Static task
static1
Behavioral task
behavioral1
Sample
NEAS.26576230c21d1c5ff42e09e0c3a66d30.dll
Resource
win7-20231025-en
windows7-x64
Behavioral task
behavioral2
Sample
NEAS.26576230c21d1c5ff42e09e0c3a66d30.dll
Resource
win10v2004-20231023-en
windows10-2004-x64
Target
NEAS.26576230c21d1c5ff42e09e0c3a66d30.exe
Size
3.2MB
MD5
26576230c21d1c5ff42e09e0c3a66d30
SHA1
32fce6915edd72d8f41c315388d392b01ed97e52
SHA256
4f14be244749e56f0f0ad3023614bca498baacc5dba2008ee43dfe290e693f70
SHA512
0f00c54c1d0b24c21fd4ea30eef737b503823ed50c39ceadd0666a25f0f966bc22b9bee422c1606cd0aa23023a6773d8ebc12f51c667f7de3177fd75696a903b
SSDEEP
49152:OUSxvAN+k/hlJ/DlULtsV0PeCtrutr8M1JyiEShZHeqe7vA+GbW0TnFscsRz2P7J:OUppDqhsVOntru8uwmbRq6
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
ExtKeyUsageCodeSigning
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
ExtKeyUsageTimeStamping
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
LoadLibraryW
HeapAlloc
GetProcAddress
LocalFree
GetProcessHeap
FreeLibrary
GetSystemDirectoryW
GetWindowsDirectoryW
FindFirstFileW
FindNextFileW
DeviceIoControl
FindClose
LocalAlloc
GetModuleHandleW
lstrcmpW
QueryInformationJobObject
WriteProcessMemory
AssignProcessToJobObject
CreateJobObjectW
GetVersionExW
ResumeThread
IsProcessInJob
GetModuleHandleA
VirtualAllocEx
CreateRemoteThread
TerminateJobObject
GetPrivateProfileStringW
InterlockedExchange
WritePrivateProfileStringW
GetPrivateProfileIntW
WritePrivateProfileSectionW
SetLastError
InterlockedExchangeAdd
lstrlenW
SetEndOfFile
DeleteFileW
GetFileSize
SetEvent
GetFileAttributesW
GlobalMemoryStatusEx
GlobalAlloc
HeapFree
GetLogicalDriveStringsW
EnumResourceNamesW
SizeofResource
FlushFileBuffers
FormatMessageA
LockFileEx
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
CreateFileA
FlushViewOfFile
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
GetDiskFreeSpaceW
GetVolumeInformationW
OpenThread
GetDriveTypeW
GetVersion
OpenProcess
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentProcess
GetCurrentProcessId
GetLocalTime
OutputDebugStringW
GetCurrentThreadId
SetFilePointer
GetModuleFileNameW
CreateFileW
WriteFile
GetTickCount
Sleep
GetExitCodeProcess
CreateProcessW
CloseHandle
WaitForSingleObject
PeekNamedPipe
CreatePipe
WaitForMultipleObjects
lstrcpynW
GetStdHandle
ReadFile
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
HeapSize
HeapValidate
UnlockFileEx
GetFullPathNameA
LockFile
OutputDebugStringA
InterlockedCompareExchange
HeapCreate
AreFileApisANSI
GetFileType
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
QueryPerformanceCounter
QueryPerformanceFrequency
GetFileSizeEx
lstrcpyW
lstrcatW
SwitchToThread
FormatMessageW
MoveFileW
GetTempFileNameW
CopyFileW
MoveFileExW
SetCurrentDirectoryW
GetCurrentDirectoryW
SetFileAttributesW
GetTempPathW
RemoveDirectoryW
GetFullPathNameW
CreateDirectoryW
FileTimeToDosDateTime
DosDateTimeToFileTime
GetSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
QueryDosDeviceW
GetComputerNameExW
LoadLibraryA
TerminateProcess
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
OpenFileMappingW
GetFileTime
SetFileTime
LoadLibraryExW
lstrcmpiW
FindResourceW
LoadResource
GetSystemInfo
LockResource
MultiByteToWideChar
GetACP
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
TryEnterCriticalSection
ResetEvent
CreateEventW
OpenEventW
SearchPathW
GetFileAttributesExW
GetShortPathNameW
GetLongPathNameW
WideCharToMultiByte
OpenMutexW
ReleaseMutex
CreateMutexW
InitializeCriticalSectionAndSpinCount
GlobalFree
GetWindowTextLengthW
GetWindowTextW
GetIconInfo
GetDC
OpenDesktopW
FindWindowW
GetActiveWindow
DestroyWindow
SendMessageW
IsWindow
EnumChildWindows
EnumDesktopWindows
GetDesktopWindow
GetWindowThreadProcessId
ReleaseDC
GetUserObjectInformationW
MessageBoxW
CloseDesktop
IsWindowVisible
LoadImageW
LookupIconIdFromDirectoryEx
GetProcessWindowStation
UnregisterClassW
DestroyIcon
PrivateExtractIconsW
CreateIconFromResourceEx
CreateDesktopW
GetTextExtentPointW
GetStockObject
GetTextExtentExPointW
SelectObject
CreateFontIndirectW
CreateCompatibleDC
GetDIBits
DeleteDC
DeleteObject
GetObjectW
AdjustTokenPrivileges
RegisterEventSourceW
SetEntriesInAclW
SetNamedSecurityInfoW
IsValidSid
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
