NEAS[.]467c00c2630e1e0af0c17828a51b1480[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.467c00c2630e1e0af0c17828a51b1480.exe
Size

5.8MB
MD5

467c00c2630e1e0af0c17828a51b1480
SHA1

ee2b24600c309b63eacb06ea71f4bf6204fbbc88
SHA256

551d00e59bd8c0f313164fed254c71709e09b6a3dd8232f03a423bc8cb635619
SHA512

2240abe64ea9c1212c271c17cade3d3787cd144164c5ed04f6418632ba7449a1b9cbe157b749b15e07c51833dfce4401eadeaa40318783eebb690ee62cb35f75
SSDEEP

49152:yHb1saVJCnR90q8TBrwQK9Oc9L7TsJ74v5rTW8p1fCQhOaQUfrI+b5ppYKvR/bv7:zn0xBUPFRRmlcfglgD1xFpPVvi/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.467c00c2630e1e0af0c17828a51b1480.exe

Files

NEAS.467c00c2630e1e0af0c17828a51b1480.exe
.dll windows:5 windows x64

40ba94204f3aa92b545d69adb144c082

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

msvcr100

__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
__CxxQueryExceptionSize
_cexit
??_V@YAXPEAX@Z
_purecall
memcpy
memmove
ungetc
??2@YAPEAX_K@Z
_CxxThrowException
??0exception@std@@QEAA@AEBQEBD@Z
cos
sin
__FrameUnwindFilter
_lock
_onexit
_malloc_crt
__C_specific_handler
?terminate@@YAXXZ
_HUGE
sqrt
_wgetenv
memset
memcmp
__RTtypeid
atan2
__RTDynamicCast
??0exception@std@@QEAA@AEBQEBDH@Z
tan
acos
atan
floor
modf
ceil
asin
setlocale
wcstombs
mbstowcs
_beginthreadex
_swprintf
memchr
wcsncpy
wcsncmp
malloc
pow
fgetc
fputc
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
logf
iswspace
iswalpha
wcsspn
iswxdigit
exp
expf
qsort
localeconv
sprintf
frexp
log
swscanf
wcschr
_copysign
_hypot
iswctype
ldexp
realloc
_isnan
_wfopen
fseek
wcsrchr
_vswprintf
_wtoi
_unlock_file
_lock_file
fclose
fsetpos
_fseeki64
log10
__dllonexit
_unlock
__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
free
_initterm_e
fgetpos
fwrite
memcpy_s
setvbuf
??0bad_cast@std@@QEAA@AEBV01@@Z
??1bad_cast@std@@UEAA@XZ
??0bad_cast@std@@QEAA@PEBD@Z
ungetwc
fputwc
fgetwc
fflush
__CxxUnregisterExceptionObject
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
??1exception@std@@UEAA@XZ
__CxxFrameHandler3
??3@YAXPEAX@Z
_initterm

kernel32

TlsSetValue
GetModuleHandleExW
SetLastError
ReadFile
GetFullPathNameW
FindResourceW
LoadResource
LockResource
SizeofResource
CreateFileW
GetProcessAffinityMask
EncodePointer
DecodePointer
Sleep
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetSystemInfo
IsProcessorFeaturePresent
QueryPerformanceFrequency
TlsGetValue
TlsFree
TlsAlloc
GetFileAttributesW
GetProcAddress
SetThreadAffinityMask
InitializeCriticalSection
LoadLibraryW
FreeLibrary
GetUserDefaultLangID
GetLocaleInfoW
GetVersionExW
lstrcmpiW
GetModuleHandleW
CreateEventW
CreateSemaphoreW
CreateMutexW
SetThreadPriority
GetLastError
GetCurrentThread
GetThreadPriority
WaitForMultipleObjects
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetEvent
ReleaseSemaphore
DuplicateHandle
ReleaseMutex
CloseHandle
LoadLibraryExW
VirtualQuery
GetModuleFileNameW
VirtualProtect

