NEAS[.]9e7383982625e5414fbb78241b6ec590[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.9e7383982625e5414fbb78241b6ec590.exe
Size

4.5MB
MD5

9e7383982625e5414fbb78241b6ec590
SHA1

2594c2de67a78aebc8d8f229a72b02e0503d39e8
SHA256

4c766dac7f2cb92552cad8a3375a2e8ccf518b7471daf9ed66f141ecb3f8e42b
SHA512

7e91fae4e68893a4ab2156ae767f87543be73c797e78fa1f6abffbfdb8d73082d0ed974fb8d580d681d04f2d8d5cfccc0395e19f4a1fe55b9f0b1320e8178485
SSDEEP

98304:EXmELhUzRv58A2okN7N7v58AfoNN+1HG:EWELhUzRJax7Jo8HG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.9e7383982625e5414fbb78241b6ec590.exe

Files

NEAS.9e7383982625e5414fbb78241b6ec590.exe
.dll regsvr32 windows:5 windows x86

6bd4a0bc92c512ad07b5300c934e9fc4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
GetSystemDirectoryA
CreateSemaphoreW
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetTickCount
GlobalFree
GlobalUnlock
WideCharToMultiByte
GlobalLock
GlobalAlloc
GetUserDefaultUILanguage
GetThreadLocale
GetCurrentProcessId
IsValidCodePage
GetACP
lstrlenW
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RaiseException
GetModuleFileNameW
GetLastError
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
lstrcmpiW
FreeLibrary
LeaveCriticalSection
GetCurrentThreadId
FileTimeToSystemTime
GetProcAddress
CloseHandle
TlsGetValue
PulseEvent
ReleaseSemaphore
OutputDebugStringW
LockResource
LocalFree
FormatMessageW
GetLocalTime
GetEnvironmentVariableW
GetLongPathNameW
GetFullPathNameW
GetCurrentDirectoryW
InterlockedExchange
GetLocaleInfoA
GetVersionExA
Sleep
InterlockedCompareExchange
LoadLibraryW
GetCurrentThread
GetSystemInfo
GetVersionExW
GetSystemDirectoryW
WaitForSingleObjectEx
SleepEx
GetOverlappedResult
GetComputerNameExW
SetLastError
GetProcessAffinityMask
SetProcessAffinityMask
SetThreadAffinityMask
QueryPerformanceFrequency
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetUserDefaultLCID
ConvertDefaultLocale
GetLocaleInfoW
CreateFileW
GetFileType
CreateEventW
WriteFile
FindFirstFileW
GetFileAttributesExW
FindNextFileW
FindClose
GetFileAttributesW
CreateDirectoryW
DeleteFileW
RemoveDirectoryW
MoveFileExW
CopyFileW
SetFilePointer
SetEndOfFile
FlushFileBuffers
GetFileInformationByHandle
GetFileSize
GetDiskFreeSpaceW
ReadFile
CancelIo
GetThreadTimes
VirtualQuery
TlsAlloc
TlsFree
TlsSetValue
GetModuleHandleA
UnmapViewOfFile
DebugBreak
CreateTimerQueue
DeleteTimerQueueEx
BindIoCompletionCallback
DeleteTimerQueueTimer
QueueUserWorkItem
ResetEvent
GetQueuedCompletionStatus
SetEvent
PostQueuedCompletionStatus
ResumeThread
SetThreadPriority
SetThreadLocale
FileTimeToLocalFileTime
SystemTimeToFileTime
GetProcessHeap
HeapAlloc
HeapSize
HeapReAlloc
HeapFree
HeapValidate
VirtualAlloc
VirtualFree
OutputDebugStringA
HeapCreate
HeapDestroy