EqualSid
AllocateAndInitializeSid
FreeSid
ConvertSidToStringSidW
GetLengthSid
LookupPrivilegeValueW
ReportEventW
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
DeregisterEventSource
SHChangeNotify
ShellExecuteW
DuplicateIcon
SHGetSpecialFolderPathW
SHGetFolderPathW
SHGetDesktopFolder
SHGetPathFromIDListW
ExtractIconExW
ShellExecuteExW
SHGetSpecialFolderLocation
SHFileOperationW
SHGetFileInfoW
SHGetMalloc
ord727
CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Pnavail@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBE_JXZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_C_str@?$_Yarn@D@std@@QBEPBDXZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?fail@ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
?rdstate@ios_base@std@@QBEHXZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Getname@_Locinfo@std@@QBEPBDXZ
??0_Locinfo@std@@QAE@HPBD@Z
?_W_Getmonths@_Locinfo@std@@QBEPBGXZ
?_W_Getdays@_Locinfo@std@@QBEPBGXZ
?_Getmonths@_Locinfo@std@@QBEPBDXZ
?_Getdays@_Locinfo@std@@QBEPBDXZ
?_Getcvt@_Locinfo@std@@QBE?AU_Cvtvec@@XZ
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
?_Xruntime_error@std@@YAXPBD@Z
?_Makeloc@_Locimp@locale@std@@CAPAV123@ABV_Locinfo@3@HPAV123@PBV23@@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@_N@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?global@locale@std@@SA?AV12@ABV12@@Z
?uncaught_exception@std@@YA_NXZ
?setf@ios_base@std@@QAEHH@Z
?setf@ios_base@std@@QAEHHH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEDD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??7ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Incref@facet@locale@std@@UAEXXZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
??0facet@locale@std@@IAE@I@Z
??1facet@locale@std@@MAE@XZ
?is@?$ctype@_W@std@@QBE_NF_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?c_str@?$_Yarn@D@std@@QBEPBDXZ
_Wcsxfrm
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?_Xbad_alloc@std@@YAXXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
_Wcscoll
_Mbrtowc
??Bid@locale@std@@QAEIXZ
?_Xinvalid_argument@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z
PathFileExistsW
PathIsDirectoryW
SHDeleteKeyW
UrlEscapeW
StrToIntW
PathRemoveFileSpecW
InternetSetOptionW
InternetGetConnectedState
InternetCrackUrlW
GetAdaptersInfo
GdipGetImageEncodersSize
GdipGetImageRawFormat
GdipSaveImageToFile
GdipLoadImageFromFile
GdipFree
GdipDisposeImage
GdiplusStartup
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateHICONFromBitmap
GdipAlloc
GdipGetImageHeight
GdipGetImageEncoders
GdipLoadImageFromFileICM
GdipCloneImage
GdipGetImageWidth
__CxxFrameHandler3
_purecall
__std_exception_destroy
__std_exception_copy
__std_terminate
__std_type_info_compare
strchr
strstr
wcschr
memset
wcsstr
wcsrchr
_except_handler4_common
_CxxThrowException
__std_type_info_destroy_list
memmove
memcpy
__RTDynamicCast
strrchr
memchr
_invalid_parameter_noinfo_noreturn
_errno
_invalid_parameter_noinfo
_cexit
_beginthreadex
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_endthreadex
raise
_exit
_register_onexit_function
_execute_onexit_table
_crt_atexit
_crt_at_quick_exit
abort
terminate
_initterm_e
_initterm
_callnewh
_recalloc
free
calloc
malloc
_msize
realloc
atof
_wtof
strtol
_wtoi64
_wtoi
_ui64tow_s
atoi
wcstol
wcstoul
wcsncpy_s
towupper
strpbrk
_stricmp
toupper
tolower
wcsncpy
isalnum
_wcsnicmp
_wcsicmp
strncmp
iswxdigit
strcspn
towlower
__stdio_common_vsprintf_s
ftell
_wfopen_s
fclose
fseek
rewind
fwrite
__stdio_common_vfprintf
fread
fopen
__stdio_common_vswprintf
fsetpos
__stdio_common_vsprintf
__stdio_common_vsscanf
__stdio_common_vswscanf
fputc
fflush
fgetc
fgetpos
setvbuf
__acrt_iob_func
ungetc
_fseeki64
_get_stream_buffer_pointers
_splitpath_s
_lock_file
_unlock_file
srand
qsort
rand
_time64
_localtime64_s
_localtime64
_mktime64
_dtest
modf
_except1
localeconv
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
SysAllocString
VariantClear
?CreateSoftInstallModule@RC@@YAPAVRCSoftInstallModuleIF@1@XZ
?CreateStatisticsModule@RC@@YAPAVRCStatisticsModuleIF@1@XZ
?ReleaseSoftInstallModule@RC@@YAXXZ
?ReleaseStatisticsModule@RC@@YAXXZ
CreateObject
ReleaseObject
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