47d8b3ef61d3676c0de93942d5b8ad60_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

47d8b3ef61d3676c0de93942d5b8ad60_NEAS
Size

3.5MB
MD5

47d8b3ef61d3676c0de93942d5b8ad60
SHA1

b5b9c16147e0db64dd02033abbefded2ea0bd360
SHA256

cebb94469185aeb40bbc8073b63bf73a111339f966533616669da23626c99268
SHA512

adcdc0f541f8c740bb9fc62271701ee9382172a46a7980623e768722f03b847900b669bec54a47dd9aedffbd5ea5f1bf4fcecf29494f0fa4ed1e7ff28652b1bc
SSDEEP

49152:4vwZY74WSFjwJsSbkp7iIAQj57SK33zeNWcWECR4bPObTYqTiyHIvegQ:4vqYkJwOSQdAn7

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
47d8b3ef61d3676c0de93942d5b8ad60_NEAS

Files

47d8b3ef61d3676c0de93942d5b8ad60_NEAS
.exe windows:5 windows x86 arch:x86

5f4e4233d4de558d904465aee6786416

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Hudson\workspace\CLM_Tools\src\CLM\libCLM\tools\clmutil\Win32\Release MD Unicode\clmutil.pdb

Imports

msvcp100

??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?_Xout_of_range@std@@YAXPBD@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?_Orphan_all@_Container_base0@std@@QAEXXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Swap_all@_Container_base0@std@@QAEXAAU12@@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?uncaught_exception@std@@YA_NXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
?width@ios_base@std@@QAE_J_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?good@ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?endl@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@1@AAV21@@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?_Xinvalid_argument@std@@YAXPBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@_J@Z
?_BADOFF@std@@3_JB
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ

comctl32

ord17

netapi32

Netbios

wsock32

connect
__WSAFDIsSet
getsockopt
ntohl
htonl
gethostname
inet_addr
ioctlsocket
WSACleanup
WSAGetLastError
gethostbyname
htons
setsockopt
inet_ntoa
send
recv
closesocket
socket
getsockname
WSAStartup
select

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreateSequential

msvcr100

??_V@YAXPAX@Z
??_U@YAPAXI@Z
_CxxThrowException
memset
strncpy_s
_localtime64_s
_time64
_mktime64
sscanf_s
memcpy
??2@YAPAXI@Z
??3@YAXPAX@Z
feof
_fileno
_setmode
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_vsnprintf_s
?terminate@@YAXXZ
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
_snprintf_s
wcscmp
wcsstr
ftell
isspace
getchar
_popen
perror
exit
_wunlink
_wremove
remove
_waccess
_wrename
rename
_wstat64i32
_close
_wopen
_wfreopen
freopen
_wfopen
strspn
_strnicmp
fwrite
ferror
abort
vfprintf
_vsnprintf
__p__fmode
__p__commode
_configthreadlocale
__set_app_type
?_query_new_mode@@YAHXZ
__wgetmainargs
_XcptFilter
__FrameUnwindFilter
_amsg_exit
_cexit
strcat_s
_atoi64
__CxxQueryExceptionSize
__CxxExceptionFilter
__CxxRegisterExceptionObject
__CxxDetectRethrow
__CxxUnregisterExceptionObject
memmove
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABQBD@Z
isxdigit
isupper
ispunct
isprint
islower
isgraph
iscntrl
_findfirst64i32
_findnext64i32
_findclose
strtoul
_beginthread
_endthread
_putenv
fopen
fread
strtol
fgetc
ungetc
fseek
clearerr
qsort
getenv
_exit
abs
_localtime64
vsprintf
longjmp
_errno
fprintf
realloc
strtok
_stat64i32
memcmp
isalpha
strcpy_s
rand
_getpid
_getcwd
_strdup
srand
free
malloc
_stricmp
__setusermatherr
_unlink
?what@exception@std@@UBEPBDXZ
__CxxFrameHandler3
_purecall
??0exception@std@@QAE@ABV01@@Z
_putenv_s
getenv_s
isdigit
atoi
strrchr
memchr
strchr
vsprintf_s
_strlwr_s
_access
_strftime_l
sscanf
__sys_nerr
__sys_errlist
_splitpath_s
fopen_s
fgets
toupper
atof
atol
__iob_func
fflush
fclose
strncmp
sprintf
calloc
strtok_s
strncat
strcat
strncpy
strcmp
strlen
strcpy
_setjmp3
tolower
_itoa_s
strstr
sprintf_s
isalnum
_create_locale
_open

wininet

InternetQueryOptionW
InternetSetOptionW
InternetOpenA
InternetQueryOptionA
InternetCloseHandle
InternetSetOptionA

