NEAS[.]c31b944ba40650032f76b7a3e3a0a300[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c31b944ba40650032f76b7a3e3a0a300.exe
Size

103KB
MD5

c31b944ba40650032f76b7a3e3a0a300
SHA1

2ad5bd932fabafdaaaa21b2bd52319678ed5ace8
SHA256

c602251f2ecce4b082ad0b5e189ed11b62367c04565167ad437ce02bda42649e
SHA512

76979adf62095202b0f5b2f4e53ad947a8f4e84ee30a349409913e63b29e8ccb9043aff814638caaaee0947430c1d929c153fca33003cd4966ab95803d77b527
SSDEEP

1536:CXd4/4SscyZk/KoO0499687koot27eni8tVltQ5aK:CXdi4QyZk/M9LpotJTltQ5aK

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c31b944ba40650032f76b7a3e3a0a300.exe

Files

NEAS.c31b944ba40650032f76b7a3e3a0a300.exe
.dll windows:5 windows x86

a67e096db884f97cc10335ce0bcad74d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

xpcom

NS_GetServiceManager
NS_CStringContainerInit
NS_CStringContainerFinish
NS_CStringContainerInit2
NS_StringSetData
NS_StringCloneData
NS_StringContainerFinish
NS_StringContainerInit
NS_StringSetDataRange

kernel32

LoadLibraryA
MultiByteToWideChar
WideCharToMultiByte
TerminateThread
CreateProcessA
GetModuleFileNameA
Sleep
CreateThread
GetExitCodeThread
lstrcmpiA
GetProcAddress
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
WriteFile
CreateFileA
FreeLibrary
GetComputerNameA
GetVolumeInformationA
InterlockedDecrement
GetCurrentProcessId
GetTickCount
WaitForSingleObject
ReleaseMutex
GetModuleHandleA
GetCurrentProcess
GetStringTypeW
lstrlenW
GetLastError
lstrlenA
GetLocaleInfoA
FlushFileBuffers
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleW
WriteConsoleA
GetConsoleOutputCP
InterlockedIncrement
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
HeapSize
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
QueryPerformanceCounter
VirtualFree
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCommandLineA
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy

advapi32

RegSetValueExA
RegCreateKeyExA
RegDeleteValueA
RegOpenKeyA
RegQueryValueExA
RegDeleteValueW
RegCloseKey

oleaut32

VariantClear

Exports

Exports

NSGetModule
NSModule
doCheckFFMWP
getAddonDescription
getJavascript
isUrlExcluded

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a67e096db884f97cc10335ce0bcad74d

Headers

DLL Characteristics

File Characteristics

Imports

xpcom

kernel32

advapi32

oleaut32

Exports

Exports

Sections

.text Size: 71KB - Virtual size: 71KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 5KB - Virtual size: 14KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 8KB - Virtual size: 8KB

.text
Size: 71KB - Virtual size: 71KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 5KB - Virtual size: 14KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 8KB