65841bca122b220b6bed4b883b930a90_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

65841bca122b220b6bed4b883b930a90_NEAS
Size

7.1MB
MD5

65841bca122b220b6bed4b883b930a90
SHA1

4cefb3842df8adf36004bedb1dbff6b62d5674a4
SHA256

c2e990bfc9b6eace4041e37408d2323bde8b9bb2c402271b2d469ea2b989380d
SHA512

35b838622216c3453d0ba2fe59bdbe07383425144542bd39b2285de7e9b8a30fc7c07e3fd63ebc82dfe803eb98b59f7a2b1f1092560e46eccb57220781ac7bc8
SSDEEP

196608:s8s1r1uIjzYG273+MxrZR676y7jeU8fxjOzuZy:s91RqtMpz8ZjO/

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
65841bca122b220b6bed4b883b930a90_NEAS

Files

65841bca122b220b6bed4b883b930a90_NEAS
.dll windows:4 windows x86 arch:x86

cc09e21b5d961e469b4c3c2bd2ee9608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

clusapi

ClusterRegSetKeySecurity
GetClusterResourceState
ClusterRegCloseKey
GetClusterNodeKey
ClusterGroupEnum
MoveClusterGroup
SetClusterNetworkName
GetClusterNetworkKey
ClusterNetworkEnum
OnlineClusterGroup
DeleteClusterResourceType
CreateClusterResource
ClusterRegEnumValue
OpenClusterNetwork
GetClusterQuorumResource
OfflineClusterGroup
GetClusterNotify
ClusterRegDeleteKey
ClusterRegQueryValue
GetClusterNetworkId
ClusterNetInterfaceControl
ClusterRegEnumKey
GetClusterNetInterfaceKey
RegisterClusterNotify
ClusterEnum
ClusterNetworkCloseEnum
ClusterRegSetValue
GetClusterNodeState
CloseClusterGroup
OpenClusterNode
OnlineClusterResource
ClusterRegOpenKey
CreateClusterResourceType
OpenCluster
SetClusterNetworkPriorityOrder
SetClusterQuorumResource
ClusterResourceControl
CloseClusterResource
DeleteClusterGroup
GetClusterNetInterface
ClusterResourceTypeControl
GetClusterResourceKey
GetClusterGroupKey
ClusterNodeEnum
ClusterGroupCloseEnum
CreateClusterNotifyPort
DeleteClusterResource
GetClusterGroupState
AddClusterResourceDependency
GetClusterKey

oleacc

CreateStdAccessibleObject
AccessibleObjectFromEvent
ObjectFromLresult

advapi32

LsaQueryInformationPolicy
GetAce
SetFileSecurityW
RegisterEventSourceA
GetUserNameW
RegCreateKeyW
SetFileSecurityA
LookupPrivilegeValueW
RegQueryValueW
RegSetValueExA
SetKernelObjectSecurity
RegRestoreKeyW
ReadEventLogW
SetSecurityDescriptorGroup
GetAclInformation
GetSidSubAuthority
RegCloseKey
OpenProcessToken
RegQueryValueA
RegOpenKeyExW
LogonUserA
InitiateSystemShutdownA
RegEnumKeyW
OpenThreadToken
RegQueryInfoKeyW
GetSidSubAuthorityCount
ReportEventW
LookupPrivilegeValueA
RegConnectRegistryA
MakeAbsoluteSD
RegNotifyChangeKeyValue
GetFileSecurityW
InitializeSid
RevertToSelf
CopySid
GetSidIdentifierAuthority

kernel32

GetProfileStringA
CreateMailslotW
GetSystemPowerStatus
BeginUpdateResourceA

mpr

WNetAddConnection3W

msimg32

AlphaBlend

urlmon

CoInternetCreateSecurityManager

resutils

ResUtilEnumPrivateProperties
ResUtilGetEnvironmentWithNetName
ResUtilGetAllProperties
ResUtilGetProperty
ResUtilEnumResources
ResUtilSetSzValue
ResUtilGetDwordValue
ResUtilGetSzValue
ResUtilGetPropertiesToParameterBlock

