4d8bee92f28bb8e4ec7ae9f6f1be3be0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

4d8bee92f28bb8e4ec7ae9f6f1be3be0_NEAS
Size

375KB
MD5

4d8bee92f28bb8e4ec7ae9f6f1be3be0
SHA1

13bfe07e88937b2a50585b4a6027431b38e1908a
SHA256

02b35a8754a2a48b5e7c891d32abaf5e9e23bec2434de0eec98c2cc131727a13
SHA512

84111caf19af6e36c270a3c193878d602d7bc5ca2996ca367f5a10f44644b409d182f966e063d838822a758b1834bcf004f4519bc0fb69099873b34b1981d4a8
SSDEEP

6144:fYnSMdP//hrI//hr/24MNDPz9/tQHyl1HopyCVuo8pdXiHOw1vE:QzdP//hrI//hrPM99hHopZ0

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
4d8bee92f28bb8e4ec7ae9f6f1be3be0_NEAS

Files

4d8bee92f28bb8e4ec7ae9f6f1be3be0_NEAS
.exe windows:5 windows x86 arch:x86

16e53a68b5d51f6141817607aae1aae5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

g:\svn\MC-80RC\Components\deployment\LMAXServerHost.pdb

Imports

msvcr90

_encoded_null
sprintf_s
swprintf_s
malloc
__CxxFrameHandler3
wcsncpy_s
wcscpy_s
_wcsicmp
_vsnwprintf_s
_fpreset
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
??0exception@std@@QAE@XZ
_except_handler4_common
__set_app_type
_encode_pointer
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_configthreadlocale
__FrameUnwindFilter
??_V@YAXPAX@Z
??0exception@std@@QAE@ABQBD@Z
??1exception@std@@UAE@XZ
memcpy_s
_CxxThrowException
_initterm
_wcmdln
exit
_invalid_parameter_noinfo
_set_invalid_parameter_handler
_wsplitpath
_snwprintf
__CxxUnregisterExceptionObject
__CxxQueryExceptionSize
__CxxDetectRethrow
__CxxRegisterExceptionObject
__CxxExceptionFilter
??2@YAPAXI@Z
_XcptFilter
_exit
_cexit
__wgetmainargs
_amsg_exit
_unlock
__dllonexit
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
_initterm_e
_crt_debugger_hook
_recalloc
memset
memmove_s
free
??3@YAXPAX@Z
??0exception@std@@QAE@ABV01@@Z
?what@exception@std@@UBEPBDXZ
_purecall

kernel32

MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
WaitForSingleObject
CloseHandle
CreateThread
CreateEventW
GetCommandLineW
SetEvent
FindResourceExW
FindResourceW
LoadResource
LockResource
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedExchange
Sleep
InterlockedCompareExchange
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
InterlockedIncrement
InterlockedDecrement
SetLastError
GetLastError
GetModuleFileNameW
VirtualQuery
GetProcAddress
LoadLibraryA
LoadLibraryW
GetModuleHandleW
DebugBreak
QueryPerformanceFrequency
GetCurrentThread
GetThreadContext
lstrlenW
lstrcmpiW
SizeofResource

user32

TranslateMessage
GetMessageW
CharUpperW
PostThreadMessageW
CharNextW
MessageBoxW
DispatchMessageW

advapi32

RegCloseKey
RegDeleteKeyW
RegEnumKeyExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegSetValueExW

shell32

SHGetFileInfoW

ole32

CoInitialize
StringFromCLSID
CoTaskMemFree
CoCreateInstance
CoUninitialize

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
LoadTypeLi
GetErrorInfo
VariantInit
SysAllocString
VariantClear
SysAllocStringByteLen
SysStringByteLen
SysFreeString

msvcp90

?c_str@?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QBEPB_WXZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??1?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

atl90

ord49
ord56
ord20
ord23
ord61
ord32
ord64
ord58
ord31
ord67
ord17
ord68

msvcm90

?RegisterModuleUninitializer@<CrtImplementationDetails>@@YAXP$AAVEventHandler@System@@@Z
?ThrowNestedModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVException@System@@0@Z
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@P$AAVException@3@@Z
?DoCallBackInDefaultDomain@<CrtImplementationDetails>@@YAXP6GJPAX@Z0@Z
?DoDllLanguageSupportValidation@<CrtImplementationDetails>@@YAXXZ
?ThrowModuleLoadException@<CrtImplementationDetails>@@YAXP$AAVString@System@@@Z

mscoree

_CorExeMain

Sections

.text
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 280KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

16e53a68b5d51f6141817607aae1aae5

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcr90

kernel32

user32

advapi32

shell32

ole32

oleaut32

msvcp90

atl90

msvcm90

mscoree

Sections

.text Size: 78KB - Virtual size: 77KB

.rdata Size: 280KB - Virtual size: 280KB

.data Size: 3KB - Virtual size: 54KB

.rsrc Size: 6KB - Virtual size: 6KB

.reloc Size: 6KB - Virtual size: 5KB

.text
Size: 78KB - Virtual size: 77KB

.rdata
Size: 280KB - Virtual size: 280KB

.data
Size: 3KB - Virtual size: 54KB

.rsrc
Size: 6KB - Virtual size: 6KB

.reloc
Size: 6KB - Virtual size: 5KB