NEAS[.]01d19f9de5a11ceccfe05e12f33990a0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.01d19f9de5a11ceccfe05e12f33990a0.exe
Size

35KB
MD5

01d19f9de5a11ceccfe05e12f33990a0
SHA1

99ef9a7f3c003e8b86fa20465a9ffefdfe4584e0
SHA256

7b8fa607014746e7563d31b7becf53a70a48e94f614b1731a70752b9c9263f5d
SHA512

82cbde153766ea9ce8f4958110de70f97ee4863a1ae54043d67baeb66295603fac0136ada3d05847f16377bbf5ce3adfa3253d69cdfa7ef5ef0c54397ed947ac
SSDEEP

384:c7vXq518hQOv00s3m7m4FwX78YFRLmnxF07CTSXpB2NoGAb6t3BVSrbaqrHqr8La:iva518W9Ym1O/B6BUXRV5qLqws10

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.01d19f9de5a11ceccfe05e12f33990a0.exe

Files

NEAS.01d19f9de5a11ceccfe05e12f33990a0.exe
.dll windows:10 windows x86

3a0a431dab919a456d2102d837d6d274

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

malloc
_initterm
_except_handler4_common
?terminate@@YAXXZ
free
memcmp
_vsnwprintf
_amsg_exit
_XcptFilter
__CxxFrameHandler3
_vsnprintf
memset

cmutil

CmStrrchrW
WzToSzWithAlloc
CmMalloc
CmFree

advapi32

LookupPrivilegeValueW
InitiateSystemShutdownW
AdjustTokenPrivileges
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
AllocateAndInitializeSid
RegEnumKeyExW
RegSetValueExW
OpenProcessToken
FreeSid
CheckTokenMembership
RegOpenKeyExW
RegCreateKeyW
RegDeleteValueW

kernel32

CloseHandle
GetCurrentDirectoryW
CreateFileW
SetCurrentDirectoryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
LoadLibraryExW
Sleep
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetTickCount
LocalAlloc
GetLastError
GetCurrentThreadId
DisableThreadLibraryCalls
FormatMessageW
LocalFree
CreateDirectoryW
FindFirstFileW
FindNextFileW
GetCurrentProcess
lstrlenW
LoadLibraryExA
lstrlenA
FindClose
WaitForSingleObject

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteExW
SHGetStockIconInfo

user32

MessageBoxW
CharNextW
CharPrevW
DestroyIcon
SendMessageW

rpcrt4

CStdStubBuffer_Connect
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
CStdStubBuffer_DebugServerQueryInterface
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release

ole32

ObjectStublessClient22
ObjectStublessClient3
ObjectStublessClient18
ObjectStublessClient20
ObjectStublessClient15
ObjectStublessClient7
ObjectStublessClient13
ObjectStublessClient5
ObjectStublessClient19
ObjectStublessClient11
ObjectStublessClient8
ObjectStublessClient9
ObjectStublessClient17
ObjectStublessClient10
ObjectStublessClient16
ObjectStublessClient21
ObjectStublessClient4
StringFromGUID2
CoGetObject
ObjectStublessClient6
ObjectStublessClient12
ObjectStublessClient14

Exports

Exports

DllAddRef
DllCanUnloadNow
DllGetClassObject
DllMain
DllRelease
_GetCoCreateInstanceAsAdminHandle
_RemoveShieldIcon
_SetShieldButton
_SetShieldIcon
_ThrowErrorBox

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 916B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

3a0a431dab919a456d2102d837d6d274

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

cmutil

advapi32

kernel32

shell32

user32

rpcrt4

ole32

Exports

Exports

Sections

.text Size: 26KB - Virtual size: 25KB

.data Size: 512B - Virtual size: 916B

.idata Size: 3KB - Virtual size: 3KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

.text
Size: 26KB - Virtual size: 25KB

.data
Size: 512B - Virtual size: 916B

.idata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB