NEAS[.]cf125cbf043c0ee36e0c75faf4bb3c80[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.cf125cbf043c0ee36e0c75faf4bb3c80.exe
Size

174KB
MD5

cf125cbf043c0ee36e0c75faf4bb3c80
SHA1

4238e9f655600eacff431ef3ad81fe15efd802cd
SHA256

69b1e342fc8183736733224d1797a465593355cabe71b95e77b3a57098182b15
SHA512

789e291ac464746198ffb4d4869d275cf7e33933675fff1d0b9afe2cded4046d693acc3ca962b254dbfe7c092b59bdd86c9521d9f889e388bdfd361b97e32f83
SSDEEP

3072:fxjOgUn9RbSYZcMlgosYCmoYwihphF1I2XBJVFcY+5:fxjO1zdjmihphFVA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.cf125cbf043c0ee36e0c75faf4bb3c80.exe

Files

NEAS.cf125cbf043c0ee36e0c75faf4bb3c80.exe
.dll regsvr32 windows:10 windows x86

ce06d1eaa3929d3ff4057a8eb1663c0d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ntdll

_alldiv
memset
wcstombs

msvcrt

malloc
_amsg_exit
_except_handler4_common
free
_purecall
__CxxFrameHandler3
_XcptFilter
_initterm

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-com-l1-1-0

CoTaskMemFree
StringFromCLSID
CoCreateInstance

api-ms-win-core-string-l1-1-0

MultiByteToWideChar

api-ms-win-core-libraryloader-l1-2-0

DisableThreadLibraryCalls
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegSetValueExA

api-ms-win-core-string-obsolete-l1-1-0

lstrlenA

api-ms-win-core-registry-l2-1-0

RegDeleteKeyA
RegEnumKeyA

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 141KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

ce06d1eaa3929d3ff4057a8eb1663c0d

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

msvcrt

api-ms-win-core-synch-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

Exports

Exports

Sections

.text Size: 27KB - Virtual size: 27KB

.data Size: 512B - Virtual size: 1KB

.idata Size: 2KB - Virtual size: 1KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 141KB - Virtual size: 141KB

.text
Size: 27KB - Virtual size: 27KB

.data
Size: 512B - Virtual size: 1KB

.idata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 141KB - Virtual size: 141KB