NEAS[.]7ec547f270db9083a36be4b3a87be7a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.7ec547f270db9083a36be4b3a87be7a0.exe
Size

328KB
MD5

7ec547f270db9083a36be4b3a87be7a0
SHA1

d821d3b5e51978238d52280ed307d8fbd1cd87ec
SHA256

01e6f09916b88aaaf2ee8b5eee53de6b19ffe3bb9d2a69b9329cb638067a7574
SHA512

ea37956d926f429ea862434ce56b1693f9010d5dd39f819bc855d7b131ea47dd693a1c375a6d22ecf2837c9c8c21030b76d84c86cd8c67f1b4ba12166193bffa
SSDEEP

6144:Q7gg7+ZS1FdmAOLI9cHf5t0wIg6y9ZKZleIRxoTXWacBIuGdIJAXWZl3C:QgS1Otx1RGv7RK5IK6l

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7ec547f270db9083a36be4b3a87be7a0.exe

Files

NEAS.7ec547f270db9083a36be4b3a87be7a0.exe
.dll windows:4 windows x86

b00e2588dffecc7a77a7fcefd76f1be4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

??3@YAXPAX@Z
??2@YAPAXI@Z
atoi
_mbsupr_s
_stricmp
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
free
_encoded_null
_malloc_crt
_encode_pointer
isspace
__CxxFrameHandler3
toupper
_getmbcp
_strlwr_s
strncmp
strpbrk
_ismbslead
_vsnwprintf
_vsnprintf
_mbsinc
_mbsnicmp
memcpy
_mbslwr_s
_mbsicmp
_mbscmp
_mbschr
strstr
memset
strchr
strrchr

user32

LoadStringW
LoadStringA
LoadCursorA
SetCursor
MessageBoxW

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
HeapDestroy
HeapCreate
lstrcmpA
CompareStringW
HeapFree
HeapAlloc
CompareStringA
GetACP
lstrcmpiA
SetLastError
LoadLibraryA
GetProcAddress
GetLastError
GetProcessHeap
FreeLibrary
IsBadReadPtr
MultiByteToWideChar
WideCharToMultiByte
RaiseException
LocalFree
FormatMessageW
GetModuleHandleW
LocalAlloc
VirtualProtect
lstrlenA

crypt32

CryptProtectData
CryptUnprotectData

bjablr32

?gResourcehInst@@3PAUHINSTANCE__@@A

olmapi32

ord173
ord17
ord241
ord61
ord140
ord138
ord46
HrGetGlobalOffline@8
ord36
ord75
ord19
ord259
ord60
ord15
ord76
ord13
ord135

Exports

Exports

ABProviderInit
PrivateServiceEntry@40
PrivateWizardEntry@20

Sections

.text
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 226KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b00e2588dffecc7a77a7fcefd76f1be4

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

user32

advapi32

kernel32

crypt32

bjablr32

olmapi32

Exports

Exports

Sections

.text Size: 90KB - Virtual size: 90KB

.data Size: 9KB - Virtual size: 10KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 226KB - Virtual size: 228KB

.text
Size: 90KB - Virtual size: 90KB

.data
Size: 9KB - Virtual size: 10KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 226KB - Virtual size: 228KB