abde649f31e0a9092966e857bf70b0d2

Sharing

Copy URL Twitter E-mail

General

Target

abde649f31e0a9092966e857bf70b0d2
Size

17KB
MD5

abde649f31e0a9092966e857bf70b0d2
SHA1

6d9ef2ce414459429e1d890b77b87e7570e62e62
SHA256

47a2b9c8f0563ebe82444b74fcaf3879bd016de6ac051267a9b554c085997ab9
SHA512

a3e993ce2dd44b669830834362848a988be24144fa49271c2cb8eb5e52d88faf20f9f58a484557a9ac150bd1ee4a751ec4715f425ed5b61b148169fae06b9616
SSDEEP

384:o2ijG7RuT6DXUnJn6z20EtdQxQiVNit3H6aZ2C6eaBH2smt:olIRu6wM2nijihHrfL

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ntlea-2007.02-unofficial/NT Locale Emulator Advance/ntleac.exe
unpack001/ntlea-2007.02-unofficial/NT Locale Emulator Advance/ntleah.dll
unpack001/ntlea-2007.02-unofficial/NT Locale Emulator Advance/ntleap.dll

Files

abde649f31e0a9092966e857bf70b0d2
.7z
ntlea-2007.02-unofficial/NT Locale Emulator Advance/NTLEA.exe.txt
ntlea-2007.02-unofficial/NT Locale Emulator Advance/Readme.txt
ntlea-2007.02-unofficial/NT Locale Emulator Advance/neko.dll.txt
ntlea-2007.02-unofficial/NT Locale Emulator Advance/ntleac.exe
.exe windows:4 windows x86 arch:x86

4839f5c4e6b9593604a736cca21543db

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
CreateRemoteThread
ExitProcess
FlushInstructionCache
GetBinaryTypeW
GetCommandLineW
GetCurrentDirectoryW
GetEnvironmentVariableW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetSystemDirectoryW
GetThreadContext
GetWindowsDirectoryW
HeapAlloc
HeapCreate
CreateMutexA
LocalFree
MapViewOfFile
ReadFile
ReadProcessMemory
ResumeThread
RtlMoveMemory
SetFilePointer
Sleep
SuspendThread
UnmapViewOfFile
VirtualAllocEx
VirtualProtect
WaitForMultipleObjects
WideCharToMultiByte
WriteProcessMemory
lstrcatW
lstrcpyW
lstrcpynW
lstrlenW
CreateFileW
CreateFileMappingA
CreateFileA
CreateEventA
LoadLibraryW
CloseHandle

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetPathFromIDListW
CommandLineToArgvW
SHBrowseForFolderW

user32

MessageBoxA

comdlg32

GetOpenFileNameW

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ntlea-2007.02-unofficial/NT Locale Emulator Advance/ntleah.dll
.dll windows:4 windows x86 arch:x86

5f6c92b6c2acd78cd3bdffbcd91cb232

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

TlsAlloc
HeapCreate
CreateThread
TlsGetValue
HeapAlloc
GetLastError
SetLastError
TlsSetValue
lstrcmpiA
GlobalFindAtomA
GlobalAddAtomA
WideCharToMultiByte
MultiByteToWideChar
IsBadWritePtr
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CloseHandle
GetVersionExA
LoadLibraryA
GetProcAddress
GetACP
GetOEMCP
GetCPInfo
CreateFileA
CompareStringA
CreateProcessA
CreateProcessW
GetTimeZoneInformation
GetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetUserDefaultLCID
GetSystemDefaultLangID
GetUserDefaultLangID
GetCommandLineA
GetCommandLineW
IsDBCSLeadByte
OpenEventA
SetEvent
IsDBCSLeadByteEx
SetUnhandledExceptionFilter
TerminateProcess
ExitProcess
HeapFree
GetModuleHandleW
GetSystemDirectoryW
lstrcatW
LoadLibraryW
VirtualProtect
FlushInstructionCache
CreateFileW
GetSystemDirectoryA
lstrlenA
lstrcatA
lstrlenW
ReadFile
CreateEventA
ReadProcessMemory
WriteProcessMemory
ResumeThread
Sleep
SuspendThread
GetThreadContext
VirtualAllocEx
CreateRemoteThread
WaitForMultipleObjects
GetCurrentThreadId

