NEAS[.]16b1908cab55593ef30d0594fb539510[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.16b1908cab55593ef30d0594fb539510.exe
Size

644KB
MD5

16b1908cab55593ef30d0594fb539510
SHA1

243880f8d6cb78c7a403e625b9a7acb8b7744953
SHA256

53bdf07a88693864642bd3f6f32640e06e0dc25b67e02bb8d93c236469378b54
SHA512

126751dd8a34dfa8cd609411049fcef7402951e6bcfd351d651c52b1a34d8e9fbd4d457a2157219c19770853aabd03927f7e2951f24e8a54f8ee1ab801abb518
SSDEEP

12288:NS4UGuCONnL0KfIUWljsNXWIHKYnkdoBrZCodWZJSJH6kPTLRMSH7QKx+1CFE3Qd:HUGuCONnL/fIJleXWIHHkdoBrZCodWZc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.16b1908cab55593ef30d0594fb539510.exe

Files

NEAS.16b1908cab55593ef30d0594fb539510.exe
.dll regsvr32 windows:4 windows x86

c907fef1e2eec25862bde38130dac0cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

iphlpapi

GetAdaptersInfo

mfc42

ord1146
ord5759
ord6192
ord5756
ord6186
ord4330
ord6189
ord6021
ord6172
ord5873
ord5789
ord5794
ord5678
ord5736
ord5579
ord5571
ord6061
ord5864
ord3596
ord3571
ord3626
ord640
ord5785
ord2860
ord3874
ord4133
ord4297
ord5788
ord472
ord2414
ord283
ord6194
ord1640
ord323
ord2859
ord5277
ord1641
ord941
ord924
ord2393
ord5356
ord5207
ord389
ord1228
ord2764
ord5651
ord3127
ord3616
ord354
ord350
ord5204
ord3229
ord4277
ord4202
ord5807
ord6881
ord6142
ord1799
ord3348
ord2989
ord3353
ord4622
ord3579
ord614
ord2625
ord2623
ord297
ord290
ord619
ord4226
ord2486
ord4003
ord5575
ord2464
ord1567
ord4036
ord268
ord1656
ord3443
ord3786
ord434
ord6467
ord2727
ord2730
ord2729
ord3829
ord5821
ord3662
ord772
ord812
ord500
ord414
ord559
ord713
ord6144
ord6141
ord2652
ord5594
ord1669
ord1168
ord1200
ord5604
ord3439
ord913
ord700
ord398
ord699
ord397
ord5593
ord3438
ord912
ord4188
ord5875
ord3693
ord5787
ord665
ord1979
ord5442
ord3318
ord5186
ord815
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord3401
ord3670
ord561
ord3952
ord2724
ord6354
ord1216
ord5572
ord2915
ord1227
ord6042
ord1877
ord4249
ord2687
ord1177
ord4006
ord3237
ord3005
ord4083
ord4187
ord1574
ord2629
ord1175
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4643
ord4354
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord2488
ord3404
ord4539
ord2954
ord4407
ord2384
ord6370
ord2983
ord3148
ord3260
ord4466
ord2986
ord4081
ord4624
ord5825
ord672
ord698
ord723
ord3946
ord362
ord396
ord423
ord4299
ord6199
ord2888
ord2795
ord5325
ord5332
ord5163
ord2385
ord2541
ord823
ord540
ord2514
ord324
ord6215
ord4459
ord6334
ord6030
ord4025
ord911
ord5592
ord4996
ord3204
ord3945
ord4785
ord2513
ord293
ord2379
ord2971
ord355
ord6883
ord801
ord6143
ord541
ord2246
ord2405
ord2450
ord3517
ord482
ord4979
ord6662
ord2956
ord2841
ord2448
ord4224
ord4220
ord2584
ord3654
ord2919
ord6270
ord2438
ord1644
ord5606
ord5629
ord910
ord4186
ord5591
ord551
ord3337
ord3811
ord2044
ord2107
ord3903
ord5834
ord6364
ord4472
ord5498
ord3278
ord3681
ord446
ord743
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord6052
ord1775
ord6371
ord923
ord4438
ord3279
ord4625
ord4425
ord746
ord449
ord2278
ord2294
ord2362
ord2282
ord2301
ord2266
ord2370
ord2288
ord5953
ord3326
ord6365
ord1099
ord4033
ord1949
ord818
ord1206
ord1223
ord2803
ord6385
ord2575
ord3402
ord3619
ord1572
ord3742
ord1270
ord1232
ord2152
ord613
ord6197
ord6379
ord2754
ord289
ord6605
ord3702
ord2411
ord2023
ord4218
ord2578
ord4398
ord3582
ord616
ord2080
ord501
ord802
ord542
ord773
ord5600
ord2777
ord2639
ord6569
ord1083
ord4287
ord5859
ord6741
ord6508
ord6921
ord6613
ord548
ord834
ord3610
ord3573
ord656
ord2089
ord816
ord6880
ord562
ord3089
ord6453
ord940
ord859
ord536
ord2642
ord5228
ord1721
ord4589
ord4588
ord4899
ord4370
ord4892
ord4535
ord5076
ord4341
ord4348
ord4887
ord4531
ord4545
ord4543
ord4526
ord4529
ord4524
ord4963
ord4960
ord4108
ord5240
ord3748
ord1725
ord5260
ord4432
ord480
ord761
ord4515
ord4894
ord3092
ord1904
ord4256
ord4461
ord1767
ord6124
ord5925
ord6130
ord6128
ord6090
ord763
ord2785
ord5146
ord697
ord1176
ord395
ord755
ord4023
ord470
ord5053
ord5768
ord4284
ord3752
ord3754
ord3984
ord3989
ord5862
ord5610
ord5903
ord5510
ord1652
ord429
ord1706
ord430
ord786
ord2461
ord6389
ord519
ord6311
ord4171
ord5445
ord703
ord404
ord3216
ord4042
ord6380
ord2884
ord986
ord520
ord1842
ord4333
ord4160
ord483
ord3007
ord2527
ord3078