winmm

waveOutWrite
mciGetDeviceIDFromElementIDA
timeBeginPeriod
mmioOpenW
mixerGetControlDetailsW
auxGetDevCapsA
waveOutGetID
mmioOpenA
mmioRenameA
mmioDescend
midiInGetErrorTextW
mmioInstallIOProcA
midiInStart
joySetCapture
mmioSeek
midiOutPrepareHeader
waveInOpen
midiOutOpen
waveInMessage
waveOutSetVolume
midiInGetErrorTextA
midiInStop
midiOutClose
mixerOpen
auxSetVolume
waveOutGetErrorTextA
midiOutGetNumDevs
waveInGetDevCapsA
midiInUnprepareHeader
mciSendStringW
mixerGetLineControlsA
waveOutClose
waveOutGetPlaybackRate
waveOutPrepareHeader
OpenDriver
joyGetPosEx
DrvGetModuleHandle
midiOutCacheDrumPatches
midiOutReset
waveOutGetVolume
mciGetCreatorTask
mciGetErrorStringA
timeGetTime
timeKillEvent
midiOutGetDevCapsA
auxOutMessage
midiInGetNumDevs
midiOutGetID
midiInReset
waveInGetID
auxGetVolume
midiStreamOut
mmioSetInfo
waveInStop
midiOutMessage
timeGetSystemTime
GetDriverModuleHandle
timeGetDevCaps
mmioFlush
waveInUnprepareHeader
waveOutReset
waveOutSetPitch
waveInClose
sndPlaySoundW
waveOutMessage
joySetThreshold
waveOutGetNumDevs
midiStreamRestart
mmioGetInfo
waveOutUnprepareHeader
midiInOpen
waveOutPause
mmioCreateChunk
waveInAddBuffer
midiOutLongMsg
CloseDriver
waveInGetPosition
PlaySoundA
waveOutGetDevCapsA
midiStreamOpen
mixerGetLineControlsW
mciSendCommandW
mciGetErrorStringW
SendDriverMessage
mixerSetControlDetails
midiOutGetErrorTextW
DefDriverProc
midiOutShortMsg
midiOutGetErrorTextA
waveInGetErrorTextA
midiStreamStop
midiStreamPosition
waveOutGetDevCapsW
midiInClose
auxGetNumDevs
mciSetYieldProc
joyReleaseCapture
mmioSendMessage
joyGetNumDevs
joyGetDevCapsA
mciGetDeviceIDW
mmioClose
mmioRead
mmioRenameW

wininet

FtpRenameFileA
InternetTimeToSystemTime
InternetConnectA
FtpGetFileA
InternetAutodial
FindFirstUrlCacheEntryA
InternetReadFileExW
InternetCrackUrlW
GopherOpenFileW
InternetCheckConnectionW
InternetLockRequestFile
FtpCreateDirectoryW
HttpAddRequestHeadersA
HttpOpenRequestA
InternetSetDialState
FtpSetCurrentDirectoryA
FtpPutFileA
InternetGetLastResponseInfoW
InternetSetOptionA
FtpFindFirstFileA
FindNextUrlCacheEntryExA
InternetOpenW
InternetCrackUrlA
InternetCheckConnectionA
FtpGetFileW
FtpRemoveDirectoryW
FtpDeleteFileW
CreateUrlCacheGroup
CommitUrlCacheEntryA
InternetSetCookieA
GetUrlCacheEntryInfoExW
GopherGetLocatorTypeW
CreateUrlCacheEntryA
FtpOpenFileW
FindCloseUrlCache
InternetConnectW
FtpDeleteFileA
InternetGetCookieW
GopherFindFirstFileA
InternetCanonicalizeUrlA
FindNextUrlCacheEntryA
HttpEndRequestA
InternetCanonicalizeUrlW
InternetOpenUrlA
GetUrlCacheEntryInfoW
CommitUrlCacheEntryW
InternetOpenUrlW
InternetCreateUrlA
FindFirstUrlCacheEntryExW
UnlockUrlCacheEntryFile
InternetFindNextFileA
GopherGetAttributeA
InternetSetCookieW
InternetQueryOptionW
HttpSendRequestExW
InternetTimeFromSystemTime
InternetReadFileExA
HttpQueryInfoA
FtpPutFileW
HttpSendRequestExA
InternetErrorDlg
InternetCloseHandle
HttpQueryInfoW

msi

ord42
ord37
ord70
ord170
ord67
ord168
ord11
ord29
ord51
ord35
ord63
ord54
ord40
ord9
ord58
ord52
ord33
ord47
ord24
ord55
ord27
ord53
ord28
ord36
ord25

oleaut32

CreateErrorInfo
SetErrorInfo

shlwapi

PathIsUNCServerShareW
SHRegEnumUSValueW
SHRegDeleteUSValueW
StrToIntExW
PathCombineA
PathParseIconLocationA
PathRemoveFileSpecA
PathBuildRootA
PathGetDriveNumberW
PathCompactPathExW
PathParseIconLocationW
PathAddBackslashW

