NEAS[.]7c35c3fb3f89db87e14eb463d4508d60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7c35c3fb3f89db87e14eb463d4508d60.exe
Size

1.9MB
MD5

7c35c3fb3f89db87e14eb463d4508d60
SHA1

e4962b8eea3e60023319216ceaf90907ecc39328
SHA256

6468dcdb9a9312e3c694a51a73c8bbe74e0f52ca201eba332e50a4f07db8c36e
SHA512

4b7c2c3cbec6103de44cd2a37b007dd7960281c061ab0499a05d394cd5c5e9001901d4e9c6734ef92d2ad1dc11d616a5f80e90799645c39b13381305574e37de
SSDEEP

49152:sAU/f+6ou+QOsMGFysMiBRUUxB0lp/Z9mZj:Dbf7sSsMaUEexoZj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7c35c3fb3f89db87e14eb463d4508d60.exe

Files

NEAS.7c35c3fb3f89db87e14eb463d4508d60.exe
.dll regsvr32 windows:5 windows x86

f6c473e91b22ab623402c87a539b1396

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CreateStreamOnHGlobal
CreateBindCtx
CoCreateFreeThreadedMarshaler
StringFromCLSID
CoTaskMemFree
CLSIDFromProgID
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance

shlwapi

PathIsURLW
StrCmpNW
StrToIntW
StrCmpNIW
StrCmpW
PathSearchAndQualifyW
UrlCreateFromPathW
PathCreateFromUrlW
UrlCanonicalizeW
UrlGetLocationW
UrlIsW
PathIsRelativeW
UrlUnescapeW

kernel32

LoadResource
LocalAlloc
CreateFileW
ReadFile
SetEndOfFile
InterlockedCompareExchange
FlushFileBuffers
SetStdHandle
GetProcAddress
LoadLibraryA
FreeLibrary
MultiByteToWideChar
GetModuleFileNameA
ExpandEnvironmentStringsA
TlsGetValue
OutputDebugStringW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
HeapFree
HeapSize
HeapAlloc
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
GetProcessHeap
CloseHandle
TlsSetValue
GetLastError
DuplicateHandle
GetCurrentThread
GetModuleHandleA
GetVersionExA
TlsAlloc
TlsFree
InitializeCriticalSection
WaitForSingleObject
ReleaseSemaphore
InterlockedExchange
CreateSemaphoreA
CreateEventW
Sleep
GetExitCodeThread
VirtualQuery
GetThreadContext
ResumeThread
SuspendThread
SetEvent
ResetEvent
HeapDestroy
HeapCreate
SetLastError
GetSystemInfo
RaiseException
WideCharToMultiByte
FormatMessageA
LoadLibraryExA
LocalFree
FindResourceW
FormatMessageW
FindClose
FindNextFileA
FindFirstFileA
GetUserDefaultLCID
GetSystemDefaultLCID
GetSystemDefaultLangID
LoadLibraryW
FileTimeToSystemTime
SystemTimeToFileTime
CreateEventA
GetVersionExW
GetThreadLocale
GetTimeFormatW
GetDateFormatW
CompareStringW
GetCPInfo
GetCommandLineA
VirtualProtect
RtlUnwind
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
HeapReAlloc
GetACP
GetOEMCP
SetFilePointer
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LCMapStringA
LCMapStringW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 83KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 119KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 654KB - Virtual size: 656KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f6c473e91b22ab623402c87a539b1396

Headers

File Characteristics

Imports

ole32

shlwapi

kernel32

Exports

Exports

Sections

.text Size: 1.1MB - Virtual size: 1.1MB

.data Size: 83KB - Virtual size: 85KB

.rsrc Size: 119KB - Virtual size: 119KB

.reloc Size: 654KB - Virtual size: 656KB

.text
Size: 1.1MB - Virtual size: 1.1MB

.data
Size: 83KB - Virtual size: 85KB

.rsrc
Size: 119KB - Virtual size: 119KB

.reloc
Size: 654KB - Virtual size: 656KB