NEAS[.]60a794b6e1d2bdf9043106739e9c8f30[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.60a794b6e1d2bdf9043106739e9c8f30.exe
Size

234KB
MD5

60a794b6e1d2bdf9043106739e9c8f30
SHA1

99cda7a3c938473299f881542e67fc5965295c37
SHA256

d145cd906e33846998f34f6d2eef36db26495165dcd36ab4643749b74343a8ff
SHA512

06e95fc778a025c8b2194f13dfe2a4ce87a33d9b6e67c7bbcff6f2ad9b44c0b93cbddf869cf9b594c4d4460c4ace5b1932f05d5c2e9790e37bcaa752c419663d
SSDEEP

6144:CXcddfSNhFTClIRklwVJX4LH0bCsMzOb1F:CXcsVJILH0bv9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.60a794b6e1d2bdf9043106739e9c8f30.exe

Files

NEAS.60a794b6e1d2bdf9043106739e9c8f30.exe
.exe windows:5 windows x86

46559dbb5033872ad0ffe099984e7be9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

amcommonlib

?CreateKey@CRegExt@@QAEHPBDPAUHKEY__@@K@Z
?GetDWord@CRegExt@@QAEHAAKKPBD@Z
?GetDWord@CRegExt@@QAEHAAKPBD@Z
?GetBool@CRegExt@@QAEHAAHHPBD@Z
?OpenReadOnly@CRegExt@@QAEHPBDPAUHKEY__@@@Z
?GetString@CRegExt@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@PBDK@Z
?OpenReadWrite@CRegExt@@QAEHPBDPAUHKEY__@@@Z
?SetInt@CRegExt@@QAEHHPBD@Z
?GetDWordArray@CRegExt@@QAEHAAVCDWordArray@@PBDK@Z
?SetDWord@CRegExt@@QAEHKPBD@Z
?SetBool@CRegExt@@QAEHHPBD@Z
?GetString@CRegExt@@QAEHPADPBDK@Z
?GetInt@CRegExt@@QAEHAAHHPBD@Z
?GetBool@CRegExt@@QAEHAAHPBD@Z
?GetInt@CRegExt@@QAEHAAHPBD@Z
?GetString@CRegExt@@QAEHAAV?$CStringT@DV?$StrTraitMFC_DLL@DV?$ChTraitsCRT@D@ATL@@@@@ATL@@HK@Z
??0CRegExt@@QAE@XZ
??1CRegExt@@UAE@XZ
?Setm_hWndOwner@CSHBrowseDlg@@QAEXPAUHWND__@@@Z
?DoModal@CSHBrowseDlg@@QAEHPBD0PAUHICON__@@II@Z
?GetFullPath@CSHBrowseDlg@@QAEPADXZ
??0CSHBrowseDlg@@QAE@PAUHWND__@@@Z
?SetString@CRegExt@@QAEHPBD0@Z
??1CSHBrowseDlg@@QAE@XZ

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

mfc90

ord1108
ord2587
ord2069
ord3643
ord4646
ord1720
ord2283
ord777
ord3480
ord4638
ord1668
ord2274
ord611
ord3554
ord3244
ord4644
ord2280
ord693
ord2590
ord6327
ord4252
ord686
ord436
ord2899
ord5167
ord744
ord524
ord636
ord2097
ord2469
ord367
ord6333
ord4760
ord310
ord6681
ord4502
ord3148
ord2364
ord1691
ord6048
ord4333
ord3632
ord1716
ord767
ord2039
ord4977
ord775
ord5482
ord2592
ord3641
ord1718
ord1783
ord4115
ord6491
ord6150
ord2045
ord4384
ord580
ord781
ord690
ord6154
ord1758
ord6225
ord1607
ord2809
ord3045
ord5535
ord941
ord306
ord441
ord3414
ord3413
ord5878
ord321
ord4477
ord664
ord2209
ord3351
ord405
ord2505
ord6255
ord6456
ord3479
ord3489
ord3228
ord5151
ord4616
ord4513
ord4801
ord2263
ord333
ord2207
ord340
ord790
ord3654
ord3273
ord4256
ord6329
ord6557
ord3141
ord4981
ord5663
ord5646
ord6001
ord3110
ord3659
ord589
ord1258
ord1254
ord1252
ord736
ord499
ord338
ord2337
ord1188
ord1137
ord798
ord3980
ord4890
ord1204
ord614
ord3762
ord3946
ord3953
ord3987
ord300
ord2130
ord6682
ord5152
ord3175
ord945
ord4993
ord3178
ord2672
ord942
ord1938
ord1937
ord2057
ord1934
ord5615
ord4617
ord5309
ord2208
ord1810
ord1809
ord1678
ord3344
ord1361
ord1496
ord5636
ord4668
ord3506
ord374
ord639
ord654
ord4650
ord3519
ord615
ord2103
ord1604
ord4496
ord2277
ord1670
ord3346
ord6391
ord1755
ord1752
ord4331
ord1497
ord4640
ord5585
ord2074
ord5497
ord6780
ord4589
ord5647
ord3732
ord5139
ord4688
ord1729
ord6446
ord5668
ord5666
ord958
ord963
ord967
ord965
ord969
ord2610
ord2630
ord2614
ord2620
ord2618
ord2616
ord2633
ord2628
ord2612
ord2635
ord2623
ord2605
ord2607
ord2625
ord2375
ord2368
ord1644
ord6784
ord4160
ord6782
ord3671
ord5389
ord6356
ord3218
ord1446
ord5608
ord2139
ord1792
ord1791
ord1728
ord5633
ord2766
ord2978
ord3107
ord4714
ord2961
ord3135
ord2769
ord2888
ord2759
ord3277
ord4066
ord4067
ord4057
ord2886
ord4498
ord2282
ord3568
ord6074
ord1357
ord1358
ord3477
ord2106
ord3534
ord1061
ord1087
ord3726
ord2360
ord3140
ord3783
ord1186
ord1182
ord1098
ord6004
ord6003
ord6757
ord5814
ord4431
ord4116
ord6559
ord6802
ord5761
ord2447
ord2327
ord4952
ord4029
ord6791
ord4507
ord390
ord652
ord5963
ord4392
ord5924
ord5997
ord4311
ord2691
ord5835
ord1144
ord5750
ord1247
ord265
ord266
ord3579
ord6494
ord1603
ord6613
ord3213
ord305
ord1611
ord1174
ord1183
ord6584
ord1114
ord2539
ord793
ord4434
ord4409
ord6783
ord4334
ord4895
ord4667
ord3487
ord595
ord316
ord6740
ord6388
ord2591
ord2481
ord910
ord601
ord817
ord820
ord800
ord4159
ord6781
ord4733
ord2251
ord2206
ord6018
ord4165
ord1046
ord5533
ord6721
ord5813
ord4199
ord2087
ord3209
ord5657
ord605
ord1278
ord1233
ord1145
ord322
ord801
ord6676
ord5659
ord1276

