCompareExchange
MultiByteToWideChar
WideCharToMultiByte
GetCurrentThreadId
VirtualProtect
QueryPerformanceCounter
GetTickCount
MulDiv
GetSystemTimeAsFileTime
GetProcessHeap
CloseHandle
CreateProcessA
GetTempFileNameA
GetTempPathA
HeapFree
HeapAlloc
InterlockedExchange
Sleep

advapi32

RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyExW
RegCloseKey

ole32

CoCreateInstance

oleaut32

VariantInit
SysStringLen
SysAllocStringByteLen
SysFreeString
SysAllocStringLen
SafeArrayPutElement
SafeArrayCreateVector
SafeArrayDestroy

user32

DialogBoxParamW
GetDlgItem
SetWindowLongA
EndDialog
EnumThreadWindows
IsWindowEnabled
IsWindowVisible
CharNextA
CharUpperBuffA
SendDlgItemMessageA
GetWindowLongA
LoadStringA

olmapi32

ord189
ord42
ord36
ord241
ord190
ord191
ord140
EtwTraceErrorTag@8
ord139
ord61
ord75
ord76
ord135
ord62
ord49
ord259
ord179
REFTRACK_AddRefEx@16
HrIdnToDisplayFormSMTP@12
ord17
ord13
ord15
ord46
HrCreateNewWrappedObjectEx@48
ord60
ord138
ord50

gdi32

CreateFontIndirectA
GetTextMetricsA
GetTextExtentPoint32A
SelectObject
CreateDCA
DeleteObject

Exports

Exports

ABProviderInit
ServiceEntry
ServiceEntry@40

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 237KB - Virtual size: 240KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e5439b82e42d0327e353935c25b5874b

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

kernel32

advapi32

ole32

oleaut32

user32

olmapi32

gdi32

Exports

Exports

Sections

.text Size: 95KB - Virtual size: 95KB

.data Size: 22KB - Virtual size: 21KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 237KB - Virtual size: 240KB

.text
Size: 95KB - Virtual size: 95KB

.data
Size: 22KB - Virtual size: 21KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 237KB - Virtual size: 240KB