NEAS[.]03489bdabfa10eccc1831f0bdbc9ae60[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.03489bdabfa10eccc1831f0bdbc9ae60.exe
Size

60KB
MD5

03489bdabfa10eccc1831f0bdbc9ae60
SHA1

831ed114017b5a6647c5ef2c03efad7f377b0f4d
SHA256

7d40a0bcd430b8ae09ccb4c14de1c1f5a1868d394f8a1dd75ae6aa31da16d75d
SHA512

2b6be8f2293fd18a7409433f8dd14f593179b8779933b941a02cdc26044361b0ea0c972b1dd5f68364c861b2f373de7fb054415fbdfa08a2104167ce60d74937
SSDEEP

1536:HwcFDoeQZfS6hJXhwAH2ARLJVJFavpdbUu1n56J7kAZ7:uJfJdhwAH2ARLJPS+qn0tkAJ

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.03489bdabfa10eccc1831f0bdbc9ae60.exe

Files

NEAS.03489bdabfa10eccc1831f0bdbc9ae60.exe
.dll windows:4 windows x86

d4be3eab955d0e4e1f1c72afcce08fa9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

acdb16

??0AcRxObject@@IAE@XZ
acrxSysRegistry
?copyFrom@AcRxObject@@UAE?AW4ErrorStatus@Acad@@PBV1@@Z
?clone@AcRxObject@@UBEPAV1@XZ
?comparedTo@AcRxObject@@UBE?AW4Ordering@AcRx@@PBV1@@Z
?isEqualTo@AcRxObject@@UBEHPBV1@@Z
?desc@AcRxDynamicLinker@@SAPAVAcRxClass@@XZ

acad.exe

?acDocManagerPtr@@YAPAVAcApDocManager@@XZ
adsw_acadMainWnd

acui16

?InitAcUiDLL@@YAXXZ

mfc70

ord3610
ord5991
ord3152
ord4748
ord1234
ord4954
ord1814
ord1508
ord1507
ord1451
ord4972
ord2356
ord2546
ord2648
ord5993
ord2529
ord2675
ord2359
ord2463
ord2352
ord3522
ord3523
ord3513
ord2461
ord3751
ord4267
ord4043
ord559
ord546
ord316
ord302
ord4361
ord5007
ord5005
ord2219
ord2229
ord2227
ord2225
ord2221
ord2244
ord2232
ord1377
ord2020
ord2026
ord2234
ord2216
ord2214
ord2237
ord2242
ord2223
ord2239
ord823
ord819
ord821
ord817
ord812
ord5714
ord1452
ord4063
ord4503
ord3208
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1272
ord3748
ord1469
ord1472
ord5666
ord1403
ord1522
ord1523
ord1870
ord4671
ord4516
ord3993
ord4958
ord917
ord2132
ord3735
ord2561
ord1307
ord1755
ord5470
ord5757
ord256
ord257
ord4975
ord3246
ord3445
ord2201
ord332
ord2124
ord572
ord982
ord957
ord1066
ord990
ord317
ord977
ord703
ord705
ord1077
ord1081
ord4088

msvcr70

_initterm
??1type_info@@UAE@XZ
_onexit
__dllonexit
atoi
atol
_mbslwr
_mbsrchr
_mbsinc
free
_adjust_fdiv
_mbschr
??0exception@@QAE@ABV0@@Z
_CxxThrowException
??0exception@@QAE@XZ
??1exception@@UAE@XZ
memmove
vsprintf
_vscprintf
__CxxFrameHandler
_mbscmp
_mbsstr
?terminate@@YAXXZ
malloc
_except_handler3

kernel32

SetFileAttributesA
RemoveDirectoryA
WinExec
DeleteFileA
ResumeThread
CreateToolhelp32Snapshot
Process32First
Process32Next
CloseHandle
GetSystemTime
lstrcmpiA
GetTickCount
SetFileTime
CreateProcessA
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetFileTime
GetCurrentProcess
GetProcAddress
GetModuleHandleA
CopyFileA
ReadFile
GetFileSize
VirtualFreeEx
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
OpenProcess
TerminateProcess
GetTempPathA
GetDriveTypeA
GetLogicalDriveStringsA
GetSystemDirectoryA
WaitForSingleObject
GetExitCodeThread
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
SetFilePointer
Sleep
CreateFileA

user32

PostMessageA
EnableWindow
ClientToScreen
SendMessageA
GetWindowThreadProcessId
PeekMessageA
SetCursorPos
GetParent
GetWindowTextA
WindowFromPoint
GetWindowRect
KillTimer
GetSystemMetrics
GetCursorPos
ScreenToClient
FindWindowA
FindWindowExA
InflateRect
PtInRect
mouse_event
SetTimer

advapi32

RegQueryValueExA
CloseServiceHandle
OpenSCManagerA
RegSetValueExA
RegCloseKey
OpenServiceA
QueryServiceStatus
RegEnumValueA
RegOpenKeyExA
RegCreateKeyA

urlmon

URLDownloadToCacheFileA

wininet

FindFirstUrlCacheEntryA
InternetOpenA
InternetOpenUrlA
InternetCloseHandle
FindNextUrlCacheEntryA
DeleteUrlCacheEntry

msvcp70

?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

Exports

Exports

acrxEntryPoint
acrxGetApiVersion

Sections

.text
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 924B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

d4be3eab955d0e4e1f1c72afcce08fa9

Headers

File Characteristics

Imports

acdb16

acad.exe

acui16

mfc70

msvcr70

kernel32

user32

advapi32

urlmon

wininet

msvcp70

Exports

Exports

Sections

.text Size: 32KB - Virtual size: 30KB

.rdata Size: 12KB - Virtual size: 9KB

.data Size: 4KB - Virtual size: 924B

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 32KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 9KB

.data
Size: 4KB - Virtual size: 924B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 3KB