msvcrt

_mbstok
fclose
_onexit
_chdir
_CxxThrowException
_ltoa
__CxxFrameHandler
_mbsicmp
_gcvt
_mbscmp
memmove
strtod
atoi
_ftol
_wcsicmp
rand
sprintf
wcsncpy
wcslen
fwrite
fopen
_mbschr
_mbsnicmp
_mbsstr
_mbsnbcmp
strtoul
_itoa
??1type_info@@UAE@XZ
_except_handler3
?terminate@@YAXXZ
__dllonexit
free
_initterm
malloc
_adjust_fdiv

kernel32

MultiByteToWideChar
LocalFree
WideCharToMultiByte
lstrcpyA
GetExitCodeThread
GlobalSize
GlobalReAlloc
GlobalFree
MulDiv
CreateProcessA
LoadLibraryA
FreeLibrary
CreateDirectoryA
FindFirstFileA
lstrcmpA
FindNextFileA
FindClose
CreateThread
Sleep
GetWindowsDirectoryA
lstrlenW
GetCurrentProcess
GetCurrentThread
DuplicateHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GetModuleFileNameA
SetCurrentDirectoryA
GetUserDefaultLCID
CreateFileA
GetLastError
GetFileSize
ReadFile
CloseHandle
FormatMessageA
lstrlenA
LocalAlloc
InterlockedDecrement

user32

TranslateMessage
InvalidateRect
DispatchMessageA
GetKeyState
GetNextDlgTabItem
SetRect
ShowScrollBar
DrawFrameControl
ClipCursor
GetClassInfoA
DefWindowProcA
DrawTextA
LoadCursorA
DrawEdge
IsWindowVisible
GetWindowRect
GetClassNameA
GetDC
ReleaseDC
GetMessagePos
CopyIcon
InvertRect
AppendMenuA
GetMenuItemCount
GetMenuStringA
GetFocus
SetParent
PostMessageA
GrayStringA
ScreenToClient
IsRectEmpty
IsWindow
EnableWindow
MapWindowPoints
GetMessageA
wsprintfA
IsCharAlphaA
GetParent
DestroyCursor
RedrawWindow
LoadImageA
CreatePopupMenu
SetWindowLongA
SetCursor
UpdateWindow
TabbedTextOutA
OffsetRect
FillRect
ReleaseCapture
PtInRect
CopyRect
GetClientRect
SetCapture
GetCapture
GetActiveWindow
GetWindowLongA
DrawStateA
FrameRect
InflateRect
GetSysColor
DrawFocusRect
SendMessageA

gdi32

BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
PtVisible
CreateSolidBrush
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextExtentPoint32A
CreatePen
Pie
GetTextColor
Ellipse
GetDeviceCaps
GetCurrentObject
EnumFontFamiliesA
GetMapMode
CreateFontIndirectA
SetBoundsRect
GetBoundsRect
SelectObject
SetBkColor
SetTextColor
DeleteDC
GetTextMetricsA
LineTo
Rectangle
CreateFontA
GetObjectA
AbortDoc
EndDoc
EndPage
StartPage
StartDocA
DeleteObject

advapi32

RegCloseKey
RegSetValueExA
RegCreateKeyExA
RegOpenKeyA
RegQueryValueExA
RegOpenKeyExA

shell32

ShellExecuteA

ole32

CoGetClassObject
CoInitialize
CreateStreamOnHGlobal
StgOpenStorage
CoUninitialize
CoCreateInstance
OleRun
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
OleInitialize
StgCreateDocfile

olepro32

ord251

oleaut32

VariantChangeType
VariantCopy
VariantClear
VariantInit
LoadRegTypeLi
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
GetErrorInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 416KB - Virtual size: 413KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c907fef1e2eec25862bde38130dac0cc

Headers

File Characteristics

Imports

iphlpapi

mfc42

msvcrt

kernel32

user32

gdi32

advapi32

shell32

ole32

olepro32

oleaut32

Exports

Exports

Sections

.text Size: 416KB - Virtual size: 413KB

.rdata Size: 84KB - Virtual size: 80KB

.data Size: 28KB - Virtual size: 30KB

.rsrc Size: 64KB - Virtual size: 62KB

.reloc Size: 48KB - Virtual size: 44KB

.text
Size: 416KB - Virtual size: 413KB

.rdata
Size: 84KB - Virtual size: 80KB

.data
Size: 28KB - Virtual size: 30KB

.rsrc
Size: 64KB - Virtual size: 62KB

.reloc
Size: 48KB - Virtual size: 44KB