msvcr80

floor
_CxxThrowException
_vsnprintf_s
strtoul
strncpy_s
strchr
strcpy_s
strcat_s
??3@YAXPAX@Z
??_V@YAXPAX@Z
_wfopen
_purecall
memmove
memcpy_s
wcscat_s
wcscpy_s
free
memmove_s
_recalloc
??2@YAPAXI@Z
??_U@YAPAXI@Z
malloc
calloc
wcsncpy_s
_wcsnicmp
_itow
wcspbrk
_endthreadex
_beginthreadex
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
_wsetlocale
_CIexp
_i64tow
_ui64tow
qsort
realloc
_aligned_malloc
_aligned_realloc
_aligned_free
wcstol
wcsrchr
_wtol
swscanf_s
setvbuf
fclose
__iob_func
ftell
fputwc
fflush
fwprintf
vfwprintf
ferror
wcsncat_s
_vsnwprintf_s
ceil
getenv
_fsopen
fprintf
fseek
vfprintf
sprintf_s
swscanf
iswdigit
__CxxFrameHandler3
memcpy
swprintf_s
_wsplitpath_s
_wcsicmp
_CIpow
wcsncmp
wcschr
_wtoi
_ultow
wcsstr
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__clean_type_info_names_internal
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_encode_pointer
memset
iswspace

advapi32

LookupAccountSidW
RevertToSelf
InitializeSecurityDescriptor
RegOpenKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegEnumKeyExW
OpenProcessToken
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
OpenThreadToken
SetThreadToken
RegisterEventSourceW
DeregisterEventSource
ReportEventW
CryptSetKeyParam
CryptEncrypt
CryptGetKeyParam
CryptDecrypt
GetTokenInformation
ImpersonateLoggedOnUser
MapGenericMask
RegQueryValueExW
EqualSid
AccessCheck

ole32

StgCreateStorageEx
StgOpenStorageEx
CoCreateGuid
IIDFromString
CoUninitialize
CoInitializeEx
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetMalloc
CoGetClassObject
CoTaskMemRealloc
CoCreateInstance
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree

oleaut32

VarBstrFromDate
VariantChangeTypeEx
VarI4FromStr
SysAllocStringLen
VariantChangeType
SysAllocString
SysFreeString
GetErrorInfo
SystemTimeToVariantTime
SetErrorInfo
SysStringByteLen
VariantClear
VariantCopy
SysStringLen
VarUI4FromStr
VarBstrFromI4
VarParseNumFromStr
VarR8FromCy
VarCyFromR8
VarCmp
VariantTimeToSystemTime

user32

LoadStringW
UnregisterClassA
CharNextW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

wsock32

connect
socket
htons
htonl
ntohl
ntohs
setsockopt
closesocket
WSAGetLastError
WSAStartup
WSACleanup
gethostbyaddr
getservbyport
gethostbyname
inet_addr
ioctlsocket
getservbyname
WSASetLastError

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSetTimeouts
WinHttpSetOption
WinHttpConnect
WinHttpGetProxyForUrl
WinHttpOpenRequest
WinHttpSendRequest
WinHttpWriteData
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpReadData
WinHttpCrackUrl
WinHttpCloseHandle

rpcrt4

UuidCreateSequential

ws2_32

WSASend
WSARecv
WSAGetOverlappedResult

ntdsapi

DsMakeSpnW

psapi

GetProcessMemoryInfo

crypt32

CryptUnprotectData
CryptProtectData

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2.3MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 640KB - Virtual size: 644KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6bd4a0bc92c512ad07b5300c934e9fc4

Headers

File Characteristics

Imports

kernel32

msvcr80

advapi32

ole32

oleaut32

user32

version

wsock32

winhttp

rpcrt4

ws2_32

ntdsapi

psapi

crypt32

Exports

Exports

Sections

.text Size: 1.5MB - Virtual size: 1.5MB

.data Size: 2.3MB - Virtual size: 2.4MB

.rsrc Size: 39KB - Virtual size: 39KB

.reloc Size: 640KB - Virtual size: 644KB

.text
Size: 1.5MB - Virtual size: 1.5MB

.data
Size: 2.3MB - Virtual size: 2.4MB

.rsrc
Size: 39KB - Virtual size: 39KB

.reloc
Size: 640KB - Virtual size: 644KB