NEAS[.]58d453026abbdd876b574c26cba52bc0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.58d453026abbdd876b574c26cba52bc0.exe
Size

926KB
MD5

58d453026abbdd876b574c26cba52bc0
SHA1

2b714e45cde7b06c27720f1f883f5724b48d907a
SHA256

d68d011cc9b9d37defe1f63f97e88267c10da138b92a5c6640060478b70de839
SHA512

e6575291757a99ad30f2429173bcad4d0e533911c21462abf540e059d72096a08ecb5465386dca668f360038151644a22f50507f93bd9c7e8dd10dd0234eda6f
SSDEEP

24576:QAr89WgHS9CrrbDAJ0Wy/H8QHChbbx/jh8920eylGorgd6v:Q6z3mU05ldro

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.58d453026abbdd876b574c26cba52bc0.exe

Files

NEAS.58d453026abbdd876b574c26cba52bc0.exe
.dll windows:6 windows x86

87157832791c9dcaa5684517b3eaa411

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoGetMalloc
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateGuid
IIDFromString

msvcr100

__clean_type_info_names_internal
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
vswprintf_s
_controlfp_s
wcschr
_finite
_wtoi
_vsnprintf_s
_mbsinc
wcsrchr
_CIpow
ceil
strnlen
_stricmp
?terminate@@YAXXZ
wcscspn
_CxxThrowException
_recalloc
memcpy_s
wcsstr
memcmp
_snprintf_s
memmove
wcsncmp
malloc
free
_memicmp
_wcsnicmp
_wcsicmp
towlower
towupper
__CxxFrameHandler3
iswcntrl
iswalnum
iswpunct
iswspace
iswdigit
memset
memcpy
wcsncpy_s
wcsncat_s
?_type_info_dtor_internal_method@type_info@@QAEXXZ

advapi32

ReportEventW
EventWrite
RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegSetValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
RegGetValueW

kernel32

VirtualProtect
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
HeapSetInformation
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
QueryPerformanceCounter
GetCurrencyFormatW
GetNumberFormatW
GetTimeFormatW
GetStringTypeExW
LCMapStringW
GetACP
GetLocalTime
GetSystemDefaultLCID
WerRegisterMemoryBlock
GetTickCount
LockResource
FindResourceExW
GetLocaleInfoW
LoadLibraryA
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
LocalAlloc
GetDateFormatW
RaiseException
GetUserDefaultLangID
lstrcmpiA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
GetVersionExA
GetUserDefaultLCID
IsDBCSLeadByte
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadResource
SizeofResource
lstrcmpiW
lstrlenW
FindResourceW
GetModuleHandleA
CompareStringW
CompareStringA
InitializeCriticalSection

oleaut32

SysAllocString
SysAllocStringLen
SysReAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantCopy
VariantChangeType
VarI2FromStr
VarI4FromStr
VarR4FromStr
VarR8FromStr
VarDateFromStr
VarCyFromStr
VarBstrFromI2
VarBstrFromI4
VarBstrFromR4
VarBstrFromR8
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
LHashValOfNameSys
SafeArrayCreate
SafeArrayDestroy
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPutElement
VarUI4FromStr
LoadRegTypeLi
CreateStdDispatch
SystemTimeToVariantTime
VariantChangeTypeEx
LoadTypeLi
SafeArrayGetDim
SafeArrayLock
SafeArrayUnlock
SafeArrayGetElement
SafeArrayCreateVector
GetAltMonthNames
VarDateFromUdate
VarUdateFromDate
VariantTimeToSystemTime

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

msvcp100

?_Xlength_error@std@@YAXPBD@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain

Sections

.text
Size: 524KB - Virtual size: 524KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rtext
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 349KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

87157832791c9dcaa5684517b3eaa411

Headers

DLL Characteristics

File Characteristics

Imports

ole32

msvcr100

advapi32

kernel32

oleaut32

version

msvcp100

Exports

Exports

Sections

.text Size: 524KB - Virtual size: 524KB

.data Size: 49KB - Virtual size: 49KB

.rtext Size: 512B - Virtual size: 76B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 349KB - Virtual size: 352KB

.text
Size: 524KB - Virtual size: 524KB

.data
Size: 49KB - Virtual size: 49KB

.rtext
Size: 512B - Virtual size: 76B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 349KB - Virtual size: 352KB