NEAS[.]94418485ae20162463b6478c3d95ee40[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.94418485ae20162463b6478c3d95ee40.exe
Size

724KB
MD5

94418485ae20162463b6478c3d95ee40
SHA1

ffd2e0f7d8b853cb2273cbe65b8e3e7dd151b2df
SHA256

0305701be0e467f9a156622db47a3ed7f6864c8194e9bd5c19e192f1b7490c60
SHA512

47dfb23ecb461070e8b290711c8a4338240dd6d11c54a60cda0b39da2ea8a545db81ff9be9bc39be025af32b16fd4633dedccfe8214adb28493d6913a0f75aab
SSDEEP

12288:K+78xahXD9nm5+Q61aeZJcTLL5ZnFfC4XPzLw388NvXq2gT8pmM1entCWw04X7LH:K+7JXDVmcQ61//cTLL5Zns4XPwzNg4BE

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.94418485ae20162463b6478c3d95ee40.exe

Files

NEAS.94418485ae20162463b6478c3d95ee40.exe
.dll regsvr32 windows:5 windows x86

988ad6105613f68c4cbde1c51dae64cc

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ole32

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoTaskMemRealloc
GetHGlobalFromStream
CoTaskMemFree

oleaut32

SysStringByteLen
SafeArrayRedim
SafeArrayCreate
VariantChangeType
SysAllocStringByteLen
SafeArrayLock
SafeArrayUnlock
SafeArrayGetUBound
LoadTypeLi
VariantClear
VariantInit
SysStringLen
SysAllocString
SysFreeString
RegisterTypeLi
SysAllocStringLen
VariantChangeTypeEx
VariantCopy

kernel32

ExitProcess
FlushFileBuffers
SetStdHandle
LCMapStringW
LCMapStringA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
IsBadCodePtr
LoadLibraryA
GetCPInfo
GetOEMCP
GetACP
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetLastError
WriteFile
ReadFile
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetVersionExW
GetDiskFreeSpaceExW
GetTempPathW
SetEndOfFile
SetFilePointer
CreateFileW
GetTempFileNameW
GetFileSize
DeleteFileW
CloseHandle
lstrcpyW
HeapDestroy
GetModuleFileNameW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DisableThreadLibraryCalls
WideCharToMultiByte
GlobalUnlock
GlobalLock
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
RaiseException
IsBadReadPtr
LocalFree
GetModuleHandleA
TerminateProcess
GetCurrentProcess
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
UnhandledExceptionFilter
IsBadWritePtr
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
MultiByteToWideChar
InterlockedExchange
HeapSize

user32

CharNextW
wsprintfW

msdmine

ord8
ord5
ord7
ord6

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 368KB - Virtual size: 366KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

988ad6105613f68c4cbde1c51dae64cc

Headers

File Characteristics

Imports

ole32

oleaut32

kernel32

user32

msdmine

Exports

Exports

Sections

.text Size: 368KB - Virtual size: 366KB

.data Size: 16KB - Virtual size: 20KB

.rsrc Size: 36KB - Virtual size: 35KB

.reloc Size: 300KB - Virtual size: 300KB

.text
Size: 368KB - Virtual size: 366KB

.data
Size: 16KB - Virtual size: 20KB

.rsrc
Size: 36KB - Virtual size: 35KB

.reloc
Size: 300KB - Virtual size: 300KB