9175f81c2c5c3ff6fdcb0886847a13e0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

9175f81c2c5c3ff6fdcb0886847a13e0_NEAS
Size

155KB
MD5

9175f81c2c5c3ff6fdcb0886847a13e0
SHA1

8be9e2682de2fc1daa943fff5b7a739ad2b61ee8
SHA256

88fe3b151bb37d4ea2bed94d6049bfb7321ca0aceb80f830ccf1267b130f26ec
SHA512

ecd1d9557d8a154065449d44c6ac9ab908acc6bd355b12942ec621cc65c4e62a40ca7ea41c4cd6743fe890a06874087db2b3ecd7214856880a11a34c36c2b94e
SSDEEP

3072:CwxUBZcEYdH3S8UoaI9IxCdw11ulydJAqnMR8JBiMKQmO1PsKwU6y/6wp9ju:CwqUFH3beIIxCdwbuo3AqcMDmSPbdxlI

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IT_f0.ABC75200_F41A_4929_91C8_2ECE93ED3449
unpack001/IT_f1.ABC75200_F41A_4929_91C8_2ECE93ED3449

Files

9175f81c2c5c3ff6fdcb0886847a13e0_NEAS
.cab
IT_f0.ABC75200_F41A_4929_91C8_2ECE93ED3449
.dll regsvr32 windows:5 windows x86 arch:x86

c056cdb62d4c3939adb4f92165de90c7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

ntdll

RtlUnwind

kernel32

SetFileTime
GetFileSize
InitializeCriticalSection
DeleteCriticalSection
GetLocaleInfoA
GetUserDefaultLCID
GetProcAddress
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
lstrcpyA
lstrlenA
WideCharToMultiByte
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
MultiByteToWideChar
GetACP
GetLastError
GetTempFileNameA
GetTempPathA
CloseHandle
CreateFileA
ReadFile
SetFilePointer
WriteFile
FlushFileBuffers
SetEndOfFile
LockFile
UnlockFile
GetFileTime
SetLastError
InterlockedExchange
RaiseException
VirtualAlloc
HeapAlloc
GetProcessHeap
VirtualFree
HeapFree
GetFileAttributesA
GetFullPathNameA
DeleteFileA
MoveFileExA
GetCurrentDirectoryA
CreateDirectoryA
FindClose
FindFirstFileA
FindNextFileA
ExitProcess
LocalAlloc
LocalReAlloc
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
LocalFree
TerminateProcess
GetCurrentProcess

user32

GetSystemMetrics
CharNextA

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IT_f1.ABC75200_F41A_4929_91C8_2ECE93ED3449
.dll regsvr32 windows:5 windows x86 arch:x86

9b91e45e0621ba5d4a5f87b749fc3ee9

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

IsBadReadPtr
IsBadWritePtr
GetACP
GetUserDefaultLCID
GetVersionExA
GlobalReAlloc
DisableThreadLibraryCalls
lstrcatA
DeleteCriticalSection
InitializeCriticalSection
lstrcpyA
HeapFree
GetProcessHeap
HeapAlloc
CloseHandle
GetLastError
lstrcmpiA
GetModuleFileNameA
GetModuleHandleA
InterlockedIncrement
InterlockedDecrement
DebugBreak
EnterCriticalSection
LeaveCriticalSection
lstrlenW
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
GlobalFree
CompareStringA
CompareStringW
GlobalLock
GlobalFlags
CreateFileA
GlobalUnlock
GlobalAlloc
GlobalHandle
MapViewOfFile
OpenFile
lstrcpynA
LocalAlloc
LocalLock
LocalUnlock
LocalFree
UnmapViewOfFile
DeleteFileA
VirtualFree
VirtualAlloc
ReadFile
SetFilePointer
WriteFile
CreateFileMappingA
FlushFileBuffers
GetTempFileNameA
GetFileSize
GetFullPathNameA
GlobalSize
GetCurrentDirectoryA
GetTempPathA
GetWindowsDirectoryA

user32

CharNextA
LoadStringA
GetActiveWindow
GetWindowLongA
CharUpperA
wsprintfA

advapi32

RegEnumKeyExA
RegDeleteKeyA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegCloseKey

ole32

CoCreateInstance
CoGetClassObject
ReadClassStm
StringFromCLSID
CoTaskMemFree
WriteClassStm

oleaut32

LoadTypeLi
RegisterTypeLi

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c056cdb62d4c3939adb4f92165de90c7

Headers

File Characteristics

Imports

ntdll

kernel32

user32

Exports

Exports

Sections

.text Size: 103KB - Virtual size: 102KB

.data Size: 2KB - Virtual size: 3KB

.rsrc Size: 11KB - Virtual size: 12KB

.reloc Size: 4KB - Virtual size: 4KB

9b91e45e0621ba5d4a5f87b749fc3ee9

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 116KB - Virtual size: 116KB

.data Size: 6KB - Virtual size: 5KB

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 1KB - Virtual size: 4KB

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 103KB - Virtual size: 102KB

.data
Size: 2KB - Virtual size: 3KB

.rsrc
Size: 11KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 4KB

.text
Size: 116KB - Virtual size: 116KB

.data
Size: 6KB - Virtual size: 5KB

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 1KB - Virtual size: 4KB

.reloc
Size: 7KB - Virtual size: 7KB