user32

GetClassInfoA
GetClassInfoW
IsWindowUnicode
GetClassNameA
CallNextHookEx
GetPropA
SetPropA
GetWindowLongA
SetWindowLongW
CallWindowProcA
GetWindowLongW
RemovePropA
CallWindowProcW
SendMessageW
PostMessageW
SendNotifyMessageW
SendMessageCallbackW
SendMessageTimeoutW
DialogBoxIndirectParamW
CreateDialogIndirectParamW
CreateDialogParamW
DialogBoxParamW
DefWindowProcA
DefMDIChildProcA
DefDlgProcA
DefFrameProcA
DialogBoxParamA
DialogBoxIndirectParamA
CreateDialogIndirectParamA
CreateDialogParamA
CreateWindowExA
SetWindowTextA
GetWindowTextA
SendMessageA
SendMessageCallbackA
SendMessageTimeoutA
SendNotifyMessageA
PostMessageA
SetWindowLongA
GetMenuStringA
CharPrevA
CharNextA
CharPrevExA
CharNextExA
GetMenuStringW
GetMenuItemInfoW
SetMenuItemInfoW
GetWindowTextW
wsprintfA
GetForegroundWindow
MessageBoxA
SetWindowTextW
CreateWindowExW
DefWindowProcW
DefMDIChildProcW
DefDlgProcW
DefFrameProcW
SetWindowsHookExA
SetWindowsHookExW
UnhookWindowsHookEx

version

VerQueryValueA

gdi32

EnumFontFamiliesExA
CreateFontIndirectA
CreateFontIndirectW

ntdll

RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteSize
RtlOemToUnicodeN
RtlUnicodeToOemN

Sections

ntleat
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ntlead
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntlea-2007.02-unofficial/NT Locale Emulator Advance/ntleap.dll
.dll windows:4 windows x86 arch:x86

173cff16bff2e323f3ffe7a88de090a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetModuleFileNameW
lstrcatW
CreateFileW
GetFileSize
VirtualAlloc
ReadFile
CloseHandle
VirtualFree
lstrcatA

Exports

Exports

NtleaGetVersionString

Sections

ntleat
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

ntlead
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 512B - Virtual size: 342B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 85B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ntlea-2007.02-unofficial/NT Locale Emulator Advance/system.ini
ntlea-2007.02-unofficial/NT Locale Emulator Advance/用戶須知.txt

Sharing

General

Malware Config

Signatures

Files

4839f5c4e6b9593604a736cca21543db

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

comdlg32

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 1KB

5f6c92b6c2acd78cd3bdffbcd91cb232

Headers

File Characteristics

Imports

kernel32

user32

version

gdi32

ntdll

Sections

ntleat Size: 10KB - Virtual size: 9KB

ntlead Size: 1KB - Virtual size: 2KB

.idata Size: 5KB - Virtual size: 4KB

.reloc Size: 1KB - Virtual size: 1KB

173cff16bff2e323f3ffe7a88de090a6

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

ntleat Size: 512B - Virtual size: 304B

ntlead Size: 512B - Virtual size: 144B

.idata Size: 512B - Virtual size: 342B

.edata Size: 512B - Virtual size: 85B

.reloc Size: 512B - Virtual size: 84B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 1KB

ntleat
Size: 10KB - Virtual size: 9KB

ntlead
Size: 1KB - Virtual size: 2KB

.idata
Size: 5KB - Virtual size: 4KB

.reloc
Size: 1KB - Virtual size: 1KB

ntleat
Size: 512B - Virtual size: 304B

ntlead
Size: 512B - Virtual size: 144B

.idata
Size: 512B - Virtual size: 342B

.edata
Size: 512B - Virtual size: 85B

.reloc
Size: 512B - Virtual size: 84B