NEAS[.]3d9c92a2d9fe9ba40147b1ffcef602f0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.3d9c92a2d9fe9ba40147b1ffcef602f0.exe
Size

1.1MB
MD5

3d9c92a2d9fe9ba40147b1ffcef602f0
SHA1

ab746eec9aab7b793a25f086623e707e03cacacd
SHA256

2572d0e6d20fc600e043d68194c242bebdd54993295e207e82b2bf8fe0f85f6a
SHA512

cda096420d5faec60cd069d6f72cb6666d51ed1646aad1a3a24fc1f345f90c555f8072856f1c18439789ee8f44a5931ec54632271451229a93eefdeb611d1d82
SSDEEP

24576:7iNELukgwgZjiSnU4Mzp42hQlHyZI6TX+LmQaReQDjPuBIpy:e+Lu+0jiSntMzp42h+HySkCa0QfjA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3d9c92a2d9fe9ba40147b1ffcef602f0.exe

Files

NEAS.3d9c92a2d9fe9ba40147b1ffcef602f0.exe
.dll regsvr32 windows:5 windows x86

0df05e504e586f81116d5cd479542535

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

InitializeSecurityDescriptor
AllocateAndInitializeSid
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegQueryValueExA
SetSecurityDescriptorDacl
FreeSid
SetEntriesInAclW
GetNamedSecurityInfoW
ImpersonateSelf
OpenThreadToken
OpenProcessToken
MapGenericMask
AccessCheck
RevertToSelf
RegOpenKeyExA
RegDeleteValueA
RegDeleteValueW
RegSetValueExA
RegCreateKeyExA
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

gdi32

GetObjectA
GetDeviceCaps
BitBlt
DeleteDC
CreateCompatibleDC
GetTextExtentExPointW
GetTextExtentExPointA
CreateSolidBrush
DeleteObject
SelectObject
GetStockObject
CreateCompatibleBitmap

kernel32

GlobalAlloc
GetCurrentProcess
FlushInstructionCache
SetLastError
GetCurrentThreadId
RaiseException
MulDiv
lstrcmpA
MoveFileExW
GetEnvironmentVariableW
GetWindowsDirectoryW
GetEnvironmentVariableA
GetWindowsDirectoryA
CreateFileW
CreateFileA
GetFileAttributesA
SetFileAttributesA
GetFileAttributesW
SetFileAttributesW
GetFileInformationByHandle
OutputDebugStringW
IsDBCSLeadByte
lstrcmpiA
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
GetModuleHandleA
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GetSystemDirectoryA
InterlockedExchange
LocalAlloc
LocalFree
LoadLibraryW
GlobalSize
LoadLibraryExW
LockResource
GetUserDefaultLCID
GetCurrentThread
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
HeapReAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
WaitForSingleObject
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
HeapSize
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetStdHandle
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetThreadLocale
InterlockedCompareExchange
IsProcessorFeaturePresent
GetFileSize
GetFileType
CreateDirectoryA
DeleteFileA
GetTempFileNameA
CreateDirectoryW
DeleteFileW
GetTempFileNameW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetCurrentDirectoryA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
GetCurrentDirectoryW
GetCurrentDirectoryA
GetTempPathW
GetFullPathNameW
GetFullPathNameA
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
GlobalUnlock
GetModuleHandleW
FindAtomW
GetSystemDefaultLCID
GetTempPathA
GetDiskFreeSpaceA
GetVersion
FindResourceExA
GlobalLock
RemoveDirectoryA
RemoveDirectoryW
GetVersionExA
CreateSemaphoreA
ReleaseSemaphore
GlobalFree
CopyFileA
CopyFileW
IsValidLocale
SetEndOfFile
FindClose
ReadFile
SetFilePointer
WriteFile
Sleep
GetLastError
CloseHandle
GetSystemTimeAsFileTime
GetTickCount
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetSystemDefaultLangID
OutputDebugStringA
FreeLibrary
GetProcAddress
LoadLibraryA
MultiByteToWideChar
lstrlenA
FormatMessageA
FormatMessageW
lstrlenW
GetDriveTypeA
WideCharToMultiByte
GetEnvironmentStrings
SetErrorMode

ole32

CreateItemMoniker
CreatePointerMoniker
CreateBindCtx
CoGetMalloc
CoTaskMemRealloc
CoCreateGuid
CoTaskMemAlloc
StringFromGUID2
OleLockRunning
CLSIDFromString
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
OleUninitialize
CreateStreamOnHGlobal
OleInitialize
StringFromCLSID
CoRegisterMessageFilter
CoTaskMemFree
CoDisconnectObject

oleaut32

SysAllocString
VariantInit
VariantClear
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysAllocStringLen
SysStringByteLen
OleCreateFontIndirect
GetErrorInfo
SetErrorInfo
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
SysAllocStringByteLen
SafeArrayCreateVector
SafeArrayAccessData
SafeArrayUnaccessData
CreateErrorInfo
SysFreeString

user32

UnregisterClassA
CharPrevA
LoadStringW
LoadStringA
InvalidateRgn
InvalidateRect
GetClientRect
FillRect
SetCapture
ReleaseCapture
ClientToScreen
GetCursor
DialogBoxParamW
GetActiveWindow
DialogBoxParamA
SetCursor
GetDesktopWindow
GetWindowRect
SystemParametersInfoA
MoveWindow
SetWindowTextW
SetWindowTextA
CreateWindowExW
CreateWindowExA
ScreenToClient
CreateAcceleratorTableA
IsWindow
CharNextA
SetWindowPos
DestroyAcceleratorTable
RedrawWindow
BeginPaint
EndPaint
IsChild
GetFocus
SetFocus
CallWindowProcA
GetWindowTextLengthA
DefWindowProcA
LoadCursorA
GetClassInfoExA
RegisterClassExA
DispatchMessageA
DispatchMessageW
GetWindowLongA
GetDC
ReleaseDC
GetDlgItem
GetParent
GetWindowTextW
GetWindowTextA
DestroyWindow
EndDialog
SendMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
PeekMessageA
MsgWaitForMultipleObjects
RegisterWindowMessageA
GetSysColor
SetWindowLongA
GetClassNameA
GetWindow
SendMessageA

winspool.drv

ClosePrinter
EndDocPrinter
EndPagePrinter
WritePrinter
StartPagePrinter
StartDocPrinterA
OpenPrinterA
StartDocPrinterW
OpenPrinterW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
HxGetObjectCA

Sections

.text
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 251KB - Virtual size: 250KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 309KB - Virtual size: 312KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0df05e504e586f81116d5cd479542535

Headers

File Characteristics

Imports

advapi32

gdi32

kernel32

ole32

oleaut32

user32

winspool.drv

Exports

Exports

Sections

.text Size: 551KB - Virtual size: 550KB

.data Size: 15KB - Virtual size: 20KB

.rsrc Size: 251KB - Virtual size: 250KB

.reloc Size: 309KB - Virtual size: 312KB

.text
Size: 551KB - Virtual size: 550KB

.data
Size: 15KB - Virtual size: 20KB

.rsrc
Size: 251KB - Virtual size: 250KB

.reloc
Size: 309KB - Virtual size: 312KB