msvcp100

?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?seekoff@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA?AV?$fpos@H@2@_JHH@Z
?seekpos@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA?AV?$fpos@H@2@V32@H@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAPEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@PEAV32@@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_JD@Z
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?_Decref@facet@locale@std@@QEAAPEAV123@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXPEAD00@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??_7?$basic_istream@DU?$char_traits@D@std@@@std@@6B@
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?out@?$codecvt@_WDH@std@@QEBAHAEAHPEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?out@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@_WDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?unshift@?$codecvt@DDH@std@@QEBAHAEAHPEAD1AEAPEAD@Z
?in@?$codecvt@_WDH@std@@QEBAHAEAHPEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?in@?$codecvt@DDH@std@@QEBAHAEAHPEBD1AEAPEBDPEAD3AEAPEAD@Z
?pubsetbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAPEAV12@PEA_W_J@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?id@?$codecvt@_WDH@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?id@?$codecvt@DDH@std@@2V0locale@2@A
??Bid@locale@std@@QEAA_KXZ
?_Getcat@?$codecvt@DDH@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?always_noconv@codecvt_base@std@@QEBA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??_7?$basic_ostream@_WU?$char_traits@_W@std@@@std@@6B@
?_BADOFF@std@@3_JB
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Swap_all@_Container_base0@std@@QEAAXAEAU12@@Z
?pubseekpos@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@H@2@V32@H@Z
?sgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEAD_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
??_7?$basic_ios@DU?$char_traits@D@std@@@std@@6B@
?pubseekoff@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@H@2@_JHH@Z
?pubsync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?endl@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AEAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@J@Z
?ends@std@@YAAEAV?$basic_ostream@_WU?$char_traits@_W@std@@@1@AEAV21@@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?uncaught_exception@std@@YA_NXZ
?_Orphan_all@_Container_base0@std@@QEAAXXZ
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Incref@facet@locale@std@@QEAAXXZ
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Lockit_ctor@_Lockit@std@@SAXH@Z
?_Lockit_dtor@_Lockit@std@@SAXH@Z
?_Ios_base_dtor@ios_base@std@@CAXPEAV12@@Z
??_7ios_base@std@@6B@
??_7?$basic_ios@_WU?$char_traits@_W@std@@@std@@6B@
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?pbackfail@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGG@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A

atl100

ord30

user32

IsZoomed
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
LoadMenuW
LoadCursorW
LoadIconW
SetFocus
GetMenu
GetWindowLongW
GetWindowLongPtrW
GetWindowRect
SetWindowLongPtrW
CallWindowProcW
ShowWindow
MoveWindow
GetClientRect
GetDC
ReleaseDC
SendMessageW
IsIconic
GetSystemMenu
EnableMenuItem
MessageBoxW
PostThreadMessageW
LoadStringW
DefWindowProcW
GetClassInfoW
RegisterClassW
WinHelpW
CreateWindowExW

advapi32

RegCloseKey
RegQueryValueExW
DeregisterEventSource
RegOpenKeyW
RegisterEventSourceW
ReportEventW

ole32

CoCreateInstance

imagehlp

TouchFileTimes

gdi32

SelectObject
GetStockObject
GetTextMetricsW

comdlg32

GetOpenFileNameW

mscoree

_CorDllMain

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nep
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

_text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 139KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

dummy
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

_cortab
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 340KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

40ba94204f3aa92b545d69adb144c082

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

kernel32

msvcp100

atl100

user32

advapi32

ole32

imagehlp

gdi32

comdlg32

mscoree

Sections

.text Size: 3.9MB - Virtual size: 3.9MB

.nep Size: 1024B - Virtual size: 1024B

_text Size: 31KB - Virtual size: 31KB

.rdata Size: 1.2MB - Virtual size: 1.2MB

.data Size: 139KB - Virtual size: 1.2MB

.pdata Size: 190KB - Virtual size: 190KB

dummy Size: 1024B - Virtual size: 1024B

_cortab Size: 2KB - Virtual size: 2KB

.rsrc Size: 340KB - Virtual size: 340KB

.reloc Size: 24KB - Virtual size: 24KB

.text
Size: 3.9MB - Virtual size: 3.9MB

.nep
Size: 1024B - Virtual size: 1024B

_text
Size: 31KB - Virtual size: 31KB

.rdata
Size: 1.2MB - Virtual size: 1.2MB

.data
Size: 139KB - Virtual size: 1.2MB

.pdata
Size: 190KB - Virtual size: 190KB

dummy
Size: 1024B - Virtual size: 1024B

_cortab
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 340KB - Virtual size: 340KB

.reloc
Size: 24KB - Virtual size: 24KB