NEAS[.]cfce3b7ad68f5682b9d753b7a5cc86a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cfce3b7ad68f5682b9d753b7a5cc86a0.exe
Size

172KB
MD5

cfce3b7ad68f5682b9d753b7a5cc86a0
SHA1

e13b56c8d578f3ad1beee5244f48e3dc59ca6d2a
SHA256

f6ac49d75c1c7ba13dc5bdc1ce376de5b3fa8c52958e2fdfc4d0f6973375b441
SHA512

0cda7d0b194b61841d1d9faaae4fd8575f8a123aa7157406ed2e72d391394e42ab1873f0bc778f7fdfe51721539ee322253cfbab68cbb48b13d85c553be13565
SSDEEP

3072:0GG4P3S/i5uovEK1UvSkaEWUfVmbOAI/achO9FQYvPE5e3OA8YTmaaB1:vYsuovEKKvkn+VRAI/STJVOA87aa7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cfce3b7ad68f5682b9d753b7a5cc86a0.exe

Files

NEAS.cfce3b7ad68f5682b9d753b7a5cc86a0.exe
.dll windows:4 windows x86

bd45a0669fd0baec257e8e9c0a6aa61d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc80

ord3210
ord2390
ord934
ord297
ord930
ord6725
ord932
ord5915
ord2020
ord928
ord1402
ord4320
ord923
ord2654
ord5233
ord5214
ord5235
ord2991
ord5960
ord4261
ord1600
ord3204
ord4282
ord781
ord4722
ord3403
ord1728
ord1934
ord5203
ord762
ord1084
ord1098
ord371
ord1175
ord314
ord1072
ord6754
ord1191
ord1187
ord1794
ord6236
ord2086
ord1545
ord4232
ord3164
ord304
ord4353
ord2164
ord1903
ord4125
ord587
ord1799
ord1892
ord1793
ord784
ord5833
ord3883
ord5868
ord5751
ord2131
ord3991
ord3997
ord2496
ord2867
ord5563
ord1482
ord5529
ord6703
ord2272
ord911
ord299
ord907
ord2987
ord1489
ord3328
ord2468
ord5403
ord754
ord2092
ord4238
ord2958
ord3230
ord3879
ord5873
ord2882
ord4104
ord658
ord3875
ord6090
ord4234
ord1880
ord385
ord3171
ord1091
ord630
ord1280
ord2021
ord2410
ord591
ord1571
ord3163
ord5731
ord4123
ord4001
ord1931
ord1483
ord4098
ord2089
ord1547
ord4273
ord5174
ord1361
ord3344
ord3591
ord5151
ord3974
ord4861
ord565
ord4864
ord756
ord4379
ord4384
ord4381
ord3682
ord4399
ord4401
ord4386
ord4777
ord4591
ord4471
ord4181
ord4172
ord5658
ord4980
ord4265
ord2372
ord5165
ord4277
ord1306
ord2173
ord5205
ord5148
ord4204
ord3945
ord4443
ord1557
ord2044
ord4019
ord2424
ord4444
ord2425
ord3466
ord2992
ord5356
ord943
ord395
ord4904
ord635
ord2939
ord4135
ord5012
ord5009
ord2615
ord3648
ord1913
ord2246
ord4342
ord3287
ord2263
ord5641
ord1009
ord6255
ord1063
ord6065
ord6283
ord1279
ord5637
ord1929
ord3423
ord347
ord3401
ord602
ord4115
ord563
ord753
ord3761
ord2368
ord3684
ord3161
ord330
ord589
ord6137
ord3596
ord501
ord1485
ord709
ord577
ord283
ord2394
ord605
ord2400
ord354
ord2398
ord2396
ord578
ord2413
ord2408
ord2392
ord2415
ord2403
ord3441
ord2385
ord2322
ord2387
ord2405
ord2178
ord2172
ord1522
ord6279
ord3802
ord1123
ord6277
ord3345
ord4967
ord1362
ord5175
ord5182
ord1964
ord4212
ord1656
ord4735
ord1655
ord310
ord4890
ord1599
ord1671
ord5200
ord1670
ord2537
ord1551
ord2731
ord2835
ord4307
ord6724
ord2714
ord5912
ord2862
ord1620
ord2540
ord1617
ord2646
ord2657
ord3946
ord2533
ord6067
ord572
ord1401
ord3718
ord4580
ord760
ord4244
ord3719
ord5152
ord3709
ord1908
ord2644
ord5073
ord3949
ord6275
ord4486
ord3641
ord4185
ord4262
ord3088
ord764

