NEAS[.]10bf0b743c9611b371b938e31cad9640[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.10bf0b743c9611b371b938e31cad9640.exe
Size

255KB
MD5

10bf0b743c9611b371b938e31cad9640
SHA1

f45c60353df04bfae779a4d4c9d15817cce7c885
SHA256

c144f48bce266af393a2dfa32f9f5d59498944ae8bd8da8d20228d4f1b0f54fd
SHA512

a06c4c0585c3c3b10cdc27d43c98c6cdcd63c6a24831662fb442fd53cf4098f078b6934d0591ced1cd5190c1c051b0d9403f18cafeef81ed84897af6b4b2b7b5
SSDEEP

3072:ayYYWnIX+eQhbeIDS2lsxHUPtfyJeb8FrvSnedQbfRbSwOd471ZdYCmoNRihpqD2:ay8IXohb/qpUPtfyAb8FrAH/Tihpqrq

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.10bf0b743c9611b371b938e31cad9640.exe

Files

NEAS.10bf0b743c9611b371b938e31cad9640.exe
.dll regsvr32 windows:10 windows x86

610ba7f69f69536c517bef9495ca47d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

wcstombs
_alldiv
_allrem
memset
_wcsicmp

msvcrt

free
time
srand
rand
_purecall
_except_handler4_common
_initterm
_amsg_exit
_XcptFilter
__CxxFrameHandler3
malloc

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSection
EnterCriticalSection
DeleteCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance
StringFromCLSID

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyA
RegEnumKeyA

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcessId
TerminateProcess
GetCurrentProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

610ba7f69f69536c517bef9495ca47d1

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Exports

Exports

Sections

.text Size: 104KB - Virtual size: 104KB

.data Size: 1024B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 145KB - Virtual size: 144KB

.text
Size: 104KB - Virtual size: 104KB

.data
Size: 1024B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 145KB - Virtual size: 144KB