NEAS[.]edfc5bbb2814fcaec5900b165781ed60[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.edfc5bbb2814fcaec5900b165781ed60.exe
Size

297KB
MD5

edfc5bbb2814fcaec5900b165781ed60
SHA1

82acb218a92fdeb5007bbb2aa420b10826c7d64a
SHA256

bc662c2fd9a54de238d4c4c92b9cc3184bcfcacc31b09aa6700204cff0413efa
SHA512

6179386234e86ebdb4fd0a1fc530019fcd153b30c178da11b8caac477c3ba860006d2474ca595a87a4fb849b50b58abbaaa3a65da4e43c5a633522e8871e53c7
SSDEEP

3072:qnuVOYAKvotgqmT/dyXti/cZBBCQTahFCfFSFj45Vxo97GLU9ajWD8bicIRTcGK:qnuAY5voaVVyXtb3MySV4Pxoj8ecucG

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.edfc5bbb2814fcaec5900b165781ed60.exe

Files

NEAS.edfc5bbb2814fcaec5900b165781ed60.exe
.dll regsvr32 windows:6 windows x64

da70ece0f109a16eb2b33bf40280a7fe

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ole32

CoUninitialize
StringFromGUID2
CoInitialize
CoCreateInstance
CoFreeUnusedLibraries
CoTaskMemFree
CoTaskMemAlloc

user32

InvalidateRect
SetWindowLongW
MoveWindow
ShowWindow
GetWindowLongPtrW
SetWindowLongPtrW
DestroyWindow
DefWindowProcW
CreateDialogParamW
GetWindowLongW
DispatchMessageW
UnregisterClassW
LoadStringW
GetWindowRect
CreateWindowExW
SetWindowPos
GetMessageW
TranslateMessage
DestroyIcon
RegisterClassExW
LoadImageW
GetWindow
SetForegroundWindow
PostQuitMessage
EnumThreadWindows
GetCursorPos
TrackPopupMenu
PostMessageW
DestroyMenu
KillTimer
SetTimer
SendMessageW
GetDlgItem
EnableWindow
SendDlgItemMessageW
GetDesktopWindow

comctl32

InitCommonControlsEx

avformat-lav-60

av_write_frame
av_write_trailer
avformat_alloc_output_context2
avformat_free_context
avformat_new_stream
avformat_write_header
avio_alloc_context
ff_rm_reorder_sipr_data
ff_sipr_subpk_size
ff_vorbis_comment

avutil-lav-58

av_channel_layout_check
av_channel_layout_compare
av_channel_layout_copy
av_channel_layout_default
av_channel_layout_from_mask
av_channel_layout_uninit
av_dict_free
av_dict_get
av_frame_alloc
av_frame_free
av_frame_unref
av_free
av_freep
av_get_bytes_per_sample
av_log_set_callback
av_mallocz
av_opt_set_double
av_opt_set_int

avcodec-lav-60

av_packet_alloc
av_packet_free
av_packet_new_side_data
av_packet_unref
av_parser_close
av_parser_init
av_parser_parse2
avcodec_alloc_context3
avcodec_close
avcodec_find_decoder
avcodec_find_decoder_by_name
avcodec_flush_buffers
avcodec_is_open
avcodec_open2
avcodec_receive_frame
avcodec_send_packet
avpriv_ac3_parse_header
avpriv_dca_convert_bitstream
avpriv_mpegaudio_decode_header
ff_flac_is_extradata_valid

swresample-lav-4

swr_alloc_set_opts2
swr_convert
swr_free
swr_init

kernel32

GetStringTypeW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
GetFileType
GetStdHandle
HeapSize
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetStdHandle
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
SetFilePointerEx
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
GetLastError
InitializeCriticalSectionEx
RaiseException
DeleteCriticalSection
GetModuleFileNameA
lstrlenW
lstrlenA
GetVersionExW
DisableThreadLibraryCalls
InitializeCriticalSection
lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetCurrentThreadId
CreateEventW
SetEvent
CloseHandle
ResetEvent
FreeLibrary
CreateThread
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
SetLastError
WideCharToMultiByte
OutputDebugStringW
IsDebuggerPresent
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CreateFileW
WriteConsoleW
SetUnhandledExceptionFilter

advapi32

RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegSetValueW
RegDeleteValueW
RegQueryValueExW

oleaut32

OleCreatePropertyFrame

shell32

Shell_NotifyIconW

shlwapi

PathFindFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
OpenConfiguration

Sections

.text
Size: 179KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

da70ece0f109a16eb2b33bf40280a7fe

Headers

DLL Characteristics

File Characteristics

Imports

ole32

user32

comctl32

avformat-lav-60

avutil-lav-58

avcodec-lav-60

swresample-lav-4

kernel32

advapi32

oleaut32

shell32

shlwapi

Exports

Exports

Sections

.text Size: 179KB - Virtual size: 179KB

.rdata Size: 82KB - Virtual size: 82KB

.data Size: 6KB - Virtual size: 10KB

.pdata Size: 10KB - Virtual size: 9KB

_RDATA Size: 512B - Virtual size: 244B

.rsrc Size: 13KB - Virtual size: 13KB

.reloc Size: 3KB - Virtual size: 3KB

.text
Size: 179KB - Virtual size: 179KB

.rdata
Size: 82KB - Virtual size: 82KB

.data
Size: 6KB - Virtual size: 10KB

.pdata
Size: 10KB - Virtual size: 9KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 13KB - Virtual size: 13KB

.reloc
Size: 3KB - Virtual size: 3KB