msvcr80

free
malloc
calloc
memset
__CxxFrameHandler3
?terminate@@YAXXZ
_encode_pointer
_malloc_crt
_encoded_null
_decode_pointer
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_purecall
fwrite
fopen_s
fclose
atoi
_time32
_time64
_localtime64_s
strftime
_invalid_parameter_noinfo
_beginthreadex
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@XZ
_mktime64
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@ABQBD@Z
_resetstkoflw
_recalloc
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
_CxxThrowException
__dllonexit
_lock
_onexit

kernel32

InterlockedExchange
GlobalFree
InitializeCriticalSection
DeleteCriticalSection
GetExitCodeThread
Sleep
InterlockedCompareExchange
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLastError
lstrlenA
MultiByteToWideChar
GetPrivateProfileIntA
GetPrivateProfileStringA
RaiseException
FindFirstFileA
FindNextFileA
FindClose
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
GlobalAlloc
GlobalLock
TerminateThread
GlobalReAlloc
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
GlobalUnlock

user32

SendMessageA
InvalidateRect
SetTimer
KillTimer
IsWindow
GetParent
SetRect
TrackMouseEvent
RedrawWindow
LoadBitmapA
GetWindowRgn
SetWindowRgn
GetSysColor
ClientToScreen
DestroyWindow
CreateWindowExA
SetPropA
GetPropA
EnableWindow
GetClientRect

gdi32

StretchBlt
DeleteObject
CreateDIBSection
BitBlt
CreateCompatibleDC
DeleteDC
SelectClipRgn
GetPixel
GetObjectA
SetPixel
CreateRectRgn
CreateCompatibleBitmap
CombineRgn
ExtCreateRegion
SelectObject
CreateFontA
CreatePen
Rectangle
GetDeviceCaps
GetTextExtentPoint32A
GetTextMetricsA
CreateSolidBrush

msimg32

TransparentBlt

shlwapi

PathFindExtensionW
PathFindExtensionA

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

winmm

timeGetTime

gdiplus

GdipDeleteRegion
GdipCreateRegionPath
GdipAddPathPie
GdipDeletePath
GdipCreatePath
GdipFillPie
GdipCloneImage
GdipDisposeImage
GdiplusShutdown
GdipCreateBitmapFromHBITMAP
GdipIsVisibleRegionPointI
GdipGetImageEncodersSize
GdipSaveImageToFile
GdipCreateBitmapFromScan0
GdipFillEllipseI
GdipDrawLineI
GdipCreateSolidFill
GdipDeletePen
GdipCreatePen1
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusStartup
GdipGetImageEncoders
GdipFree
GdipCloneBrush
GdipAlloc
GdipDeleteBrush
GdipFillRectangle
GdipCreateLineBrushFromRectWithAngle

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHPBDH@Z
?str@?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@2@XZ
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??_D?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEXXZ

Exports

Exports

CreateStat
EditRole
FreeDlg

Sections

.text
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bd45a0669fd0baec257e8e9c0a6aa61d

Headers

File Characteristics

Imports

mfc80

msvcr80

kernel32

user32

gdi32

msimg32

shlwapi

oleaut32

winmm

gdiplus

msvcp80

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 87KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 4KB - Virtual size: 2KB

.rsrc Size: 28KB - Virtual size: 25KB

.reloc Size: 16KB - Virtual size: 12KB

.text
Size: 88KB - Virtual size: 87KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 4KB - Virtual size: 2KB

.rsrc
Size: 28KB - Virtual size: 25KB

.reloc
Size: 16KB - Virtual size: 12KB