NEAS[.]1c465c2a3581bff1673b7ef8dabd7400[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1c465c2a3581bff1673b7ef8dabd7400.exe
Size

288KB
MD5

1c465c2a3581bff1673b7ef8dabd7400
SHA1

f9af275235499d2a3978ec75f9c4e3237973ec4d
SHA256

fc9f0ac174265b2f210345526be34cff514b1c9be650a7e275bc93b8a44433ff
SHA512

76478b0e769e81b4a07a531878686aa5579bda818c4325175c04c32cd30b8ce328151d4a410c9e61cbdace58fb66005eddb65308fc75dc9e8a849955be8cd1eb
SSDEEP

6144:jdHe33wanJjXAHYL5waJqj0ZH8Zh8QlE2hlrbURrQ6zspZJa7C6jOjU0:jdo35JjXA4LqcqjCH8n8B2hlrbK86zAT

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1c465c2a3581bff1673b7ef8dabd7400.exe

Files

NEAS.1c465c2a3581bff1673b7ef8dabd7400.exe
.dll regsvr32 windows:4 windows x86

d93e2543bde0aaa0d5f08bbf2d15cba6

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
InterlockedIncrement
EnterCriticalSection
InterlockedDecrement
DisableThreadLibraryCalls
lstrlenW
lstrlenA
GetShortPathNameA
GetModuleFileNameA
SizeofResource
LoadResource
FindResourceA
MultiByteToWideChar
WideCharToMultiByte
lstrcmpiA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
lstrcpyA
lstrcatA
RtlUnwind
DeleteCriticalSection
InitializeCriticalSection
GlobalAlloc
GlobalLock
LoadLibraryA
GetProcAddress
FreeLibrary
GlobalUnlock
LoadLibraryExA
GetLastError
GetStringTypeW
GetStringTypeA
HeapCreate
GetOEMCP
LCMapStringW
GlobalFree
VirtualFree
GetEnvironmentStringsW
GetEnvironmentStrings
WriteFile
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetVersion
ExitProcess
GetCPInfo
GetACP
LCMapStringA
TlsFree
SetLastError
VirtualAlloc
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
GetStdHandle
TlsGetValue
SetHandleCount
FreeEnvironmentStringsA
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW

user32

OemToCharA
CharToOemA
CharNextA
CharLowerA

advapi32

RegEnumValueA
RegQueryInfoKeyA
RegSetValueExA
RegEnumKeyExA
RegCloseKey
RegDeleteValueA
RegCreateKeyExA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

RegisterTypeLi
SysStringLen
LoadTypeLi
VarUI4FromStr
SysAllocString
VariantCopy
VariantClear
SysFreeString
VariantInit
SysAllocStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d93e2543bde0aaa0d5f08bbf2d15cba6

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 28KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 4KB - Virtual size: 9KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 228KB - Virtual size: 228KB

.text
Size: 32KB - Virtual size: 28KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 4KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 228KB - Virtual size: 228KB