NEAS[.]2c1e41129ad8ad4199d0970642ff9340[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2c1e41129ad8ad4199d0970642ff9340.exe
Size

2.2MB
MD5

2c1e41129ad8ad4199d0970642ff9340
SHA1

5a1d2698c41c675365534ffe3d815f2c044859a2
SHA256

8ee5e06755659f723c0ab5ef175a4f8e9c29ec86d8c1e60744cad100b65d4151
SHA512

59b883d0b88345e0f4d5dad2a03819836e6384f9062ef152d82204da23cc09a5a5b4ae9173f86c452a37b16e0acb77069442db275ab3aa77f6420e66c14412e4
SSDEEP

49152:ZZm45qqrkLKjU+TIgfjQlio3QHXMaCZstBFDGb/xl/ctqFjy8k/aZlhpdiTb:ZQ45qGRTI6QliSQ5+stBFDGb/0a7u

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2c1e41129ad8ad4199d0970642ff9340.exe

Files

NEAS.2c1e41129ad8ad4199d0970642ff9340.exe
.dll regsvr32 windows:5 windows x86

bba89629724a6c3e5e183820808cd219

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

atoi
fclose
fprintf
fopen
calloc
free
malloc
_beginthreadex
printf
fwrite
fread
vsprintf_s
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_CIsqrt
_CIpow
ceil
_CIlog
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??1exception@std@@UAE@XZ
_CxxThrowException
??0exception@std@@QAE@ABV01@@Z
memmove
fgetc
fputc
ungetc
_lock_file
_unlock_file
fflush
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
setvbuf
memcpy_s
fgetpos
_fseeki64
fsetpos
_CIlog10
_CIcos
_CIatan
__iob_func
_CIexp
_CIsin
_endthread
clock
_beginthread
strstr
realloc
_stricmp
_aligned_malloc
_aligned_free
fputs
ftell
fseek
_localtime64
_time64
_stat64i32
sscanf
strncpy
_ctime64_s
_unlink
_vsnwprintf
_unlock
__dllonexit
_lock
_onexit
sprintf
strrchr
??2@YAPAXI@Z
_vsnprintf
__CxxFrameHandler3
memcpy
_purecall
memset
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
??3@YAXPAX@Z

d3d9

Direct3DCreate9

winmm

timeEndPeriod
timeGetTime
timeBeginPeriod

kernel32

IsProcessorFeaturePresent
DecodePointer
EncodePointer
SuspendThread
ResumeThread
GetVersionExA
DisableThreadLibraryCalls
InterlockedDecrement
lstrlenA
MultiByteToWideChar
GetLastError
GetModuleFileNameA
InterlockedIncrement
FreeLibrary
LoadLibraryA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
lstrcmpW
CloseHandle
CreateEventA
SetEvent
ResetEvent
WaitForMultipleObjects
WaitForSingleObject
ReleaseSemaphore
GetSystemInfo
VirtualFree
GetCurrentProcess
GetCurrentThreadId
CreateSemaphoreA
VirtualAlloc
GetProcAddress
GetModuleHandleA
SetThreadPriority
GetCurrentThread
GetTickCount
CreateThread
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
lstrcpyW
lstrlenW
WideCharToMultiByte
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenMutexA
CreateMutexA
CreateFileA
SetEndOfFile
SetFilePointer
WriteFile
ReadFile
lstrcpynA
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
Sleep
SetThreadAffinityMask
QueryPerformanceFrequency
OutputDebugStringA
GetEnvironmentVariableA
TerminateThread
ExitThread
SetThreadPriorityBoost
SetThreadIdealProcessor
GetPrivateProfileStringA
MulDiv
lstrcpyA
VirtualLock
GetPrivateProfileIntA
GetProcessAffinityMask
VirtualUnlock
OpenFileMappingA
CreateDirectoryA
GetFileAttributesA
LocalFree
GetThreadPriority

advapi32

RegEnumKeyExA
RegDeleteKeyW
RegCloseKey
RegDeleteKeyA
RegQueryValueExA
RegOpenKeyExA
RegSetValueExA
RegSetValueA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegCreateKeyA

user32

SetWindowLongA
InvalidateRect
MoveWindow
GetWindowRect
LoadStringW
LoadStringA
CreateDialogParamA
GetDesktopWindow
MessageBoxA
SetRectEmpty
SetRect
SetDlgItemInt
CheckDlgButton
EnableWindow
SetDlgItemTextA
GetDlgItem
SendMessageA
GetDlgItemInt
IsDlgButtonChecked
RegisterClassExA
ValidateRect
CreateWindowExA
ShowWindow
DestroyWindow
DefWindowProcA
PostQuitMessage
wvsprintfA
wsprintfA
GetWindowLongA

gdi32

GetRegionData

ole32

StringFromGUID2
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
CoCreateGuid
CoInitializeEx

oleaut32

VariantClear
SysAllocString
SysFreeString

msvcp100

?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?_Xout_of_range@std@@YAXPBD@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Getcat@?$codecvt@DDH@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?id@?$codecvt@DDH@std@@2V0locale@2@A
??0_Lockit@std@@QAE@H@Z
?in@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?unshift@?$codecvt@DDH@std@@QBEHAAHPAD1AAPAD@Z
?out@?$codecvt@DDH@std@@QBEHAAHPBD1AAPBDPAD3AAPAD@Z
?_BADOFF@std@@3_JB
?_Decref@facet@locale@std@@QAEPAV123@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1_Container_base12@std@@QAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Ios_base_dtor@ios_base@std@@CAXPAV12@@Z
??_7?$basic_ostream@DU?$char_traits@D@std@@@std@@6B@
??_7ios_base@std@@6B@
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xlength_error@std@@YAXPBD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 228KB - Virtual size: 775KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bba89629724a6c3e5e183820808cd219

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

d3d9

winmm

kernel32

advapi32

user32

gdi32

ole32

oleaut32

msvcp100

Exports

Exports

Sections

.text Size: 1.6MB - Virtual size: 1.6MB

.rdata Size: 300KB - Virtual size: 300KB

.data Size: 228KB - Virtual size: 775KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 60KB - Virtual size: 59KB

.text
Size: 1.6MB - Virtual size: 1.6MB

.rdata
Size: 300KB - Virtual size: 300KB

.data
Size: 228KB - Virtual size: 775KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 60KB - Virtual size: 59KB