NEAS[.]2d382996a615bb78755200847b0025c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2d382996a615bb78755200847b0025c0.exe
Size

526KB
MD5

2d382996a615bb78755200847b0025c0
SHA1

1de74dea7740b9c7b0ba5560267fa6daafeb3916
SHA256

171e287b8a32451eeb91fe110ba871f97c70fc544865e2fd8628265c8fd9d664
SHA512

b583a98b0ba07f83e17dadd2cf03118b0f038f4fbba77adc29f93ebf201f5005a6cf08fa7bb3270bab4b800025a838d39440393fb8ec50874cb46641f7541f0b
SSDEEP

6144:NcbFwlBeTfbTFhrfGe+bBV3p2NyRqccdKemZHEhiPzrNKOJPeQsf47:iZUerB+P3p2EP15RzrNtJPgf4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2d382996a615bb78755200847b0025c0.exe

Files

NEAS.2d382996a615bb78755200847b0025c0.exe
.dll windows:10 windows x64

12abe03c2d7d5f60187cc98b17c5fe74

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcp110_win

?_Xbad_function_call@std@@YAXXZ
??0_Lockit@std@@QEAA@H@Z
?_Syserror_map@std@@YAPEBDH@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Winerror_map@std@@YAPEBDH@Z
?_Xbad_alloc@std@@YAXXZ
??1_Lockit@std@@QEAA@XZ
?_Xout_of_range@std@@YAXPEBD@Z

msvcrt

??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
?terminate@@YAXXZ
__C_specific_handler
_initterm
free
_amsg_exit
_XcptFilter
_vsnwprintf_s
_errno
_callnewh
malloc
_wtof
swscanf_s
iswspace
iswdigit
_wtoi64
swprintf_s
_i64tow_s
?name@type_info@@QEBAPEBDXZ
wcscmp
mbstowcs
_vsnprintf_s
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@XZ
??1exception@@UEAA@XZ
_purecall
memcpy_s
memmove
_vsnwprintf
??_V@YAXPEAX@Z
__CxxFrameHandler3
??3@YAXPEAX@Z
strnlen
_CxxThrowException
memcmp
memcpy
memset

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameA
GetModuleHandleExW
FreeLibrary
FreeLibraryAndExitThread
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
SleepConditionVariableSRW
InitOnceBeginInitialize
InitOnceComplete
Sleep
WakeAllConditionVariable

api-ms-win-core-synch-l1-1-0

EnterCriticalSection
LeaveCriticalSection
AcquireSRWLockExclusive
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionEx
ReleaseSRWLockShared
InitializeSRWLock
InitializeCriticalSection
CreateMutexExW
CreateEventExW
OpenSemaphoreW
WaitForSingleObjectEx
SetEvent
ReleaseSRWLockExclusive
AcquireSRWLockShared
CreateSemaphoreExW
ReleaseMutex
WaitForSingleObject
ReleaseSemaphore

api-ms-win-core-heap-l1-1-0

HeapFree
GetProcessHeap
HeapAlloc

api-ms-win-core-errorhandling-l1-1-0

SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
RaiseException

api-ms-win-eventing-provider-l1-1-0

EventActivityIdControl
EventWriteTransfer
EventRegister
EventSetInformation
EventUnregister

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TlsSetValue
GetCurrentThreadId
OpenProcessToken
GetCurrentProcessId
TerminateProcess
TlsAlloc
TlsGetValue
TlsFree
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetLocaleInfoEx
LocaleNameToLCID
ResolveLocaleName

api-ms-win-shcore-thread-l1-1-0

SHCreateThreadRef
SHGetThreadRef
SHSetThreadRef

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-string-l1-1-0

WindowsStringHasEmbeddedNull
WindowsIsStringEmpty
WindowsCreateStringReference
WindowsDeleteString
WindowsGetStringRawBuffer
WindowsCreateString
WindowsDuplicateString

api-ms-win-core-com-l1-1-0

StringFromGUID2
CoCreateInstance
CoCreateFreeThreadedMarshaler
CoInitializeEx
IIDFromString
CoTaskMemFree
CoTaskMemRealloc
CoGetApartmentType
CoUninitialize
CoMarshalInterface
CoWaitForMultipleHandles
CoReleaseMarshalData
CoGetInterfaceAndReleaseStream
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemAlloc
CoCreateGuid

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalFree

api-ms-win-core-timezone-l1-1-0

FileTimeToSystemTime
GetTimeZoneInformation
SystemTimeToFileTime

api-ms-win-core-file-l1-1-0

FindFirstFileW
FileTimeToLocalFileTime
FindNextFileW
FindClose
CreateDirectoryW
DeleteFileW

api-ms-win-core-sysinfo-l1-1-0

GetSystemTime
GetSystemTimeAsFileTime
GetTickCount64
GetTickCount

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo
RoOriginateError
GetRestrictedErrorInfo
RoOriginateErrorW
RoTransformError

api-ms-win-core-com-l1-1-1

RoGetAgileReference

api-ms-win-core-winrt-error-l1-1-1

IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo
RoReportFailedDelegate

api-ms-win-rtcore-ntuser-window-l1-1-0

DispatchMessageW
TranslateMessage
PeekMessageW
PostThreadMessageW

api-ms-win-rtcore-ntuser-synch-l1-1-0

MsgWaitForMultipleObjectsEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects
CreateSemaphoreW

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
TrySubmitThreadpoolCallback
CallbackMayRunLong
CreateThreadpoolTimer
SetThreadpoolTimer
FreeLibraryWhenCallbackReturns

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-processthreads-l1-1-1

OpenProcess

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
CompareStringOrdinal

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalUnlock

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegGetValueW
RegQueryValueExW
RegOpenKeyExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-localization-l1-2-2

LCIDToLocaleName

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

Exports

Exports

DllCanUnloadNow
DllGetActivationFactory
DllGetClassObject

Sections

.text
Size: 335KB - Virtual size: 334KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

12abe03c2d7d5f60187cc98b17c5fe74

Headers

DLL Characteristics

File Characteristics

Imports

msvcp110_win

msvcrt

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-shcore-thread-l1-1-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-timezone-l1-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-com-l1-1-1

api-ms-win-core-winrt-error-l1-1-1

api-ms-win-rtcore-ntuser-window-l1-1-0

api-ms-win-rtcore-ntuser-synch-l1-1-0

api-ms-win-core-synch-l1-2-1

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-threadpool-legacy-l1-1-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-security-base-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-localization-l1-2-2

api-ms-win-core-kernel32-legacy-l1-1-0

Exports

Exports

Sections

.text Size: 335KB - Virtual size: 334KB

.rdata Size: 146KB - Virtual size: 145KB

.data Size: 22KB - Virtual size: 24KB

.pdata Size: 16KB - Virtual size: 15KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 5KB - Virtual size: 4KB

.text
Size: 335KB - Virtual size: 334KB

.rdata
Size: 146KB - Virtual size: 145KB

.data
Size: 22KB - Virtual size: 24KB

.pdata
Size: 16KB - Virtual size: 15KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 5KB - Virtual size: 4KB