NEAS[.]2e7454bece4fb3318cd526c4f415c020[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2e7454bece4fb3318cd526c4f415c020.exe
Size

770KB
MD5

2e7454bece4fb3318cd526c4f415c020
SHA1

e61ab49b6d32dbd08cc4a97747d9ede175935051
SHA256

5fa1f7a70eeaea7c33dd809b7bcf3158d6368531605e8cff67dda8dde2fe4dd7
SHA512

18ff5483aa3a8c136b333f0568a7919faa4848edff7b5d75b5e20da88d97b4f2a07a017a68d7805cc899e8a987fb2f2959b1e4315e36809cb4f38a85eab36860
SSDEEP

24576:EOS/aFW//s/ODn3Y9zFMeUON0pQhwiSFj:oaFWhDn3EzFMehN5wLFj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2e7454bece4fb3318cd526c4f415c020.exe

Files

NEAS.2e7454bece4fb3318cd526c4f415c020.exe
.dll regsvr32 windows:4 windows x86

b91440c0ce138a8b46e9556b129638c0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

msi

ord81
ord67
ord65

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetMalloc

mfc80

ord762
ord429
ord6252
ord1138
ord314
ord1150
ord911
ord3997
ord5529
ord5403
ord2468
ord313
ord3604
ord3602
ord3618
ord476
ord3275
ord2942
ord2857
ord5380
ord4314
ord6265
ord2911
ord6264
ord701
ord3520
ord1147
ord1132
ord4845
ord6005
ord2306
ord1181
ord2259
ord2271
ord5563
ord2451
ord908
ord907
ord5714
ord5320
ord6286
ord5833
ord4887
ord4125
ord300
ord297
ord5410
ord1166
ord572
ord3230
ord4486
ord2958
ord2862
ord5200
ord1599
ord1655
ord1656
ord1964
ord5175
ord1362
ord4967
ord3345
ord6277
ord3802
ord6279
ord1522
ord2172
ord2178
ord2405
ord2387
ord2385
ord2403
ord2415
ord2392
ord2408
ord2413
ord2396
ord2398
ord2400
ord2394
ord2410
ord2390
ord934
ord930
ord932
ord928
ord923
ord5233
ord5235
ord5960
ord1600
ord4282
ord4722
ord3403
ord5214
ord4185
ord6275
ord5073
ord1908
ord5152
ord4238
ord1402
ord3946
ord1617
ord1620
ord5915
ord6725
ord2092
ord658
ord5866
ord462
ord1093
ord722
ord683
ord3825
ord530
ord451
ord4483
ord3950
ord2645
ord2541
ord4308
ord2836
ord2732
ord2538
ord6270
ord1906
ord4244
ord2510
ord4395
ord2993
ord1997
ord4870
ord4883
ord4252
ord4900
ord4459
ord4245
ord4612
ord4615
ord4613
ord4188
ord4193
ord4205
ord4438
ord4958
ord304
ord4496
ord4513
ord4656
ord4186
ord4506
ord4521
ord4919
ord4558
ord4512
ord4534
ord4535
ord4536
ord4800
ord4801
ord4527
ord4831
ord4826
ord4821
ord4879
ord4449
ord4374
ord4404
ord4795
ord4514
ord4642
ord4530
ord4531
ord3980
ord5487
ord2556
ord2422
ord4577
ord4575
ord5061
ord3756
ord2509
ord5118
ord1424
ord1621
ord5860
ord4814
ord4737
ord1658
ord5519
ord4498
ord265
ord4173
ord966
ord5456
ord1329
ord1957
ord3120
ord2050
ord3893
ord2882
ord4931
ord5871
ord3934
ord2324
ord2131
ord1571
ord4301
ord783
ord910
ord2687
ord3060
ord792
ord2322
ord2321
ord3657
ord1296
ord1917
ord1486
ord795
ord5715
ord3295
ord1482
ord1203
ord807
ord803
ord2292
ord865
ord802
ord496
ord800
ord6099
ord4108
ord2272
ord6174
ord305
ord785
ord3115
ord461
ord629
ord804
ord3388
ord5089
ord384
ord796
ord1396
ord794
ord1439
ord5323
ord2903
ord4109
ord744
ord5346
ord556
ord3389
ord745
ord557
ord3537
ord3661
ord1134
ord703
ord479
ord4262
ord4484
ord2858
ord4279
ord5210
ord6271
ord1401
ord5912
ord6724
ord1551
ord1670
ord1671
ord2020
ord4582
ord4890
ord4735
ord4212
ord5182
ord4903
ord4726
ord4540
ord4426
ord1763
ord784
ord4069
ord781
ord4035
ord266
ord3025
ord666
ord6754
ord1084
ord872
ord1198
ord6703
ord1050
ord1049
ord581
ord1209
ord1177
ord1175
ord1201
ord299
ord6118
ord2902
ord876
ord1489
ord757
ord4038
ord4014
ord6278
ord3801
ord6276
ord4326
ord2063
ord2018
ord5583
ord3806
ord1010
ord5102
ord6219
ord5382
ord3832
ord1920
ord2931
ord5224
ord5226
ord2247
ord3948
ord4568
ord5230
ord5213
ord5566
ord3829
ord2537
ord2731
ord2835
ord4307
ord2714
ord2838
ord2540
ord2646
ord2533
ord2990
ord3718
ord3719
ord3709
ord2644
ord3949
ord4481
ord4261
ord3262
ord566
ord310
ord578
ord3907
ord1191
ord1185
ord1187
ord764
ord1120
ord1167
ord371
ord1098
ord1208
ord1206
ord1092
ord1037
ord315
ord765
ord4495
ord4556