msvcr90

_itoa
_strupr
_controlfp_s
_invoke_watson
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_acmdln
exit
_ismbblead
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
_except_handler4_common
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
fopen
fprintf
sprintf
_access
sscanf
strtod
getenv_s
qsort
remove
_mkdir
strcat_s
malloc
strchr
sprintf_s
fopen_s
fwrite
fclose
strtok_s
strcpy_s
_time64
_localtime64_s
atof
memmove_s
strtok
atoi
free
_strdup
memset
memcpy_s
strstr
__CxxFrameHandler3
_setmbcp

kernel32

FindClose
GetFileAttributesA
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetStartupInfoA
InterlockedCompareExchange
InterlockedExchange
LocalAlloc
LocalFree
ExpandEnvironmentStringsA
WritePrivateProfileSectionA
GetLocaleInfoA
GetShortPathNameA
GetSystemTime
SystemTimeToFileTime
GetFileTime
WaitForSingleObject
WriteFile
WinExec
GetLocalTime
ReadFile
lstrcatA
GetTempPathA
GetTempFileNameA
Sleep
CreateProcessA
CopyFileA
GetTickCount
GetModuleFileNameW
WideCharToMultiByte
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
RemoveDirectoryA
FindNextFileA
CompareFileTime
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateFileA
GetFileSize
CreateDirectoryA
DeleteFileA
GetLastError
SetLastError
GetModuleHandleA
GetCurrentProcessId
GlobalMemoryStatusEx
WritePrivateProfileStringA
lstrcmpiA
lstrcpyA
OpenMutexA
lstrlenA
CreateMutexA
CloseHandle
GetModuleFileNameA
GetPrivateProfileStringA
GetPrivateProfileIntA
LoadLibraryA
GetProcAddress
FindFirstFileA
FreeLibrary

user32

wvsprintfA
MessageBeep
SendMessageA
GetDlgItem
GetCursorPos
TrackPopupMenu
InvalidateRect
DrawFocusRect
FillRect
CopyRect
LoadCursorA
SetCursor
DdeDisconnect
DdeClientTransaction
DdeInitializeA
DdeCreateStringHandleA
DdeConnect
DdeFreeStringHandle
DdeUninitialize
PeekMessageA
TranslateMessage
DispatchMessageA
GetParent
SetScrollRange
SetScrollPos
WaitForInputIdle
SetFocus
MoveWindow
RegisterWindowMessageA
LoadImageA
DrawIconEx
DestroyIcon
GetSystemMetrics
LoadIconA
UpdateWindow
ReleaseDC
GetDC
GetClientRect
GetWindowRect
IsIconic
GetSystemMenu
LoadMenuA
RemoveMenu
ModifyMenuA
InsertMenuA
GetSubMenu
EnableMenuItem
CheckMenuItem
AppendMenuA
DrawIcon
FindWindowA
ShowWindow
SetForegroundWindow
BringWindowToTop
PostQuitMessage
PostMessageA
IsWindowVisible
SetTimer
wsprintfA
MessageBoxA
KillTimer
EnableWindow

gdi32

CreateCompatibleDC
DeleteObject
CreateCompatibleBitmap

winspool.drv

EnumPrintersA

advapi32

RegQueryValueExA
RegEnumKeyA
RegEnumValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegCloseKey
RegSetValueExA

shell32

ShellExecuteA
SHGetSpecialFolderPathA
SHGetFolderPathA
Shell_NotifyIconA
ShellExecuteExA

shlwapi

PathIsDirectoryA

oleaut32

VarBstrFromDate
SysFreeString
SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

46559dbb5033872ad0ffe099984e7be9

Headers

DLL Characteristics

File Characteristics

Imports

amcommonlib

version

mfc90

msvcr90

kernel32

user32

gdi32

winspool.drv

advapi32

shell32

shlwapi

oleaut32

Sections

.text Size: 137KB - Virtual size: 136KB

.rdata Size: 40KB - Virtual size: 40KB

.data Size: 1KB - Virtual size: 5KB

.rsrc Size: 54KB - Virtual size: 53KB

.text
Size: 137KB - Virtual size: 136KB

.rdata
Size: 40KB - Virtual size: 40KB

.data
Size: 1KB - Virtual size: 5KB

.rsrc
Size: 54KB - Virtual size: 53KB