ole32

CoGetMarshalSizeMax
GetHGlobalFromStream
WriteClassStm
OleRegEnumFormatEtc
OleCreateDefaultHandler
StgCreateDocfile
OleGetClipboard
SNB_UserMarshal
HBITMAP_UserUnmarshal
ReadFmtUserTypeStg
SNB_UserFree
OleConvertIStorageToOLESTREAM
MkParseDisplayName
CoTreatAsClass
HGLOBAL_UserUnmarshal
OleFlushClipboard
WriteFmtUserTypeStg
CoCreateFreeThreadedMarshaler
HBITMAP_UserFree
CLSIDFromProgID
CreateOleAdviseHolder
StgCreateStorageEx
CoFileTimeToDosDateTime
StgCreatePropStg
CreatePointerMoniker
HMENU_UserFree
CoLoadLibrary
CreateItemMoniker
CreateDataAdviseHolder
OleQueryLinkFromData
CreateClassMoniker
HGLOBAL_UserFree
CoTaskMemRealloc
OleUninitialize
CoReleaseMarshalData
CreateBindCtx
OleCreateFromFile
CoGetClassObject
CoIsHandlerConnected
StgIsStorageFile
OleRegEnumVerbs
CoTaskMemAlloc
OleIsRunning
StgOpenStorageEx
StgGetIFillLockBytesOnFile
PropVariantCopy
OleConvertOLESTREAMToIStorageEx
CreateStreamOnHGlobal
FreePropVariantArray
OleRun
StringFromCLSID
RegisterDragDrop
OleRegGetUserType
CreateDataCache
CoAddRefServerProcess
CoUninitialize
StgOpenStorageOnILockBytes
OleCreateLinkFromDataEx
OleGetIconOfFile
OleIsCurrentClipboard
HWND_UserFree
CoUnmarshalInterface
GetClassFile
CoGetTreatAsClass
CoRegisterClassObject
OleCreateLink
OleCreateEmbeddingHelper
CoCreateInstance
WriteClassStg
HPALETTE_UserUnmarshal
OleSetClipboard
SetConvertStg
CreateFileMoniker
HACCEL_UserFree
HPALETTE_UserSize
OleDraw
OleCreate
MonikerCommonPrefixWith
CLSIDFromString
OleGetIconOfClass
CoFreeLibrary
CoLockObjectExternal
StringFromGUID2
OleCreateMenuDescriptor
StgOpenStorage
IIDFromString
PropVariantClear
HBITMAP_UserSize
CoRegisterPSClsid
CLIPFORMAT_UserSize
CoRegisterMessageFilter
CoRevokeMallocSpy
CoRevokeClassObject
OleSetMenuDescriptor
FmtIdToPropStgName
StgCreateDocfileOnILockBytes
HPALETTE_UserMarshal
PropStgNameToFmtId
CoDisconnectObject
HMENU_UserUnmarshal
CoRegisterSurrogate
StgIsStorageILockBytes
CoGetMalloc
HWND_UserUnmarshal
OleSetAutoConvert
HMENU_UserSize
OleRegGetMiscStatus
HGLOBAL_UserMarshal

version

GetFileVersionInfoSizeW

comctl32

ImageList_GetIconSize
ImageList_Merge
ord16
_TrackMouseEvent
ImageList_DrawIndirect
ImageList_BeginDrag
ImageList_SetImageCount
ImageList_DragShowNolock
FlatSB_ShowScrollBar
ImageList_GetImageCount
ImageList_LoadImageA
ImageList_EndDrag
ImageList_GetIcon
ImageList_DragMove
ImageList_Copy
ImageList_SetDragCursorImage
ImageList_DrawEx
ImageList_AddMasked
ord3
ImageList_Create
DestroyPropertySheetPage
ImageList_Replace
PropertySheetW
ord14
PropertySheetA
ord15
ImageList_Destroy
FlatSB_GetScrollInfo
FlatSB_SetScrollInfo
ImageList_GetImageInfo
ImageList_Draw
UninitializeFlatSB
FlatSB_GetScrollProp
FlatSB_SetScrollPos
DrawStatusTextW
InitCommonControlsEx
FlatSB_GetScrollPos
CreatePropertySheetPageA
InitializeFlatSB
ImageList_Remove
FlatSB_EnableScrollBar
CreatePropertySheetPageW
ImageList_DragLeave
ord2
FlatSB_SetScrollRange
ImageList_GetBkColor
ord13
ord5
ImageList_SetBkColor
ord6
ImageList_Add
ord8

Exports

Exports

MicrowavesOmittingMetabolisms
MotocrossInfectedPreallocate
MutantLatitudinalOutputting
KpiDpKwiKpiDpbKb
PremieresHostedLithology

Sections

.text
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cc09e21b5d961e469b4c3c2bd2ee9608

Headers

File Characteristics

Imports

clusapi

oleacc

advapi32

kernel32

mpr

msimg32

urlmon

resutils

winmm

wininet

msi

oleaut32

shlwapi

ole32

version

comctl32

Exports

Exports

Sections

.text Size: 56KB - Virtual size: 54KB

.rdata Size: 60KB - Virtual size: 59KB

.data Size: 4KB - Virtual size: 1.6MB

.rsrc Size: 8KB - Virtual size: 5KB

.reloc Size: 16KB - Virtual size: 14KB

.text
Size: 56KB - Virtual size: 54KB

.rdata
Size: 60KB - Virtual size: 59KB

.data
Size: 4KB - Virtual size: 1.6MB

.rsrc
Size: 8KB - Virtual size: 5KB

.reloc
Size: 16KB - Virtual size: 14KB