msvcr80

?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_crt_debugger_hook
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
fopen_s
fwprintf_s
fclose
vsprintf_s
vswprintf_s
wcsrchr
_strnicmp
atol
memset
_wcsicmp
_localtime64_s
_stricmp
strchr
memcpy
strstr
__CxxFrameHandler3
wcscpy_s
free

kernel32

FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GetVersionExA
GetTempPathA
CopyFileA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
WriteFile
FlushFileBuffers
CloseHandle
DeleteFileA
GetModuleHandleA
FindResourceA
LoadResource
LockResource
lstrlenA
OpenProcess
GetLastError
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
LocalFree
LocalAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
VirtualProtect
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleW
CreateProcessA
GetTempFileNameA
LoadLibraryW
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
LoadLibraryA
GlobalFree
GetProfileStringA
Sleep
FileTimeToSystemTime
FileTimeToLocalFileTime
GetSystemDefaultLangID
GetSystemDirectoryA
VerLanguageNameA

user32

InvalidateRect
RedrawWindow
OpenClipboard
EnableWindow
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageA
GetClientRect
EqualRect

advapi32

CloseEventLog
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
ReadEventLogA
GetNumberOfEventLogRecords
OpenEventLogA
RegEnumValueA
RegQueryInfoKeyA
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExA

ole32

CoTaskMemFree
StringFromCLSID
CLSIDFromProgID
CoCreateInstance
CoInitialize

oleaut32

GetActiveObject
SysAllocString
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VarBstrFromDate
LoadRegTypeLi
SysFreeString

Exports

Exports

DeleteOfficeData
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetOfficeData
GetTemplate

Sections

.text
Size: 433KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 271KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b91440c0ce138a8b46e9556b129638c0

Headers

DLL Characteristics

File Characteristics

Imports

version

msi

shell32

mfc80

msvcr80

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 433KB - Virtual size: 432KB

.data Size: 1KB - Virtual size: 2KB

.rsrc Size: 63KB - Virtual size: 63KB

.reloc Size: 271KB - Virtual size: 272KB

.text
Size: 433KB - Virtual size: 432KB

.data
Size: 1KB - Virtual size: 2KB

.rsrc
Size: 63KB - Virtual size: 63KB

.reloc
Size: 271KB - Virtual size: 272KB