7053b28cf3e893fe78fc52a5a4a63bf0_NEAS

Sharing

Copy URL Twitter E-mail

General

Target

7053b28cf3e893fe78fc52a5a4a63bf0_NEAS
Size

1.4MB
MD5

7053b28cf3e893fe78fc52a5a4a63bf0
SHA1

997fd9e77b79bd4bdf76e4959ab233d63afb83b4
SHA256

6af88c430a9fce49762c02d873c37bb71e44f4fea728708760028a32d40dd424
SHA512

d9fa2a965e5449f9a95dc8014bfc56fd206c4702efd5b601e9b14d8d51583cfca4264efc7f5b5bbfde019119a0e5801817aec6e7d934deb7019db09d8790e717
SSDEEP

24576:q6K10orzkhcjS+E3MstVEgMq5UKHB0TW+TK5K5uJ7kc0L5t:w1CN3MsHBQKHB0TW+O5K5w7ILn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
7053b28cf3e893fe78fc52a5a4a63bf0_NEAS

Files

7053b28cf3e893fe78fc52a5a4a63bf0_NEAS
.exe windows:5 windows x86 arch:x86

58682990e4231def0436e54a6a7fc9d9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntdll

RtlUpcaseUnicodeChar
RtlUnicodeStringToAnsiString
RtlTryEnterCriticalSection
RtlSetCurrentDirectory_U
RtlNtStatusToDosError
RtlLeaveCriticalSection
RtlInitUnicodeString
RtlInitializeCriticalSection
RtlImageNtHeader
RtlFreeUnicodeString
RtlFreeAnsiString
RtlEqualUnicodeString
RtlEnterCriticalSection
RtlDosPathNameToNtPathName_U
RtlDestroyProcessParameters
RtlCreateProcessParameters
NtWriteVirtualMemory
NtWriteFile
NtUnmapViewOfSection
NtTerminateThread
NtTerminateProcess
NtSetValueKey
NtSetInformationThread
NtSetInformationProcess
NtSetInformationFile
NtSetEvent
NtSetDefaultLocale
NtResumeThread
NtReadVirtualMemory
NtReadFile
NtRaiseHardError
NtQueryVolumeInformationFile
NtQueryVirtualMemory
NtQueryValueKey
NtQuerySymbolicLinkObject
NtQuerySecurityObject
NtQuerySection
NtQueryKey
NtQueryInformationThread
NtQueryInformationProcess
NtQueryInformationFile
NtQueryFullAttributesFile
NtQueryDirectoryFile
NtQueryDefaultLocale
NtQueryAttributesFile
NtProtectVirtualMemory
NtOpenThread
NtOpenSymbolicLinkObject
NtOpenSection
NtOpenKey
NtOpenFile
NtMapViewOfSection
NtFsControlFile
NtFreeVirtualMemory
NtFlushKey
NtEnumerateValueKey
NtEnumerateKey
NtDuplicateObject
NtDeleteValueKey
NtDeleteKey
NtCreateThread
NtCreateSection
NtCreateProcess
NtCreateKey
NtCreateFile
NtClose
NtAllocateVirtualMemory
CsrFreeCaptureBuffer
CsrClientCallServer
CsrAllocateMessagePointer

oleaut32

SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysStringLen
VariantClear

gdi32

AddFontResourceW
CombineRgn
CreateCompatibleDC
CreateDCA
CreateDIBitmap
CreateDIBSection
CreateFontIndirectW
CreateFontW
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
ExtCreateRegion
GetObjectW
GetStockObject
GetTextCharset
LineTo
MoveToEx
RemoveFontResourceW
SelectObject
SetBkMode
SetDIBits
SetTextColor
BitBlt

