NEAS[.]732cc7a1c2312108bfa8175d2940f970[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.732cc7a1c2312108bfa8175d2940f970.exe
Size

103KB
MD5

732cc7a1c2312108bfa8175d2940f970
SHA1

7c712cb55615026c05f54577be5c73a50223103d
SHA256

ab9f1a5ba13094457ec326f046dd7c935e7965499a0819a7aca5dc814fd041ab
SHA512

b5e2992e028ea78bdaf16df8cab974e3cd9a46f5075f7b0eff4e8989e3d6b763396153498ca78c79dbc02d88513de4730c40ec75d0fa4d80d5a22f7412992c81
SSDEEP

1536:mdeTbIfYxxTHq5k0bkW69nvXsihXIIsRzAFcDvP:BbIfYxx7q5kaI7XIIezAFcrP

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.732cc7a1c2312108bfa8175d2940f970.exe

Files

NEAS.732cc7a1c2312108bfa8175d2940f970.exe
.dll windows:4 windows x86

57cd8001e1ca200c4dd45770a56f75cc

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
GetProcAddress
LoadLibraryA
GetCurrentProcess
GetModuleHandleW
SetLastError
IsBadReadPtr
CreateThread
InterlockedDecrement
lstrcmpW
TerminateThread
WaitForSingleObject
GetLastError
Sleep
lstrlenA
lstrcmpiW
GetTickCount
GetPrivateProfileStringW
CloseHandle
lstrlenW
WideCharToMultiByte
lstrcpynW
InterlockedExchange
GetCurrentThreadId
GetACP
MultiByteToWideChar
GetModuleFileNameW
GetVersionExW
DisableThreadLibraryCalls
TlsFree
IsBadCodePtr
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
LoadLibraryExW
ReadProcessMemory
GetModuleHandleA
GetFileAttributesW
OutputDebugStringA
LoadLibraryW
LocalFree
GetSystemDirectoryW
GetLongPathNameW
GetShortPathNameW
GetWindowsDirectoryW
CreateDirectoryW
GetTempPathW
GlobalFree
GetVersion

user32

SetWindowLongW
IsWindowUnicode
GetClassNameW
CallWindowProcW
EnumChildWindows
SetWindowsHookExW
IsWindow
CallNextHookEx
GetParent
UnhookWindowsHookEx
RegisterWindowMessageW
GetClassLongW
GetPropW
SetPropW
RemovePropW
GetWindowLongW
SetWindowLongA
GetWindowLongA
RegisterWindowMessageA
GetWindowThreadProcessId
KillTimer
SetTimer
DefWindowProcW
GetClassInfoExW

advapi32

RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW

ole32

RevokeDragDrop
CoTaskMemFree
StringFromIID
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
CoInitialize

oleaut32

SysStringLen
SysAllocStringLen
VariantClear
SysFreeString

msvcp60

??8std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
?resize@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Hstd@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
?_Doraise@runtime_error@std@@MBEXXZ
?what@runtime_error@std@@UBEPBDXZ
??0runtime_error@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0runtime_error@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@@Z
??_7runtime_error@std@@6B@
?_Freeze@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXXZ
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
??8std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@II@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

shlwapi

SHSetValueW
PathFileExistsW
PathAppendW
StrStrIW
StrCmpNIW
SHGetValueW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveBackslashW
PathRemoveBlanksW
StrStrIA
PathIsDirectoryW
PathStripToRootW

urlmon

URLDownloadToFileW

wininet

InternetCrackUrlW
InternetCrackUrlA
InternetGetCookieW

msvcrt

_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
malloc
__CxxFrameHandler
realloc
memmove
free
wcsncpy
memset
memcpy
_wtoi
wcstok
??2@YAPAXI@Z
wcslen
strlen
_wcsicmp
strncpy
memcmp
_except_handler3
strcmp
time
log
_ftol
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
??0exception@@QAE@ABQBD@Z
_CxxThrowException
_purecall
rand
srand
_snwprintf
strchr
wcscmp
_wcsnicmp
fclose
fseek
fwrite
strrchr
fread
ftell
_wfopen
_strnicmp

ws2_32

WSAGetLastError
closesocket
htonl
htons
ntohs
ntohl
connect
setsockopt
socket
send
recv
gethostbyname

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetSpecialFolderPathW

Exports

Exports

DelSite
EnableAddr
EnableBH
EnableJA
Run
SetSite
SetSiteEx
SetTBWnd

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.toolbar
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57cd8001e1ca200c4dd45770a56f75cc

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

msvcp60

shlwapi

urlmon

wininet

msvcrt

ws2_32

version

shell32

Exports

Exports

Sections

.text Size: 63KB - Virtual size: 62KB

.rdata Size: 19KB - Virtual size: 18KB

.data Size: 5KB - Virtual size: 13KB

.toolbar Size: 512B - Virtual size: 12B

.rsrc Size: 1024B - Virtual size: 1016B

.reloc Size: 13KB - Virtual size: 13KB

.text
Size: 63KB - Virtual size: 62KB

.rdata
Size: 19KB - Virtual size: 18KB

.data
Size: 5KB - Virtual size: 13KB

.toolbar
Size: 512B - Virtual size: 12B

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 13KB - Virtual size: 13KB