psapi

GetModuleFileNameExA
EnumProcessModules
EnumProcesses
GetModuleBaseNameA

ws2_32

getaddrinfo
getnameinfo
freeaddrinfo

kernel32

QueryPerformanceCounter
SetEndOfFile
SetFilePointer
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetComputerNameA
GetVolumeInformationA
GetModuleHandleW
HeapSetInformation
SetLocalTime
GetComputerNameExA
GetSystemInfo
GetModuleFileNameA
GetComputerNameExW
SystemTimeToFileTime
GetUserDefaultLCID
GetLocaleInfoA
UnmapViewOfFile
LockFileEx
CreateFileMappingA
MapViewOfFile
LoadLibraryExA
FormatMessageA
FreeLibrary
GetCurrentThreadId
TerminateThread
PulseEvent
WaitForMultipleObjects
ResetEvent
CreateThread
Sleep
CreateEventA
UnlockFile
LocalFree
OpenMutexA
CreateMutexA
GetCurrentProcessId
ReleaseMutex
WaitForSingleObject
SetEvent
CloseHandle
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcmpiA
VirtualProtect
VirtualQuery
GetDiskFreeSpaceW
CreateFileMappingW
GetDiskFreeSpaceA
GetFileAttributesExW
DeleteFileW
GetTempPathA
AreFileApisANSI
DeleteFileA
InterlockedCompareExchange
GetFileType
GetStdHandle
GlobalMemoryStatus
LockFile
UnlockFileEx
GetModuleHandleA
GetSystemTimeAsFileTime
LoadLibraryW
FormatMessageW
GetFileAttributesA
GetFileAttributesW
CreateFileW
FlushFileBuffers
OpenEventA
GetTempPathW
GetSystemTime
CompareFileTime
CreateProcessA
FindClose
FindNextFileA
FindFirstFileA
OpenProcess
LocalAlloc
LoadLibraryA
CreateFileA
OpenFileMappingA
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
DecodePointer
EncodePointer
DeviceIoControl
SetLastError
GetCurrentProcess
GetProcessTimes
VirtualFree
VirtualAlloc
GetDriveTypeA
FindNextFileW
FindFirstFileW
GlobalSize
WriteFile
GetFileSizeEx
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalReAlloc
GlobalFree
GetTimeZoneInformation
GetLocalTime
GetEnvironmentVariableW
GetEnvironmentVariableA
GetCommandLineW
WideCharToMultiByte
MultiByteToWideChar
GetVersionExW
GetTickCount
SetHandleInformation
SetErrorMode
GetProcAddress
GetWindowsDirectoryA
GetVersion
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExA
lstrlenA
IsBadWritePtr

user32

CreateDialogIndirectParamA
wsprintfA
GetSystemMetrics
DialogBoxIndirectParamA
ScreenToClient
MoveWindow
ShowWindow
SetWindowTextA
GetClientRect
GetFocus
EndDialog
GetDlgItemTextA
GetDlgItemTextW
GetProcessWindowStation
MessageBeep
GetWindowLongA
SendMessageA
GetDlgItem
GetWindowRect
EnableWindow
GetActiveWindow
MessageBoxA
FindWindowA
GetDesktopWindow
GetParent
GetUserObjectInformationW
SetFocus
SetDlgItemTextA

comdlg32

GetOpenFileNameA

advapi32

RegEnumKeyExA
GetUserNameW
CryptAcquireContextW
CryptReleaseContext
CryptGenRandom
CryptDestroyHash
CryptDestroyKey
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptCreateHash
GetUserNameA
RegSetValueExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
CryptDecrypt
CryptGetHashParam
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
AllocateAndInitializeSid
RegCloseKey
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteValueA
RegQueryValueExA
RegCreateKeyA
RegQueryInfoKeyW
RegEnumKeyA
RegQueryValueExW

shell32

ord680

ole32

StgCreateStorageEx
StgOpenStorageOnILockBytes
CoTaskMemFree
GetHGlobalFromILockBytes
CoSetProxyBlanket
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitializeEx
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageEx

oleaut32

SysAllocString
SysAllocStringLen
VariantInit
SysStringLen
VariantClear
SysFreeString

mscoree

StrongNameSignatureVerificationEx
_CorExeMain

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.textidx
Size: 934KB - Virtual size: 934KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 650KB - Virtual size: 650KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 141KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_dir
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fnp_mar
Size: 512B - Virtual size: 1B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

5f4e4233d4de558d904465aee6786416

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcp100

comctl32

netapi32

wsock32

rpcrt4

msvcr100

wininet

psapi

ws2_32

kernel32

user32

comdlg32

advapi32

shell32

ole32

oleaut32

mscoree

Sections

.text Size: 1.7MB - Virtual size: 1.7MB

.textidx Size: 934KB - Virtual size: 934KB

.rdata Size: 650KB - Virtual size: 650KB

.data Size: 141KB - Virtual size: 186KB

.fnp_dir Size: 512B - Virtual size: 100B

.fnp_mar Size: 512B - Virtual size: 1B

.rsrc Size: 28KB - Virtual size: 27KB

.reloc Size: 102KB - Virtual size: 101KB

.text
Size: 1.7MB - Virtual size: 1.7MB

.textidx
Size: 934KB - Virtual size: 934KB

.rdata
Size: 650KB - Virtual size: 650KB

.data
Size: 141KB - Virtual size: 186KB

.fnp_dir
Size: 512B - Virtual size: 100B

.fnp_mar
Size: 512B - Virtual size: 1B

.rsrc
Size: 28KB - Virtual size: 27KB

.reloc
Size: 102KB - Virtual size: 101KB