kernel32

ExitProcess
ExitThread
ExpandEnvironmentStringsW
FatalAppExitA
FileTimeToSystemTime
FindClose
FindFirstChangeNotificationA
FindFirstChangeNotificationW
FindFirstFileA
FindFirstFileExW
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceW
FlushFileBuffers
FormatMessageW
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCommandLineA
GetCommandLineW
GetComputerNameW
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrencyFormatA
GetCurrencyFormatW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDateFormatW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDriveTypeW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesExW
GetFileAttributesW
GetFileInformationByHandle
GetFileSize
GetFileTime
GetFileType
GetFullPathNameA
GetFullPathNameW
GetHandleInformation
GetLastError
GetLocaleInfoA
GetLocaleInfoW
GetLogicalDrives
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetNumberFormatA
GetNumberFormatW
GetOEMCP
GetPrivateProfileIntA
GetPrivateProfileIntW
CreateConsoleScreenBuffer
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProcAddress
GetProcessHeap
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDefaultLangID
GetSystemDefaultLCID
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathW
GetThreadContext
GetThreadLocale
GetTickCount
GetTimeFormatA
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLangID
GetUserDefaultLCID
GetVersion
GetVersionExA
GetVersionExW
GetVolumeInformationW
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
IsDBCSLeadByteEx
EnterCriticalSection
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
LCMapStringA
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalAlloc
LocalFree
LockResource
lstrcmpiW
lstrcpynA
lstrlenA
lstrlenW
MapViewOfFile
MoveFileA
MoveFileExA
MoveFileExW
MoveFileW
MultiByteToWideChar
OpenEventA
OpenEventW
OpenFile
OpenFileMappingW
OpenMutexW
OpenProcess
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
QueryDosDeviceW
QueryPerformanceCounter
QueryPerformanceFrequency
QueueUserAPC
RaiseException
CopyFileW
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResumeThread
RtlUnwind
SearchPathA
SearchPathW
SetConsoleCtrlHandler
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
SetLastError
SetLocaleInfoA
SetLocaleInfoW
SetPriorityClass
SetProcessAffinityMask
SetProcessPriorityBoost
SetProcessWorkingSetSize
SetStdHandle
SetThreadAffinityMask
SetThreadContext
SetThreadIdealProcessor
SetThreadLocale
SetThreadPriority
SetThreadPriorityBoost
SetUnhandledExceptionFilter
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
TerminateProcess
TerminateThread
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
UnmapViewOfFile
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualProtect
VirtualProtectEx
VirtualQuery
VirtualQueryEx
WaitForDebugEvent
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProcessMemory
WriteProfileStringA
WriteProfileStringW
CopyFileExW
EnumResourceNamesW
EnumSystemLocalesA
CopyFileA
ContinueDebugEvent
CompareStringW
CompareStringA
CompareFileTime
CloseHandle
AddAtomW
_lopen
_lcreat
WriteFile
DuplicateHandle
DeleteFileW
DeleteFiber
DeleteCriticalSection
DebugBreak
DebugActiveProcess
CreateThread
CreateSemaphoreW
CreateRemoteThread
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateFileW
CreateFileMappingW
CreateFileA
CreateEventW
CreateEventA
CreateDirectoryW
CreateDirectoryExW
CreateDirectoryExA
IsDebuggerPresent
CreateDirectoryA
GetPrivateProfileSectionA

advapi32

SetServiceBits
SetSecurityDescriptorSacl
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
SetNamedSecurityInfoW
SetFileSecurityW
SetFileSecurityA
SetEntriesInAclW
RevertToSelf
RegSetValueW
RegSetValueExW
RegSetValueExA
RegSetValueA
RegQueryValueW
RegQueryValueExW
RegQueryValueExA
RegQueryValueA
RegQueryInfoKeyW
RegOpenKeyW
RegOpenKeyExW
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCloseKey
QueryServiceStatusEx
QueryServiceStatus
QueryServiceObjectSecurity
QueryServiceLockStatusW
QueryServiceLockStatusA
QueryServiceConfigW
QueryServiceConfigA
OpenThreadToken
OpenServiceW
OpenServiceA
OpenSCManagerW
OpenSCManagerA
OpenProcessToken
MapGenericMask
MakeSelfRelativeSD
MakeAbsoluteSD
LookupAccountNameW
LogonUserW
LogonUserA
LockServiceDatabase
IsValidSid
IsValidSecurityDescriptor
InitializeSecurityDescriptor
ImpersonateSelf
GetUserNameW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetServiceKeyNameW
GetServiceKeyNameA
GetServiceDisplayNameW
GetServiceDisplayNameA
GetSecurityInfo
GetSecurityDescriptorSacl
GetSecurityDescriptorOwner
GetSecurityDescriptorLength
GetSecurityDescriptorGroup
UnlockServiceDatabase
StartServiceW
StartServiceCtrlDispatcherW
StartServiceCtrlDispatcherA
StartServiceA
SetTokenInformation
SetServiceStatus
SetServiceObjectSecurity
GetNamedSecurityInfoW
GetLengthSid
GetFileSecurityW
FreeSid
EqualSid
EnumServicesStatusW
EnumServicesStatusExW
EnumServicesStatusExA
EnumServicesStatusA
EnumDependentServicesW
EnumDependentServicesA
DuplicateTokenEx
DuplicateToken
DeleteService
CryptVerifySignatureW
CryptSignHashW
CryptReleaseContext
CryptImportKey
CryptHashData
CryptGetHashParam
CryptDestroyKey
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW
CreateServiceW
CreateServiceA
CreateProcessAsUserW
CreateProcessAsUserA
CopySid
ControlService
CloseServiceHandle
ChangeServiceConfigW
ChangeServiceConfigA
AllocateAndInitializeSid
AccessCheck
GetSecurityDescriptorDacl
GetSecurityDescriptorControl

