42fb1dec647dea2fbf988304b97f91f0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

42fb1dec647dea2fbf988304b97f91f0_NEAS
Size

1.3MB
MD5

42fb1dec647dea2fbf988304b97f91f0
SHA1

4437342ab941c38710672090a673ac328f29b8d1
SHA256

9b9dbe677eec0dcffcb639558c3ff27ddc06a5dbaf0d9d0ab23780aaafa3580e
SHA512

a6ef66a92de524c8952786a4955de3a94e684f44f4e234855b8f45f3415da359c15b6254c19b794f4c810255469f2a2ff6e2a7610e896c4db92e1e78bcc90f5f
SSDEEP

12288:xzeNuRkn9PoA9u2G346gDoH/uLJOyo937vGFWxwFJI+yeuVb8r+ZP712Ii+51cjq:RkuKlonP2JOt934J7Z6bQaj1BvUm9J

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
42fb1dec647dea2fbf988304b97f91f0_NEAS

Files

42fb1dec647dea2fbf988304b97f91f0_NEAS
.exe windows:4 windows x86 arch:x86

bc8221a0c44b76b0f235068c59bcc8b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

t:\xdocs\x86\ship\0\regform.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExA
RegQueryValueExA

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

cabinet

ord11
ord23
ord14
ord13
ord20
ord22
ord10

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

kernel32

UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
GetTempPathA
CloseHandle
GetFileAttributesW
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFileInformationByHandle
GetLastError
FindClose
FindFirstFileW
lstrlenW
RaiseException
GetUserDefaultLCID
GetFullPathNameW
DeleteFileW
GetTempFileNameW
GetTempPathW
FormatMessageW
WaitForSingleObject
CreateProcessW
SetUnhandledExceptionFilter
SizeofResource
LockResource
LoadResource
FindResourceW
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
CreateDirectoryW
lstrcmpiW
FreeLibrary
LoadLibraryExW
GetModuleHandleW
GetModuleFileNameW
FindResourceExW
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
EnterCriticalSection
LeaveCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
GetTempFileNameA
CreateProcessA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualProtect
LocalAlloc
LoadLibraryA
FormatMessageA
LocalFree
GetSystemDirectoryW
GetProcAddress
IsDebuggerPresent
WriteFile
LoadLibraryW

user32

CharLowerBuffW
CharUpperBuffW
CharNextW
UnregisterClassA
MessageBoxA

oleaut32

VarBstrCat
VarBstrCmp

ole32

CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize
CoInitialize
CoCreateInstance

msvcr80

_lseek
memcpy
_wsopen_s
_wremove
malloc
free
wcsrchr
wcsstr
wcschr
memcpy_s
wcstol
towupper
towlower
wcsncmp
memset
_vsnwprintf
_recalloc
wprintf
wcsncpy_s
memmove_s
vswprintf_s
wcscpy_s
vsprintf_s
fclose
fwprintf_s
fopen_s
_amsg_exit
__wgetmainargs
_cexit
_exit
_XcptFilter
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_except_handler4_common
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_invoke_watson
_controlfp_s
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_write
_read
_errno
_close

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 653KB - Virtual size: 653KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 568KB - Virtual size: 572KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

bc8221a0c44b76b0f235068c59bcc8b6

Headers

File Characteristics

PDB Paths

Imports

advapi32

version

cabinet

rpcrt4

kernel32

user32

oleaut32

ole32

msvcr80

Sections

.text Size: 62KB - Virtual size: 61KB

.data Size: 1024B - Virtual size: 2KB

.rsrc Size: 653KB - Virtual size: 653KB

.reloc Size: 568KB - Virtual size: 572KB

.text
Size: 62KB - Virtual size: 61KB

.data
Size: 1024B - Virtual size: 2KB

.rsrc
Size: 653KB - Virtual size: 653KB

.reloc
Size: 568KB - Virtual size: 572KB