NEAS[.]e1631d5cf1ed29afdaa3e8a2395d2560[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.e1631d5cf1ed29afdaa3e8a2395d2560.exe
Size

132KB
MD5

e1631d5cf1ed29afdaa3e8a2395d2560
SHA1

f5b4a87a75aef592a3be0020f681c67aa29f774f
SHA256

4c840bd0802d19446cb8cd87257fe20d5ab295ca860d7bea99942ac4cdb84af1
SHA512

82a7a02bd824fd050daca98f88f9e592169097268476142568e85ed8699f7a55a34b1dc1dfbb40b7764616cda137ed0be0aa4ad773aceabf67135edd3fb43c2f
SSDEEP

3072:YhCXHg4UfCkCvLeggyQoPCb2bfIQymnykjXWxP1omnfy:Yhf4mgzqG3ygi6

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.e1631d5cf1ed29afdaa3e8a2395d2560.exe

Files

NEAS.e1631d5cf1ed29afdaa3e8a2395d2560.exe
.exe windows:4 windows x86

b4056b690cc7c38e4db1fa320d7a4223

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ws2_32

ntohs
WSACreateEvent
WSACloseEvent
bind
getsockname
WSAEventSelect
socket
WSAStartup
recvfrom
htonl
closesocket
WSACleanup
WSAGetLastError
htons
sendto
WSAEnumNetworkEvents
recv

libav

avCleanFileW
avSetConfig

libeay32

ord339

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

utilsdll

cfg_set_av_last_scan_time
log_deinitialize
StopQuarantSrvc
FsCheckBlockedFileCreationAttempted
ScheduleScanAfterReboot
SendTrayRebootRequestPopup
ListVirusInInfectInfo
EnumLoggedonTSSessions
GetTSSessionUserName
GetTokenOfSession
getopt
optarg
log_AntiVirus
isWow64
fs_disable_Wow64FsRedirection
fs_revert_Wow64FsRedirection
os_is_windows_Vista
log_debug_fmt
MsgPipe_SendRecv_UE
MsgPipe_PostMessage_UE
MsgPipe_RecvMessage
reg_closekey
MsgPipe_Open
is64Bit
reg_getDWORD
reg_openkey
StartQuarantSrvc
log_initialize
log_debug
log_Alert
cfg_get_av_info_all
sec_get_elevation_type_by_token
bBypassFsfilter
log_setlevel
reg_getstring
fs_get_folder_type
GetExeFileVersionEx
cfg_get_av_engine_version
cfg_get_av_ext_sig_version
cfg_get_av_sig_version
reg_get_current_user_hive
GetMbrBootData
GetFloppyBootData
cfg_get_logging_info
os_support_WSC
MsgPipe_Close
TokenHasAdminPrivilege
get_desired_status
reg_setDWORD
cfg_get_install_dir
bBypassFShield2

libavr

libavr_check_all
libav_scanfilebuffer
libavr_init
libavr_cleanup
IsRebootFlagOn
libavr_get_handle
libavr_check_file
libavr_need_scan
libavr_free_handle

msvcrt

_controlfp
_onexit
__dllonexit
??1type_info@@UAE@XZ
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
printf
fputs
wcschr
towupper
fwprintf
_wsplitpath
wprintf
wcsncat
wcsstr
wcscat
_except_handler3
time
realloc
swscanf
_wtoi
_wcsupr
fwrite
_snwprintf
_waccess
_wfopen
fread
fclose
_wunlink
_wcsnicmp
wcsncpy
calloc
wcscpy
_wcsicmp
wcsrchr
_beginthreadex
swprintf
malloc
wcslen
_purecall
_CxxThrowException
_wcsdup
free
wcscmp
__CxxFrameHandler
??2@YAPAXI@Z
??3@YAXPAX@Z

msvcp60

??1_Winit@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?_Xran@std@@YAXXZ
?_Split@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXXZ
??Mstd@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?_Eos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEXI@Z
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
??1_Lockit@std@@QAE@XZ
?_Grow@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAE_NI_N@Z
?_C@?1??_Nullstr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@CAPBGXZ@4GB
?_Tidy@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@AAEX_N@Z

kernel32

Sleep
GetShortPathNameW
ExpandEnvironmentStringsW
OpenMutexW
MapViewOfFile
OpenFileMappingW
ReleaseMutex
UnmapViewOfFile
LocalFree
CreateMutexW
GetLongPathNameW
GetCurrentProcessId
ProcessIdToSessionId
GetLastError
TerminateThread
CreateThread
CreateFileW
ResumeThread
SuspendThread
WaitForMultipleObjects
GetSystemPowerStatus
SetErrorMode
SetThreadPriority
GetCurrentThreadId
CreateDirectoryW
GetModuleFileNameW
ResetEvent
WideCharToMultiByte
MultiByteToWideChar
FormatMessageW
GetLogicalDriveStringsW
GetFileAttributesW
FindNextFileW
GetVolumeNameForVolumeMountPointW
FindFirstFileW
FindClose
SetCurrentDirectoryW
GetCurrentDirectoryW
GetTimeFormatW
GetDateFormatW
GetLocalTime
SetEnvironmentVariableW
GetDriveTypeW
GetSystemInfo
TerminateProcess
GetProcessTimes
CreateProcessW
GetUserDefaultUILanguage
GetACP
SetThreadLocale
GetProcAddress
GetModuleHandleW
GetStartupInfoW
GetTickCount
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
InterlockedIncrement
EnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
InterlockedExchange
InterlockedDecrement
lstrlenA
DeleteCriticalSection
GetCommandLineW

user32

PostQuitMessage
LoadStringW

advapi32

RegOpenKeyExW
ImpersonateLoggedOnUser
RevertToSelf
DuplicateToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance
CLSIDFromProgID

oleaut32

SysAllocString
VariantClear
VariantCopy
VariantInit
VariantChangeType
SysFreeString

mfc42u

ord540
ord4667
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2977
ord2810
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord815
ord1197
ord2613
ord1131
ord2717
ord3142
ord800
ord861
ord858
ord538
ord2836
ord2440
ord4155
ord2036
ord2099
ord2809
ord942
ord3658
ord5446
ord5830
ord6390
ord1569
ord1165

shell32

CommandLineToArgvW

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b4056b690cc7c38e4db1fa320d7a4223

Headers

File Characteristics

Imports

ws2_32

libav

libeay32

version

utilsdll

libavr

msvcrt

msvcp60

kernel32

user32

advapi32

ole32

oleaut32

mfc42u

shell32

Sections

.text Size: 60KB - Virtual size: 57KB

.rdata Size: 12KB - Virtual size: 11KB

.data Size: 36KB - Virtual size: 62KB

.rsrc Size: 20KB - Virtual size: 16KB

.text
Size: 60KB - Virtual size: 57KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 36KB - Virtual size: 62KB

.rsrc
Size: 20KB - Virtual size: 16KB