NEAS[.]75d64e689c4af94fa7e79acc81df6650[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.75d64e689c4af94fa7e79acc81df6650.exe
Size

1.2MB
MD5

75d64e689c4af94fa7e79acc81df6650
SHA1

be3eba95678350a49b5eff3e8d3ec12434ce4647
SHA256

200250bf531eb651fbf4115ce7e2cc4c16262e0c7ee0febaee2df2b25ba8897a
SHA512

560bc912c94a6ec3c7ec7fe264983320be65820f7d04e47e73d372d8ac1ea4583112e15ba22ec44197a136da53fadab9d2c16b65834b369223b1cd6d1774e2e5
SSDEEP

24576:suT36QzkYsh1mUTw6cEtLwXZpSeQoub3mpiPXBGNXp:bThHsbw+kXyecwiPXYN

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.75d64e689c4af94fa7e79acc81df6650.exe

Files

NEAS.75d64e689c4af94fa7e79acc81df6650.exe
.dll regsvr32 windows:6 windows x86

0dd0e6ed37c6561bf51e6e7cfaf2b942

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

??0exception@std@@QAE@ABQBD@Z
strncpy_s
wcscpy_s
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBDH@Z
strnlen
_vsnwprintf_s
_snprintf_s
_mbschr
memmove
wcsncat_s
srand
rand
_vsnprintf_s
_snwprintf_s
wcscmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_crt_debugger_hook
_onexit
_lock
__dllonexit
__lconv_init
?terminate@@YAXXZ
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
vswprintf_s
swprintf_s
wcsncpy_s
_vsnwprintf
_wtof
wcstoul
_itow_s
_wcsicmp
wcsrchr
realloc
malloc
free
wcstol
__RTDynamicCast
memcpy_s
_wtoi
_wcsnicmp
wcsstr
wcsncmp
wcschr
_invalid_parameter_noinfo_noreturn
memset
memcmp
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
iswspace
memcpy
__CxxFrameHandler3
_unlock
_vscwprintf
_CxxThrowException

advapi32

ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegSetValueExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

kernel32

GetFileType
GetFileSizeEx
SwitchToThread
GetNativeSystemInfo
CancelIoEx
SetFileTime
GetFileTime
FlushFileBuffers
CreateEventExW
WaitForMultipleObjectsEx
ResetEvent
SetFilePointerEx
GetLongPathNameW
GetShortPathNameW
GlobalAlloc
GlobalFree
CreateFileW
DeleteFileW
GetTempFileNameW
WriteFile
GetTempPathW
CloseHandle
GetLastError
GetCurrentProcess
TerminateProcess
CompareStringW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetLastError
LocalAlloc
WideCharToMultiByte
lstrlenW
lstrlenA
MultiByteToWideChar
GetFileAttributesW
RaiseException
GetVersionExW
QueryPerformanceCounter
GetProcessHeap
HeapSetInformation
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
VirtualProtect
WerRegisterMemoryBlock
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
EncodePointer
DecodePointer
InterlockedExchange
Sleep
InterlockedCompareExchange
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsFree
TlsSetValue
TlsGetValue
SetEndOfFile
CreateEventW
DeviceIoControl
GetOverlappedResult
GetSystemTime
IsValidCodePage
IsDBCSLeadByte
GetStringTypeExW
SystemTimeToFileTime
FileTimeToSystemTime
GetTickCount64
CreateSemaphoreExW
WaitForSingleObjectEx
ReleaseSemaphore
TryEnterCriticalSection
RemoveDirectoryW
ReadFile
GetFileAttributesExW
CreateDirectoryW
InitializeCriticalSectionEx
FreeLibrary
LoadLibraryA
IsProcessorFeaturePresent
TlsAlloc
FileTimeToLocalFileTime
lstrcmpiW
IsWow64Process

query

BindIFilterFromStorage

ole32

CreateILockBytesOnHGlobal
PropVariantCopy
CreateStreamOnHGlobal
CoCreateGuid
GetConvertStg
StringFromGUID2
WriteFmtUserTypeStg
ReadClassStg
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
PropVariantClear
CLSIDFromString

msvcp100

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

oleaut32

SysFreeString
VariantChangeTypeEx
VariantChangeType
VariantClear
SysStringLen
VariantInit
SysAllocString
SysAllocStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 793KB - Virtual size: 792KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 389KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0dd0e6ed37c6561bf51e6e7cfaf2b942

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

advapi32

kernel32

query

ole32

msvcp100

oleaut32

Exports

Exports

Sections

.text Size: 793KB - Virtual size: 792KB

.data Size: 28KB - Virtual size: 28KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 389KB - Virtual size: 392KB

.text
Size: 793KB - Virtual size: 792KB

.data
Size: 28KB - Virtual size: 28KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 389KB - Virtual size: 392KB