NEAS[.]a0c8b556a59d0cf9a69a4e99bb545c10[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.a0c8b556a59d0cf9a69a4e99bb545c10.exe
Size

8.9MB
MD5

a0c8b556a59d0cf9a69a4e99bb545c10
SHA1

e55881f7523428b63674ffc6841de2e6b25a7d32
SHA256

d035131d83f6b4b99abc7c048df6dafa7971a320ff665ed75ca8061aeff52149
SHA512

d20023339f3ea75431b89ac74c78f633cfb191b22134e4b876475df2e5a82ac12eb7ea9b8fd46d49ab917ca1b472a3c32561138fc79f07f5a7909c0807364b01
SSDEEP

98304:nllllllllllllllllllllllllllllllllllllllH:D

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.a0c8b556a59d0cf9a69a4e99bb545c10.exe

Files

NEAS.a0c8b556a59d0cf9a69a4e99bb545c10.exe
.exe windows:5 windows x86

77dac6fdf0cb9a30acd5a2534bf4ba24

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStartupInfoA
lstrcpyA
TlsFree
lstrcmpiA
GetCurrentProcessId
LCMapStringW
ExitProcess
CreateEventA
lstrlenW
GetFileSize
GetSystemTimeAsFileTime
CreateThread
InterlockedIncrement
FreeEnvironmentStringsA
lstrcmpiW
CreateFileMappingA
FileTimeToLocalFileTime
GetStringTypeA
CreateFileMappingW
GetSystemDirectoryA
CreateFileW
GetModuleFileNameW
GetCPInfo
CreateEventW
DisableThreadLibraryCalls
CompareStringA
GetStdHandle
VirtualAllocEx
GetLocalTime

atmlib

ATMAddFont

rpcrt4

IUnknown_Release_Proxy
NdrCStdStubBuffer2_Release
RpcServerRegisterAuthInfoW
NdrOleFree
RpcServerRegisterIfEx
NdrDllUnregisterProxy
RpcServerUnregisterIf
IUnknown_QueryInterface_Proxy
CStdStubBuffer_QueryInterface
NdrStubForwardingFunction
CStdStubBuffer_Invoke
RpcBindingToStringBindingW
NdrClientCall2
RpcBindingSetAuthInfoW
RpcServerUseProtseqEpW
RpcBindingSetAuthInfoExW
RpcStringFreeA
NdrStubCall2
CStdStubBuffer_Disconnect
RpcBindingFromStringBindingW
CStdStubBuffer_CountRefs
NdrDllCanUnloadNow
RpcImpersonateClient
UuidToStringW
RpcRevertToSelf
UuidFromStringW
RpcBindingFree

ole32

OleRegEnumVerbs
CoInitializeEx
OleLoadFromStream
GetRunningObjectTable
CoGetObjectContext
CoInitialize
StgCreateDocfileOnILockBytes
CoUninitialize
CLSIDFromProgID
CreateStreamOnHGlobal
OleInitialize
CoCreateGuid
OleUninitialize
CoMarshalInterThreadInterfaceInStream
GetHGlobalFromStream
CoUnmarshalInterface
CoGetInterfaceAndReleaseStream
StgIsStorageFile
PropVariantCopy
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoRegisterClassObject
OleRun
StringFromIID
CreateILockBytesOnHGlobal
CLSIDFromString
MkParseDisplayName
CreateDataAdviseHolder
CreateOleAdviseHolder

advapi32

DuplicateTokenEx
AddAccessAllowedAce
RegCloseKey
RegisterTraceGuidsW
InitializeAcl
CryptAcquireContextW
MakeSelfRelativeSD
RegSetValueExW
QueryServiceConfigW
CryptCreateHash
SetNamedSecurityInfoW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DeregisterEventSource
GetTraceEnableLevel
ChangeServiceConfigW
OpenServiceA
GetSecurityDescriptorLength
RegDeleteKeyA
CloseServiceHandle
OpenSCManagerA
AddAce
GetTraceEnableFlags
EqualSid

shell32

SHFileOperationW
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderPathW
SHGetDesktopFolder

user32

GetSystemMenu
EndPaint
LoadCursorA
GetDC
DialogBoxParamA
CheckDlgButton
PeekMessageA
GetClassNameW
SetDlgItemTextW
GetWindowRect
SetFocus
UnhookWindowsHookEx
MoveWindow
ShowWindow
BeginPaint
UpdateWindow
GetSysColorBrush
DestroyWindow
SetWindowTextA
SetWindowLongW
CreateDialogParamW
GetWindowLongW
WinHelpW
FindWindowW
CopyRect
RegisterClassA
EnableMenuItem
IsRectEmpty
DialogBoxParamW
ClientToScreen
DestroyIcon
MsgWaitForMultipleObjects
GetDesktopWindow
LoadIconA
KillTimer
MessageBoxA
IsWindow
RegisterWindowMessageA
DispatchMessageW

oleaut32

SysFreeString
GetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetUBound
VariantInit
SysStringByteLen
SysAllocStringByteLen
LoadTypeLib
CreateErrorInfo
SysAllocStringLen
SafeArrayGetElement
VariantCopy

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 7KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

77dac6fdf0cb9a30acd5a2534bf4ba24

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

atmlib

rpcrt4

ole32

advapi32

shell32

user32

oleaut32

Sections

.text Size: 57KB - Virtual size: 57KB

.orpc Size: 7KB - Virtual size: 10KB

DATA Size: 11KB - Virtual size: 20KB

INIT Size: 24KB - Virtual size: 48KB

.reloc Size: 1KB - Virtual size: 1KB

.text
Size: 57KB - Virtual size: 57KB

.orpc
Size: 7KB - Virtual size: 10KB

DATA
Size: 11KB - Virtual size: 20KB

INIT
Size: 24KB - Virtual size: 48KB

.reloc
Size: 1KB - Virtual size: 1KB