ole32

CoRevokeClassObject
WriteClassStg
StringFromGUID2
StringFromCLSID
StgOpenStorage
OleUninitialize
OleRun
OleLoad
OleGetAutoConvert
OleDoAutoConvert
CLSIDFromString
CoCreateGuid
CoCreateInstance
CoGetClassObject
CoGetMalloc
CoInitialize
CoRegisterClassObject
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateBindCtx
OleCreate
OleCreateDefaultHandler

user32

BeginPaint
CharLowerW
CharNextExA
CharUpperW
CloseClipboard
CloseDesktop
CloseWindowStation
CreateDialogParamW
CreateIconFromResource
CreateIconFromResourceEx
CreateWindowExW
DefWindowProcA
DefWindowProcW
DestroyMenu
DestroyWindow
DispatchMessageW
DrawIconEx
DrawTextW
EnableWindow
EndPaint
FillRect
FindWindowA
FindWindowExW
FindWindowW
GetClassInfoA
GetClassInfoW
GetClientRect
GetDC
GetDesktopWindow
GetDlgItem
GetMessageA
GetMessageW
GetParent
GetProcessWindowStation
GetSysColor
GetSysColorBrush
GetSystemMetrics
GetUserObjectInformationW
GetWindow
GetWindowLongW
GetWindowRect
GetWindowThreadProcessId
IsDialogMessageW
IsWindow
IsWindowVisible
KillTimer
LoadCursorFromFileA
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageA
LoadImageW
LoadMenuA
LoadMenuW
LoadStringW
LookupIconIdFromDirectoryEx
MessageBoxW
OpenClipboard
OpenDesktopW
OpenInputDesktop
OpenWindowStationW
PeekMessageA
PeekMessageW
PostQuitMessage
RedrawWindow
RegisterClassExW
RegisterClassW
ReleaseCapture
ReleaseDC
SendMessageA
SendMessageW
SetCapture
SetClipboardData
SetCursor
SetProcessWindowStation
SetRect
SetTimer
SetUserObjectSecurity
SetWindowLongW
SetWindowPos
SetWindowRgn
SetWindowsHookExA
SetWindowsHookExW
ShowWindow
SystemParametersInfoW
TranslateMessage
UnregisterClassW
WaitForInputIdle
WinHelpA
WinHelpW
wvsprintfW

Exports

Exports

ManageAPIFactory

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

58682990e4231def0436e54a6a7fc9d9

Headers

DLL Characteristics

File Characteristics

Imports

ntdll

oleaut32

gdi32

kernel32

advapi32

ole32

user32

Exports

Exports

Sections

.text Size: 1.0MB - Virtual size: 1.0MB

.rdata Size: 236KB - Virtual size: 232KB

.data Size: 32KB - Virtual size: 29KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 72KB - Virtual size: 69KB

.text
Size: 1.0MB - Virtual size: 1.0MB

.rdata
Size: 236KB - Virtual size: 232KB

.data
Size: 32KB - Virtual size: 29KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 72KB - Virtual size: 69KB