NEAS[.]73aac5d032680a0f3ce51401b1defb70[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.73aac5d032680a0f3ce51401b1defb70.exe
Size

2.6MB
MD5

73aac5d032680a0f3ce51401b1defb70
SHA1

214d75948f80dda0e121fbf6095175114ff8e100
SHA256

4eeffaf3872e7cde8d5a9e6d9451fd7136b2a16bdaf6760f4f9ea07ec6f01717
SHA512

c6194148491cb736630c61a57b02198bdac2f4b067d53cc895298cdbfc0ecd0c9ed97dacbacae34ab334f6bbe0dec46b6455e3089002a82af715f87af0fedc84
SSDEEP

49152:u3AYIN45MFaGRjB8GRo79WjeOXLkrjyZoRgU50:1VyWk44s

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.73aac5d032680a0f3ce51401b1defb70.exe

Files

NEAS.73aac5d032680a0f3ce51401b1defb70.exe
.dll regsvr32 windows:10 windows x64

5f9edb48baf19045af090ba04d93794f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__ismbblead
_o__malloc_base
_o__purecall
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsdup
_o__wcsicmp
_o__wcsnicmp
memcpy
_o_abort
_o_free
_o_malloc
_o_memset
_o_realloc
_o_setlocale
_o_strcpy_s
_o_terminate
_o_wcscat_s
_o_wcscpy_s
__C_specific_handler
_CxxThrowException
_o__free_base
_o__execute_onexit_table
_o__errno
_o__invalid_parameter_noinfo
_o__initialize_onexit_table
_o__crt_atexit
_o__calloc_base
_o__callnewh
__RTtypeid
strchr
__CxxFrameHandler3
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsnwprintf_s
_o___std_type_info_name
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
_o___pctype_func
_o____mb_cur_max_func
_o____lc_locale_name_func
_o____lc_collate_cp_func
_o____lc_codepage_func
memmove
memcmp

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

cryptsp

CryptCreateHash
CryptAcquireContextW
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptReleaseContext
CryptVerifySignatureW

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW

api-ms-win-core-com-l1-1-1

CoTaskMemFree
CoCreateInstance
StringFromCLSID
IIDFromString

api-ms-win-core-errorhandling-l1-1-3

RaiseFailFastException

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventEnabled
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-processthreads-l1-1-2

IsProcessorFeaturePresent
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentProcessorNumberEx
TerminateProcess

api-ms-win-core-sysinfo-l1-2-1

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetSystemFirmwareTable
GetLocalTime
GetTickCount64
GetSystemTime

api-ms-win-core-interlocked-l1-2-0

InitializeSListHead

api-ms-win-core-debug-l1-1-1

IsDebuggerPresent

api-ms-win-core-errorhandling-l1-1-1

UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
FreeLibrary
SizeofResource
LockResource
GetProcAddress
LoadLibraryExW
GetModuleFileNameW
LoadStringW
GetModuleHandleExW
GetModuleHandleW
LoadResource

api-ms-win-core-synch-l1-2-0

InitializeSRWLock
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
AcquireSRWLockShared
ReleaseSRWLockShared
ResetEvent
InitializeCriticalSectionAndSpinCount
InitializeCriticalSectionEx
InitializeConditionVariable
SleepConditionVariableCS
CreateEventW
WakeConditionVariable
SetEvent
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
Sleep
SleepConditionVariableSRW
WakeAllConditionVariable

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
SystemTimeToFileTime

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

rpcrt4

UuidCompare

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree
LocalReAlloc

crypt32

CryptMsgControl
CertCloseStore
CertGetEnhancedKeyUsage
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CryptMsgClose
CryptDecodeObjectEx
CertGetIssuerCertificateFromStore
CertCreateCertificateContext
CertOpenStore
CryptImportPublicKeyInfo
CertAddCertificateContextToStore
CertFreeCertificateContext
CertFindCertificateInStore

bcrypt

BCryptGenRandom

api-ms-win-core-rtlsupport-l1-2-0

RtlCaptureStackBackTrace
RtlPcToFileHeader

api-ms-win-core-localization-l1-2-1

LCMapStringEx
FormatMessageW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-psapi-l1-1-0

K32GetModuleInformation

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableLevel
TraceEvent
UnregisterTraceGuids
GetTraceLoggerHandle

api-ms-win-core-threadpool-l1-2-0

CloseThreadpoolIo
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolThreadMaximum
CloseThreadpool
CancelThreadpoolIo
StartThreadpoolIo
CreateThreadpoolWork
CreateThreadpoolIo
TrySubmitThreadpoolCallback
SubmitThreadpoolWork
CloseThreadpoolWork

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize

vmbuspiper

VmbusPipeServerOfferChannelEx
VmbusPipeServerConnectPipe

api-ms-win-crt-string-l1-1-0

wcsnlen
strcmp
strncmp

api-ms-win-crt-locale-l1-1-0

_unlock_locales
_lock_locales

api-ms-win-core-perfcounters-l1-1-0

PerfSetCounterSetInfo
PerfStartProvider
PerfSetCounterRefValue
PerfDeleteInstance
PerfStopProvider
PerfCreateInstance

oleaut32

SysFreeString

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
GetStringTypeW
WideCharToMultiByte
CompareStringEx

api-ms-win-core-heap-l1-2-0

GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-file-l1-2-1

WriteFile
ReadFile

api-ms-win-core-io-l1-1-1

CancelIoEx

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-processenvironment-l1-2-0

ExpandEnvironmentStringsW

api-ms-win-core-kernel32-legacy-l1-1-1

SetFileCompletionNotificationModes

wintrust

WTGetSignatureInfo

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f9edb48baf19045af090ba04d93794f

Headers

DLL Characteristics

File Characteristics

Imports

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

ntdll

cryptsp

api-ms-win-core-registry-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-errorhandling-l1-1-3

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-processthreads-l1-1-2

api-ms-win-core-sysinfo-l1-2-1

api-ms-win-core-interlocked-l1-2-0

api-ms-win-core-debug-l1-1-1

api-ms-win-core-errorhandling-l1-1-1

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

rpcrt4

api-ms-win-core-heap-l2-1-0

crypt32

bcrypt

api-ms-win-core-rtlsupport-l1-2-0

api-ms-win-core-localization-l1-2-1

api-ms-win-core-handle-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-heap-obsolete-l1-1-0

vmbuspiper

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-core-perfcounters-l1-1-0

oleaut32

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-l1-2-0

api-ms-win-core-file-l1-2-1

api-ms-win-core-io-l1-1-1

api-ms-win-core-util-l1-1-0

api-ms-win-core-processenvironment-l1-2-0

api-ms-win-core-kernel32-legacy-l1-1-1

wintrust

Exports

Exports

Sections

.text Size: 234KB - Virtual size: 234KB

.rdata Size: 134KB - Virtual size: 133KB

.data Size: 10KB - Virtual size: 46KB

.pdata Size: 12KB - Virtual size: 11KB

.tls Size: 3KB - Virtual size: 2KB

.rsrc Size: 2.3MB - Virtual size: 2.3MB

.reloc Size: 2KB - Virtual size: 2KB

.text
Size: 234KB - Virtual size: 234KB

.rdata
Size: 134KB - Virtual size: 133KB

.data
Size: 10KB - Virtual size: 46KB

.pdata
Size: 12KB - Virtual size: 11KB

.tls
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 2.3MB - Virtual size: 2.3MB

.reloc
Size: 2KB - Virtual size: 2KB