NEAS[.]f869a69aaf55a029bcbd31e81ec98080[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.f869a69aaf55a029bcbd31e81ec98080.exe
Size

380KB
MD5

f869a69aaf55a029bcbd31e81ec98080
SHA1

d57cd5829e9701577be00cbec2ab48ec8087e679
SHA256

34460a7910be843b2f517a4f55d5dd88688c030aae03168038c0b3390d83fbbb
SHA512

3a1bb59825279c26165845fb3de3a7c3f6c832ff65c09491659c300be369893a6d0ddca670bfb738be12cc1055c4380e6e81b530bc90835af3fcff89bee6b64c
SSDEEP

6144:xD2bXVL7O1LupKjGs9oOM0CnMj+PmG98mihp8GSceC:MVL7OxupKjGQXWPmG9Lfc

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.f869a69aaf55a029bcbd31e81ec98080.exe

Files

NEAS.f869a69aaf55a029bcbd31e81ec98080.exe
.dll regsvr32 windows:10 windows x86

3e90a5ed0e35e8e4736c095860c60c98

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

memcpy
_vsnwprintf
_initterm
malloc
free
_amsg_exit
wcsnlen
strnlen
_XcptFilter
_wtoi
_except_handler4_common
memset

kernel32

RegSetValueExW
FreeEnvironmentStringsA
GetEnvironmentStringsW
GlobalMemoryStatusEx
GetLocalTime
FreeEnvironmentStringsW
GetVersionExW
DeviceIoControl
GetDiskFreeSpaceW
GlobalFree
GlobalAlloc
GlobalReAlloc
lstrlenW
LocalFree
GetLastError
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
Sleep
CreateMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
CreateThread
GetExitCodeThread
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
DeleteFileW
GetTempPathW
CreateFileW
CreateFileMappingW
MapViewOfFile
ReadFile
SetFilePointer
lstrcmpW
RegCreateKeyExW
GlobalSize
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleFileNameW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
ReleaseActCtx
GetModuleHandleW
GetLocaleInfoEx
GetUserPreferredUILanguages
HeapAlloc
GetProcessHeap
HeapFree
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
LoadLibraryW
GetProcAddress
FreeLibrary
SetEvent
CreateEventW
WaitForMultipleObjects
FormatMessageW
GetLocaleInfoW
GetNumberFormatW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
ResolveDelayLoadedAPI
DelayLoadFailureHook
lstrcmpiW

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW

user32

GetShellWindow
GetSubMenu
LoadMenuW
DialogBoxParamW
GetDlgItem
GetMenuItemCount
GetMenuItemInfoW
RegisterClipboardFormatW
DestroyWindow
GetLastActivePopup
SwitchToThisWindow
SendMessageTimeoutW
GetWindowThreadProcessId
GetClassNameW
GetWindow
FindWindowW
CreateWindowExW
RegisterClassW
LoadCursorW
GetClassInfoW
SetWindowTextW
KillTimer
SetTimer
WinHelpW
SendDlgItemMessageW
DestroyMenu
TrackPopupMenu
SetMenuDefaultItem
CopyImage
DestroyIcon
DefWindowProcW
SetFocus
PostMessageW
SetDlgItemTextW
LoadStringW
LoadIconW
SetWindowLongW
EndDialog
SendMessageW
RemoveMenu
GetWindowLongW
ShowWindow

shlwapi

StrToIntW
ord174
SHGetThreadRef
SHStrDupW
StrRetToBufW
ord10
ord7
ord9
ord8
StrFormatKBSizeW
PathRemoveBlanksW
StrCmpW
ord172
ord354
PathFindExtensionW
PathFindFileNameW
ord388
StrCmpIW
ord168
ord176
AssocCreate
ord199
StrFormatByteSizeW
ord16
StrCmpLogicalW
StrRChrW
ord158
ord219
PathRemoveFileSpecW
PathAppendW
PathCombineW

wmvcore

WMCreateEditor

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
_CDefFolderMenu_MergeMenu@16
_CIDLData_CreateFromIDArray@16

Sections

.text
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 147KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3e90a5ed0e35e8e4736c095860c60c98

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

kernel32

advapi32

user32

shlwapi

wmvcore

Exports

Exports

Sections

.text Size: 147KB - Virtual size: 146KB

.data Size: 3KB - Virtual size: 4KB

.idata Size: 4KB - Virtual size: 4KB

.didat Size: 512B - Virtual size: 296B

.rsrc Size: 76KB - Virtual size: 76KB

.reloc Size: 147KB - Virtual size: 146KB

.text
Size: 147KB - Virtual size: 146KB

.data
Size: 3KB - Virtual size: 4KB

.idata
Size: 4KB - Virtual size: 4KB

.didat
Size: 512B - Virtual size: 296B

.rsrc
Size: 76KB - Virtual size: 76KB

.reloc
Size: 147KB - Virtual size: 146KB