84d16576d4f0d5835eef3f59830a9880_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

84d16576d4f0d5835eef3f59830a9880_NEAS
Size

80KB
MD5

84d16576d4f0d5835eef3f59830a9880
SHA1

be9d55b82a3f57047eaf993a974ecb185fe04b55
SHA256

6fca6dfa21e62e8d47beaf9711f205c83464381ea66a070ad7cd5c448c92eb0d
SHA512

b79c8aff02872fa59e2e4b6e2a79c464b8dc60f180b5e30b2d700be44301198a9e5aec55043b71ff20583bafe7993f63517f4692e72778fd53f39cae6aae402c
SSDEEP

1536:NSk4b/VMpZu/jF3iYGVcHmeBVlGQhJw7QfG/+Vg0k1f1OcWJq6FR:5mtMyF3iPVtKhK7qG/+/k1f1OcWJq6v

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
84d16576d4f0d5835eef3f59830a9880_NEAS

Files

84d16576d4f0d5835eef3f59830a9880_NEAS
.dll windows:4 windows x86 arch:x86

c15ae618c883124e18c338f55b9f0037

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileSize
ReadFile
MoveFileA
SetLastError
TerminateThread
MoveFileExA
GetCurrentProcess
CreateProcessA
MapViewOfFile
CreateFileMappingA
GetLocalTime
HeapFree
GetProcessHeap
HeapAlloc
UnmapViewOfFile
GlobalFree
RemoveDirectoryA
GlobalLock
GlobalAlloc
GlobalSize
GetStartupInfoA
CreatePipe
DisconnectNamedPipe
PeekNamedPipe
TerminateProcess
WaitForMultipleObjects
LocalSize
OpenProcess
CreateToolhelp32Snapshot
lstrcmpiA
Process32First
GetCurrentThreadId
LocalAlloc
FindFirstFileA
LocalReAlloc
FindNextFileA
LocalFree
FindClose
GetLogicalDriveStringsA
GetVolumeInformationA
GetDiskFreeSpaceExA
lstrcatA
GetFileAttributesA
CreateDirectoryA
GetLastError
DeleteFileA
CreateFileA
SetFilePointer
WriteFile
GetVersionExA
LoadLibraryA
GetProcAddress
FreeLibrary
lstrlenA
FreeConsole
GetModuleFileNameA
GetModuleHandleA
OutputDebugStringA
GetTickCount
SetUnhandledExceptionFilter
CreateMutexA
CreateThread
SetErrorMode
OpenEventA
ReleaseMutex
Sleep
CancelIo
InterlockedExchange
SetEvent
lstrcpyA
ResetEvent
WaitForSingleObject
CloseHandle
CreateEventA
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
VirtualFree
DeleteCriticalSection
GlobalUnlock

user32

OpenInputDesktop
SetThreadDesktop
CloseDesktop
GetDesktopWindow
wsprintfA
SetProcessWindowStation
OpenWindowStationA
GetProcessWindowStation
CharNextA
GetActiveWindow
UnhookWindowsHookEx
LoadCursorA
GetUserObjectInformationA
GetThreadDesktop
SystemParametersInfoA
MapVirtualKeyA
SetCapture
WindowFromPoint
SetCursorPos
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
SetRect
GetDC
ReleaseDC
GetCursorPos
GetCursorInfo
ExitWindowsEx
IsWindowVisible
EnumWindows
PostMessageA
OpenDesktopA
SendMessageA
CreateWindowExA
CloseWindow
GetWindowTextA
IsWindow
DestroyCursor
GetSystemMetrics

gdi32

CreateCompatibleBitmap
GetDIBits
SelectObject
CreateDIBSection
CreateCompatibleDC
DeleteObject
BitBlt
DeleteDC

advapi32

LookupPrivilegeValueA
RegEnumValueA
RegEnumKeyExA
RegDeleteValueA
RegDeleteKeyA
RegisterServiceCtrlHandlerA
SetServiceStatus
RegOpenKeyA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyA
RegQueryValueExA
AdjustTokenPrivileges
OpenProcessToken
CloseEventLog
ClearEventLogA
OpenEventLogA
FreeSid
SetSecurityDescriptorDacl
AddAccessAllowedAce
InitializeAcl
GetLengthSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
RegCreateKeyExA

shell32

SHGetFileInfoA
ShellExecuteA
DoEnvironmentSubstA

ws2_32

WSAStartup
getsockname
gethostname
send
select
recv
ntohs
closesocket
socket
gethostbyname
htons
connect
WSAIoctl
setsockopt
WSACleanup

msvcrt

_strnicmp
_ftol
_strrev
_adjust_fdiv
_initterm
??1type_info@@UAE@XZ
calloc
_beginthreadex
strncat
strcat
_access
sprintf
strrchr
_except_handler3
free
strchr
atoi
realloc
strncpy
wcstombs
strtok
strcmp
strcpy
malloc
_CxxThrowException
memcmp
??2@YAPAXI@Z
memset
__CxxFrameHandler
strstr
strlen
_strcmpi
ceil
memmove
memcpy
??3@YAXPAX@Z

wininet

InternetOpenA
InternetOpenUrlA
InternetReadFile
InternetCloseHandle

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

ICOpen
ICSeqCompressFrameStart
ICSeqCompressFrame
ICClose
ICCompressorFree
ICSeqCompressFrameEnd
ICSendMessage

msvcp60

?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z

shlwapi

PathFileExistsA

psapi

GetModuleFileNameExA
EnumProcessModules

Exports

Exports

QgptkagOckl

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 70B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c15ae618c883124e18c338f55b9f0037

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ws2_32

msvcrt

wininet

avicap32

msvfw32

msvcp60

shlwapi

psapi

Exports

Exports

Sections

.text Size: 55KB - Virtual size: 54KB

.rdata Size: 12KB - Virtual size: 12KB

.data Size: 7KB - Virtual size: 8KB

.edata Size: 512B - Virtual size: 70B

.reloc Size: 4KB - Virtual size: 3KB

.text
Size: 55KB - Virtual size: 54KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 7KB - Virtual size: 8KB

.edata
Size: 512B - Virtual size: 70B

.reloc
Size: 4KB - Virtual size: 3KB