NEAS[.]35e2b8a985b67b880110e504aca97fc0[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.35e2b8a985b67b880110e504aca97fc0.exe
Size

139KB
MD5

35e2b8a985b67b880110e504aca97fc0
SHA1

862e9462224314c3cc39d0357f9808787fb2bc68
SHA256

5cdd1fb651a4af045bbe5751d9311ce7b7f5f5d908585a1faf05ab204bb747cf
SHA512

9da56680bf7848d8d770743345a019d85d0b718941248b505e2082cbcc02cb9047840f0363fbb66909ab8cbe919dc06465dc76dfb1d63f3faaf35c570e614cbe
SSDEEP

3072:Iue7hbL19vEUe6rFmURj4Jnv2lQBV+UdE+rECWp7hKGhU:MRwzBV+UdvrEFp7hKGe

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.35e2b8a985b67b880110e504aca97fc0.exe

Files

NEAS.35e2b8a985b67b880110e504aca97fc0.exe
.dll windows:6 windows x86

a17af54bf9d379152b9c377204b35eb9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
_wcsnicmp
malloc
free
_wtoi
_wcsicmp
_ultow
_stricmp
memset
memcpy
_vsnwprintf

setupapi

SetupCloseInfFile
SetupOpenInfFileW
SetupOpenLog
SetupDiGetDriverInfoDetailW
SetupLogErrorW
SetupCloseLog
CM_Set_DevNode_Problem_Ex
SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceInstallParamsW
SetupPromptReboot
SetupDiGetActualSectionToInstallW
SetupGetLineCountW
SetupFindFirstLineW
SetupGetStringFieldW
SetupFindNextMatchLineW
SetupDiGetSelectedDriverW

kernel32

GetModuleFileNameW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlUnwind
InterlockedCompareExchange
Sleep
InterlockedExchange
LoadLibraryExW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
SetLastError
FindResourceW
LoadResource
LockResource
SizeofResource
WriteFile
RemoveDirectoryW
CreateDirectoryW
FindFirstFileW
DeleteFileW
FindNextFileW
FindClose
CreateFileW
GetFileInformationByHandle
FileTimeToSystemTime
CloseHandle
FormatMessageW
GetLocalTime
OutputDebugStringW
LoadLibraryW
FreeLibrary
lstrlenA
WideCharToMultiByte
GetWindowsDirectoryW
LocalAlloc
LocalFree
VerSetConditionMask
VerifyVersionInfoW
GetLastError
GetProcAddress
GetModuleHandleW
GlobalFree

advapi32

OpenSCManagerW
ChangeServiceConfigW
QueryServiceConfigW
RegFlushKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
DeleteService
OpenServiceW
QueryServiceStatusEx
CloseServiceHandle
RegOpenKeyExW
RegCloseKey

crypt32

CertGetCertificateContextProperty

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

shell32

CommandLineToArgvW

user32

IsCharAlphaW
IsCharAlphaNumericW
LoadStringW

ole32

CoTaskMemFree

Exports

Exports

WdfCoInstaller
WdfPostDeviceInstall
WdfPostDeviceRemove
WdfPreDeviceInstall
WdfPreDeviceInstallEx
WdfPreDeviceRemove

Sections

.text
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a17af54bf9d379152b9c377204b35eb9

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

setupapi

kernel32

advapi32

crypt32

wintrust

shell32

user32

ole32

Exports

Exports

Sections

.text Size: 57KB - Virtual size: 56KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 3KB - Virtual size: 2KB

.text
Size: 57KB - Virtual size: 56KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB