NEAS[.]0c759be03e9bea16eae1ff9d19adbc20[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0c759be03e9bea16eae1ff9d19adbc20.exe
Size

173KB
MD5

0c759be03e9bea16eae1ff9d19adbc20
SHA1

312c4445fac5adb58391260f42c59523d6ff8cca
SHA256

6088bf0661db38892edf960d60ee40d0843f3652bb0291d0f2264472a6f80df5
SHA512

d7d9add73532883496fc75489982c695bcc3762214ba11e1ba1d8c792000962398f7f43739fba315b074d648a8ae0221228cfcd8a868e2e574531a82e16197bd
SSDEEP

3072:tQZXlUxdeFZaRbSA68e3/AYCmoM8ihpTu7ICXBJakcW2q:tQlUxdIgmvaihpTCa4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0c759be03e9bea16eae1ff9d19adbc20.exe

Files

NEAS.0c759be03e9bea16eae1ff9d19adbc20.exe
.dll regsvr32 windows:10 windows x86

07304d12358e8a640cb987bea54b5e41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_alldiv
memset
wcstombs

msvcrt

malloc
_amsg_exit
_except_handler4_common
free
_XcptFilter
__CxxFrameHandler3
_initterm

api-ms-win-core-synch-l1-1-0

InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromCLSID
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyA
RegEnumKeyA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

07304d12358e8a640cb987bea54b5e41

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 26KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 141KB - Virtual size: 141KB

.text
Size: 26KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 141KB - Virtual size: 141KB