64a7351d8066d3ca3cc07c7232610b00_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

64a7351d8066d3ca3cc07c7232610b00_NEAS
Size

320KB
MD5

64a7351d8066d3ca3cc07c7232610b00
SHA1

cce48aff485e1d74b5f2f07a0136a36ee6ad1204
SHA256

40f49714287da338583a1a9357f6d08cbac18fdba8231c9e09cc294947a85be7
SHA512

01971db3370a9e56dbdca63d4d93e154de7b298c265c584f462a82c983463a19d5594a41393387d5c856e16a9eebdc8f9db540e9a7a6f80e17c05b555deecdb8
SSDEEP

6144:sbpZSmYB/zPN2tAyw7xQgPORTKAOXOlqD:sbp8XP81sxQgP2KtvD

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
64a7351d8066d3ca3cc07c7232610b00_NEAS

Files

64a7351d8066d3ca3cc07c7232610b00_NEAS
.dll regsvr32 windows:4 windows x86 arch:x86

590d6e7ca582ee059baf0d441a6a7c37

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
RaiseException
InterlockedExchange
GetThreadLocale
DeleteCriticalSection
GetVersionExA
CreateFileA
GetFileSize
WriteFile
ReadFile
GetSystemDirectoryA
FindFirstFileA
FindClose
FindNextFileA
CloseHandle
DeleteFileA
FindResourceA
lstrlenA
lstrcpynA
FreeLibrary
LoadResource
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
TerminateThread
SizeofResource
LeaveCriticalSection
IsDBCSLeadByte
lstrcatA
MultiByteToWideChar
lstrlenW
GetLastError
lstrcmpiA
InitializeCriticalSection
DisableThreadLibraryCalls
GetModuleFileNameA
GetModuleHandleA
LoadLibraryExA
CreateThread
lstrcpyA
SetFilePointer
GetTickCount
lstrcmpA
GetProcAddress
LoadLibraryA
GetVersion
MoveFileA
ExpandEnvironmentStringsA
Sleep
CreateDirectoryA
CreateMutexA
SetStdHandle
GetOEMCP
GetCPInfo
GetStringTypeW
GetStringTypeA
RtlUnwind
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter
GetLocaleInfoA
FlushFileBuffers
SetEndOfFile
CompareStringA
CompareStringW
SetEnvironmentVariableA
EnterCriticalSection
IsBadCodePtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsBadReadPtr
SetUnhandledExceptionFilter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
LCMapStringW
LCMapStringA
GetTimeZoneInformation
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
HeapDestroy
ExitProcess
GetCommandLineA
GetCurrentThreadId
HeapReAlloc
VirtualQuery
HeapFree
GetSystemTimeAsFileTime
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
LocalFree

user32

FindWindowExA
GetWindowTextA
ShowWindow
FindWindowA
SendMessageA
wsprintfW
GetDlgItem
EndDialog
DialogBoxParamA
wsprintfA
CharToOemA
IsCharAlphaNumericA
CharNextA

advapi32

RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegDeleteKeyA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA

shell32

SHGetSpecialFolderPathA

ole32

CoTaskMemAlloc
StringFromGUID2
CoTaskMemRealloc
CoCreateInstance
CoTaskMemFree

oleaut32

SafeArrayCopy
SysStringByteLen
SafeArrayGetVartype
VariantChangeType
SysAllocStringLen
VarBstrCmp
VarBstrCat
VariantInit
SafeArrayCreate
SysAllocStringByteLen
VariantCopy
VariantClear
LoadRegTypeLi
RegisterTypeLi
VarUI4FromStr
UnRegisterTypeLi
LoadTypeLi
SysStringLen
SysAllocString
SysFreeString
GetErrorInfo

shlwapi

SHDeleteKeyA
PathFindExtensionA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

590d6e7ca582ee059baf0d441a6a7c37

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

Exports

Exports

Sections

.text Size: 200KB - Virtual size: 198KB

.rdata Size: 52KB - Virtual size: 51KB

.data Size: 20KB - Virtual size: 151KB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 36KB - Virtual size: 32KB

.text
Size: 200KB - Virtual size: 198KB

.rdata
Size: 52KB - Virtual size: 51KB

.data
Size: 20KB - Virtual size: 151KB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 36KB - Virtual size: 32KB