5363654bac9078e93e79c88df0b7b6b0_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

5363654bac9078e93e79c88df0b7b6b0_NEAS
Size

1.4MB
MD5

5363654bac9078e93e79c88df0b7b6b0
SHA1

4fe87ca3e919b71d0c2ac376cc1188dfbb78443b
SHA256

d33a562f21e052b80170003bb79a7ba87ae940b1b9d2752d43534761f1fdec0e
SHA512

bd92e77d729b7de161c2122765e6b3967c5c58c9e87c9515ed332de87fb9410f5b6f98cf18a899665d012c625bd82fd3dcbd1ab3db00e34080306cba3de67e56
SSDEEP

12288:Cgqfub3HICEz9jmXc9AcVVgDF4qlmMezQFkL13pnKluKnJZvydL5p:CNuz4RjmXc9DE4qkzDLdBKEKnJxydL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
5363654bac9078e93e79c88df0b7b6b0_NEAS

Files

5363654bac9078e93e79c88df0b7b6b0_NEAS
.exe windows:5 windows x86 arch:x86

5b859053c7a5d6260b6f8565c66e68e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

dexplore.pdb

Imports

kernel32

FreeLibrary
IsDBCSLeadByte
GetUserDefaultLCID
FindClose
FindNextFileW
FindFirstFileW
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
InitializeCriticalSection
GetSystemDefaultLCID
LoadLibraryExA
GetFileAttributesExW
CopyFileW
GetModuleHandleW
FindAtomW
DeleteAtom
AddAtomW
CreateFileMappingA
MapViewOfFile
CreateEventA
CreateMutexA
DuplicateHandle
OpenProcess
LoadLibraryA
GetProcAddress
WaitForSingleObject
SetEvent
ReleaseMutex
GetUserDefaultUILanguage
UnmapViewOfFile
GetFileAttributesA
OutputDebugStringW
VirtualFree
VirtualAlloc
lstrcpynW
SystemTimeToFileTime
GetSystemTime
LoadLibraryExW
WriteFile
GetStdHandle
LoadLibraryW
CreateDirectoryW
MoveFileW
GetFileAttributesW
GetModuleFileNameW
CreateFileW
CloseHandle
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
GetThreadLocale
GetLocaleInfoA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetModuleHandleA
GetVersionExA
LeaveCriticalSection
FindResourceExA
LoadResource
LockResource
SizeofResource
FindResourceA
GetLastError
EnterCriticalSection
GetModuleFileNameA
lstrcmpiA
lstrlenW
GetEnvironmentVariableA
InterlockedExchange
RaiseException
WideCharToMultiByte
MultiByteToWideChar
CreateProcessA
lstrlenA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
LocalAlloc
QueryPerformanceCounter
GetStartupInfoA
InterlockedCompareExchange
Sleep

msvcr80

_except_handler4_common
_callnewh
??3@YAXPAX@Z
free
memcpy_s
_resetstkoflw
wcscpy_s
_mbscmp
_wtol
sprintf_s
_vsnprintf_s
_vswprintf_c_l
strrchr
isprint
_ultow_s
_strlwr_s
strcpy_s
wcsncat_s
_set_purecall_handler
wcsstr
wcspbrk
memmove
wcschr
wcsncpy_s
wcscat_s
_vsnwprintf_s
_wmakepath_s
_wsplitpath_s
swprintf_s
memset
memmove_s
_wcsicmp
wcsrchr
_vscwprintf
vswprintf_s
_wcsnicmp
??_V@YAXPAX@Z
_recalloc
calloc
strncpy_s
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_encode_pointer
__set_app_type
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
_crt_debugger_hook
_controlfp_s
_invoke_watson
malloc

user32

CharNextW
LoadStringW
MessageBoxW
LoadIconA
LoadImageA
DestroyWindow
UnregisterClassA
CharNextA
GetSystemMetrics

advapi32

CryptVerifySignatureA
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextA
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
RegQueryValueExA
RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW

ole32

OleUninitialize
CoInitializeSecurity
StringFromCLSID
OleInitialize
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
IIDFromString
CoCreateInstance

oleaut32

SysAllocString
GetErrorInfo
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarBstrCat
SysAllocStringByteLen
VariantClear
VariantInit
SysStringByteLen
SysFreeString
SysAllocStringLen

shlwapi

PathAddBackslashW

mscoree

CorBindToRuntimeEx
LockClrVersion

custsat

ord5
ord4

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

5b859053c7a5d6260b6f8565c66e68e1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr80

user32

advapi32

ole32

oleaut32

shlwapi

mscoree

custsat

Sections

.text Size: 77KB - Virtual size: 76KB

.data Size: 2KB - Virtual size: 8KB

.rsrc Size: 1.3MB - Virtual size: 2.0MB

.text
Size: 77KB - Virtual size: 76KB

.data
Size: 2KB - Virtual size: 8KB

.rsrc
Size: 1.3MB - Virtual size: 2.0MB