NEAS[.]200781a11e11f6126519a6a825771a30[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.200781a11e11f6126519a6a825771a30.exe
Size

265KB
MD5

200781a11e11f6126519a6a825771a30
SHA1

8ce21b036748edbc77ce8c278df2812916bdd801
SHA256

9f33412d18992af6bac442b9d58fd2eec4210a31aac159603aec9aecd30fdf72
SHA512

a8c39042497bc0d9e4ba64ce1774a1fd38b548a73f64333b9bedbef6b49384d5304d7c95bc77d260c84a77c9521e9f036a08a3e2130609a324867ee5c28aafc4
SSDEEP

6144:yeUykIwC0rNhHpLYYKBV+UdvrEFp7hKkv:HUyBwC0OYKBjvrEH7Zv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.200781a11e11f6126519a6a825771a30.exe

Files

NEAS.200781a11e11f6126519a6a825771a30.exe
.dll regsvr32 windows:6 windows x86

fa228ed28db9821e55fb5d3b76b6389a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??2@YAPAXI@Z
memcpy
memset
_amsg_exit
_initterm
free
malloc
_XcptFilter
_errno
??3@YAXPAX@Z

rpcrt4

NdrDllCanUnloadNow
NdrCStdStubBuffer_Release
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Disconnect
CStdStubBuffer_Connect
CStdStubBuffer_AddRef
CStdStubBuffer_QueryInterface
NdrDllGetClassObject
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrClientCall2
NdrStubForwardingFunction
NdrStubCall2
NdrDcomAsyncClientCall
RpcRaiseException
IUnknown_Release_Proxy
NdrGetUserMarshalInfo

oleaut32

LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
VARIANT_UserFree
VARIANT_UserUnmarshal
VARIANT_UserSize
VARIANT_UserMarshal
BSTR_UserFree
BSTR_UserMarshal
BSTR_UserSize
BSTR_UserUnmarshal

ole32

CoUnmarshalInterface
CoMarshalInterface
ReleaseStgMedium
CoGetMarshalSizeMax
CoTaskMemFree
HGLOBAL_UserSize
HGLOBAL_UserFree
HGLOBAL_UserMarshal
HGLOBAL_UserUnmarshal
HDC_UserSize
HDC_UserMarshal
HDC_UserFree
HDC_UserUnmarshal
HMENU_UserUnmarshal
HMENU_UserFree
HMENU_UserMarshal
HMENU_UserSize
HICON_UserSize
HICON_UserMarshal
HICON_UserUnmarshal
HICON_UserFree
HWND_UserSize
HWND_UserFree
HWND_UserMarshal
HWND_UserUnmarshal
CoTaskMemRealloc

kernel32

InterlockedExchange
DisableThreadLibraryCalls
InterlockedIncrement
InterlockedDecrement
GlobalSize
Sleep
GlobalAlloc
GlobalUnlock
GetLastError
InterlockedCompareExchange
OutputDebugStringA
RtlUnwind
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GlobalLock

gdi32

SetMetaFileBitsEx
GetEnhMetaFileBits
GetMetaFileBitsEx
CreatePalette
CreateBitmap
GetPaletteEntries
SetEnhMetaFileBits
GetObjectType
GetObjectA
GetBitmapBits

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetProxyDllInfo

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fa228ed28db9821e55fb5d3b76b6389a

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

rpcrt4

oleaut32

ole32

kernel32

gdi32

Exports

Exports

Sections

.text Size: 144KB - Virtual size: 143KB

.orpc Size: 12KB - Virtual size: 12KB

.data Size: 14KB - Virtual size: 14KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

.text
Size: 144KB - Virtual size: 143KB

.orpc
Size: 12KB - Virtual size: 12KB

.data
Size: 14KB - Virtual size: 14KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB