NEAS[.]67afff96f5c6b072ce986d91212527c0[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.67afff96f5c6b072ce986d91212527c0.exe
Size

2.0MB
MD5

67afff96f5c6b072ce986d91212527c0
SHA1

8c7181f0d0f2a055cb1da8ae56fb21d2163ccf84
SHA256

8e7facc7ab3405a28374f3140c0ba7089dfa21d855b2f4629df4593832197041
SHA512

86cb9db986524c319121a286141dde19d8e205517ec450ad3b4f02b9b0365833b5a041173f2cd55970c81286345683d1c524fc9bc9e0f3d84b370ae68a90afb2
SSDEEP

49152:5oUAAVJSJjy3ey/nXzH85cDPvdm1Wt5C47a1x:5oUAAVJ2y/XVrvdm1WtQz

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.67afff96f5c6b072ce986d91212527c0.exe

Files

NEAS.67afff96f5c6b072ce986d91212527c0.exe
.dll regsvr32 windows:6 windows x86

9cd5330734485650b50eba186f1b4ae1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_ui64toa_s
_gcvt_s
_get_errno
_set_errno
swprintf_s
iswspace
wcsncmp
_fpclass
_HUGE
wcstod
_wtoi
bsearch
srand
rand
_wcsicmp
wcsstr
wcstol
_strnicmp
_strcmpi
tolower
fprintf
_stricmp
fclose
_wfopen
_XcptFilter
_initterm
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_errno
_i64toa_s
_ultoa_s
??1type_info@@UAE@XZ
memchr
_strdup
strncmp
_memicmp
strchr
__CxxFrameHandler3
_vsnprintf
wcstok
_ultow_s
_itow_s
wcstok_s
iswdigit
wcsrchr
_itoa_s
_wtol
_ftol2
memmove_s
wcschr
_wtoi64
qsort
wcstoul
memcpy_s
??_U@YAPAXI@Z
memmove
_purecall
??_V@YAXPAX@Z
_msize
realloc
free
malloc
??2@YAPAXI@Z
memset
memcpy
??3@YAXPAX@Z
calloc
_wcsnicmp
_vsnwprintf

ntdll

NtQuerySystemInformation
VerSetConditionMask

kernel32

GetSystemWindowsDirectoryW
GetSystemWindowsDirectoryA
DeleteCriticalSection
DisableThreadLibraryCalls
OutputDebugStringW
LocalFree
MoveFileExW
ExpandEnvironmentStringsW
CompareStringW
LeaveCriticalSection
GetLastError
EnterCriticalSection
FreeLibrary
GetProcAddress
SetFileAttributesW
GetFileAttributesW
GetSystemDirectoryW
SetEnvironmentVariableW
CloseHandle
SetEvent
OpenEventW
GetEnvironmentVariableW
Sleep
InterlockedExchangeAdd
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
lstrlenW
DeleteFileW
CreateEventW
DeviceIoControl
CreateFileW
WaitForMultipleObjectsEx
GetSystemTimeAsFileTime
InterlockedIncrement
InterlockedDecrement
ReadFile
GetFileSize
GetSystemDefaultLCID
GetCurrentThread
GetSystemTime
GetLocaleInfoW
GetSystemDefaultUILanguage
GetCurrentThreadId
GetUserDefaultUILanguage
ResetEvent
WaitForMultipleObjects
CreateThread
WaitForSingleObject
SetLastError
EnumUILanguagesW
SetThreadExecutionState
RaiseException
RemoveDirectoryW
CreateDirectoryW
lstrcmpiW
CreateTimerQueue
SizeofResource
DeleteTimerQueueTimer
DeleteTimerQueueEx
WideCharToMultiByte
LCMapStringW
GetComputerNameExW
GetVersionExW
CompareFileTime
LoadResource
MultiByteToWideChar
GetComputerNameW
GetFileAttributesExW
GetSystemInfo
VerifyVersionInfoW
InterlockedCompareExchange
LoadLibraryW
SystemTimeToFileTime
GetTimeFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
DuplicateHandle
GetCurrentProcess
LocalFileTimeToFileTime
GetLocalTime
CancelWaitableTimer
SetWaitableTimer
CreateWaitableTimerW
FormatMessageW
GetExitCodeProcess
InterlockedExchange
FreeLibraryAndExitThread
GetExitCodeThread
LoadLibraryExW
TerminateProcess
CreateProcessW
WriteFile
DebugBreak
IsDebuggerPresent
GetCurrentProcessId
LocalAlloc
lstrlenA
DeleteFileA
GetSystemPowerStatus
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
CompareStringA
GetEnvironmentVariableA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
OutputDebugStringA
CreateDirectoryA
CopyFileW
GetFileTime
SetFileTime
GetFileSizeEx
lstrcmpW
FindNextFileW
GetFileType
GetVolumePathNameW
GetDriveTypeW
FindFirstFileW
FindClose
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
FindResourceW
LockResource
FindResourceExW
EnumResourceLanguagesW
UnmapViewOfFile
MapViewOfFileEx
CreateFileMappingW
EnumResourceNamesW
GetTimeZoneInformation
SystemTimeToTzSpecificLocalTime
IsValidLocale
GetDateFormatW
ConvertDefaultLocale
CreateMutexW
ReleaseMutex
SetEndOfFile
SetFilePointer
MapViewOfFile
FlushFileBuffers
GlobalFree
GlobalAlloc
SleepEx
GetTempFileNameW
GetFileAttributesA
CreateFileMappingA
CreateEventA
GetFullPathNameA
CreateProcessA
GetSystemDirectoryA
ExpandEnvironmentStringsA
GetBinaryTypeA
VirtualFree
VirtualAlloc
CreateFileA
DosDateTimeToFileTime
CopyFileA
LoadLibraryA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileStringW
GetSystemDefaultLangID
CreateTimerQueueTimer

user32

CharNextW
ExitWindowsEx
GetSystemMetrics
LoadStringW
DispatchMessageW
CloseWindowStation
GetUserObjectInformationW
OpenWindowStationW
GetActiveWindow
PostThreadMessageW
GetMessageW
TranslateMessage

oleaut32

SysAllocStringLen
SafeArrayCreate
LoadTypeLibEx
SafeArrayGetVartype
VariantClear
SysFreeString
SysAllocString
VariantInit
SysStringLen
VariantChangeType
SysStringByteLen
VariantCopy
SystemTimeToVariantTime
SafeArrayAccessData
SafeArrayUnaccessData
VariantTimeToSystemTime
VarUI4FromStr
SafeArrayCreateVector
SafeArrayPutElement
SysAllocStringByteLen
VariantChangeTypeEx
VariantCopyInd
VarBstrCat

shell32

SHGetFolderPathW

userenv

RegisterGPNotification
CreateEnvironmentBlock
UnregisterGPNotification
DestroyEnvironmentBlock

shlwapi

StrRChrW
StrToIntW
SHDeleteKeyW
StrToIntExW
PathStripPathW
StrChrW
PathIsRootW
PathIsUNCW
PathFindExtensionW
PathStripToRootW
PathIsRelativeW

ws2_32

WSAStartup
WSASocketW
WSAGetLastError
WSAIoctl
closesocket
WSACleanup

esent

JetPrepareUpdate
JetSetColumns
JetUpdate
JetGotoBookmark
JetRetrieveColumns
JetCreateTable
JetCreateIndex2
JetCloseTable
JetGetBookmark
JetDeleteTable
JetSetCurrentIndex
JetDelete
JetMove
JetSeek
JetIndexRecordCount
JetIntersectIndexes
JetMakeKey
JetEndSession
JetBeginSession
JetCloseDatabase
JetTerm2
JetInit
JetDetachDatabase
JetCreateDatabase
JetOpenDatabase
JetAttachDatabase
JetBeginTransaction
JetCommitTransaction
JetRollback
JetOpenTable
JetEscrowUpdate
JetRenameTable
JetDeleteIndex
JetDeleteColumn
JetGetTableColumnInfo
JetSetSystemParameter
JetGetColumnInfo
JetAddColumn
JetSetIndexRange

rpcrt4

RpcStringFreeW
UuidToStringW
I_RpcBindingInqTransportType
UuidCreate
NdrClientCall2
RpcBindingFree
RpcBindingSetAuthInfoExW
RpcBindingFromStringBindingW
UuidToStringA
RpcStringFreeA
UuidFromStringW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

winhttp

WinHttpCloseHandle
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpCrackUrl
WinHttpQueryOption
WinHttpSetTimeouts
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpGetDefaultProxyConfiguration
WinHttpSetOption
WinHttpSetCredentials
WinHttpOpen
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpReadData

winspool.drv

OpenPrinterW
GetPrinterDataW
ClosePrinter
EnumPrinterDriversW

crypt32

CryptProtectData
CryptUnprotectData
CertFreeCertificateContext
CryptHashPublicKeyInfo
CertGetCertificateContextProperty
CertFreeCertificateChain
CertAddSerializedElementToStore
CertGetCertificateChain
CertGetEnhancedKeyUsage
CertGetPublicKeyLength
CertVerifyCertificateChainPolicy
CertOpenStore
CertControlStore
CertFindCertificateInStore
CertCloseStore

iphlpapi

GetAdaptersInfo

winsta

WinStationQueryInformationW

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

cabinet

ord23
ord22
ord21
ord20

mspatcha

ApplyPatchToFileByHandles

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllInstall
DllMain
DllRegisterServer
DllUnregisterServer
GeneralizeForImaging
GetAUOptionsEx
GetEngineStatusInfo
RegisterServiceVersion
ServiceHandler
ServiceMain
WUAutoUpdateAtShutdown
WUCheckForUpdatesAtShutdown
WUServiceMain

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9cd5330734485650b50eba186f1b4ae1

Headers

DLL Characteristics

File Characteristics

Imports

msvcrt

ntdll

kernel32

user32

oleaut32

shell32

userenv

shlwapi

ws2_32

esent

rpcrt4

wtsapi32

winhttp

winspool.drv

crypt32

iphlpapi

winsta

wintrust

cabinet

mspatcha

version

Exports

Exports

Sections

.text Size: 1.8MB - Virtual size: 1.8MB

.data Size: 36KB - Virtual size: 39KB

.rsrc Size: 40KB - Virtual size: 39KB

.reloc Size: 54KB - Virtual size: 53KB

.text
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 36KB - Virtual size: 39KB

.rsrc
Size: 40KB - Virtual size: 39KB

.reloc
Size: 54KB - Virtual size: 53KB