cee5c527c3a6ed951682e0fa3a1c2c30_NEAS

Sharing

Copy URL

Twitter E-mail

General

Target

cee5c527c3a6ed951682e0fa3a1c2c30_NEAS
Size

629KB
MD5

cee5c527c3a6ed951682e0fa3a1c2c30
SHA1

981bee154d5a76a070434f0ce4e9a5ee073d72e4
SHA256

430c2283fbffaefac87d33898ef77c2fd7d69a2ab5e70928939c219eb478bdce
SHA512

0a66d71f88dde72cf9cdab735c2646c147c0c3a9795cb9f016e8c638aaa0909944743854e51579e1d6cb88b93c793995d2e389fdfb053f90eb01c21ceb0a16b1
SSDEEP

12288:QYW3jRKDVF5jz7yAhwDYtmaF0TjklTP7C3fZM4LrCoUdvifnfD:Q1jRy+AhwDYtma4gTP7C3fZM4vClwfnL

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
cee5c527c3a6ed951682e0fa3a1c2c30_NEAS

Files

cee5c527c3a6ed951682e0fa3a1c2c30_NEAS
.exe windows:5 windows x86 arch:x86

a10272f036ffac7fbe5f688e2c281ee2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

rpcrt4

UuidToStringW
RpcStringFreeW

imagehlp

ImageGetCertificateData
ImageEnumerateCertificates

shlwapi

PathFindFileNameW
SHEnumValueW
SHDeleteKeyW
SHGetValueW
SHSetValueW
SHDeleteValueW

kernel32

CreateEventA
CloseHandle
SetEvent
GetProcessHeap
HeapAlloc
HeapFree
CreateFileW
FindFirstFileW
GetModuleFileNameW
GetTempPathW
GetLastError
FindClose
RemoveDirectoryW
FindNextFileW
GetCommandLineW
CopyFileW
ReleaseSemaphore
CreateSemaphoreA
Sleep
GetVersionExW
InterlockedIncrement
InterlockedDecrement
CreateDirectoryW
OutputDebugStringA
CreateMutexW
CreateProcessW
GetCurrentThread
OpenProcess
GetCurrentProcess
TerminateProcess
SetLastError
GetProcAddress
Process32FirstW
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
GetCurrentProcessId
FreeResource
FindResourceW
LoadResource
SizeofResource
LockResource
CreateFileA
WaitForSingleObject
WriteFile
ReadFile
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
LocalFree
InitializeCriticalSection
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
SetEndOfFile
InterlockedExchange
FreeLibrary
HeapReAlloc
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetStdHandle
LoadLibraryW
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStringTypeW
LCMapStringW
FlushFileBuffers
HeapCreate
GetTimeZoneInformation
GetLocaleInfoW
ExitProcess
HeapSize
GetCurrentThreadId
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
ResetEvent
OpenEventA
ResumeThread
SystemTimeToFileTime
WaitForMultipleObjects
SetWaitableTimer
CreateWaitableTimerA
FormatMessageA
CreateThread
GetTimeFormatA
GetDateFormatA
ExitThread
SetFilePointer
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
IsProcessorFeaturePresent
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
SetHandleCount
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
GetFileType
WriteConsoleW
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
GetCPInfo
LeaveCriticalSection
EnterCriticalSection
GetSystemTimeAsFileTime
DeleteFileW
DecodePointer
EncodePointer

user32

GetSystemMetrics
DefWindowProcW
DispatchMessageW
SetWindowLongW
GetWindowRect
SetForegroundWindow
RegisterClassExW
LoadIconW
BringWindowToTop
SetWindowPos
ShowWindow
CreateWindowExW
SwitchToThisWindow
DestroyIcon
GetWindowThreadProcessId
GetShellWindow
DestroyWindow
SendDlgItemMessageW
CreateDialogParamW
IsWindow
SetWindowTextW
ReleaseCapture
SendMessageW
GetClientRect
GetMessageW
PostQuitMessage
PostMessageW
TranslateMessage
GetWindowLongW

gdi32

GetStockObject

advapi32

DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
GetTokenInformation
GetSidSubAuthorityCount
OpenThreadToken
GetSidSubAuthority
OpenProcessToken

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoInitializeEx
CoUninitialize
OleSetContainedObject
CoCreateGuid
CoCreateInstance

oleaut32

SysAllocString
VariantClear
VariantInit
SysFreeString

wininet

InternetConnectW
InternetReadFile
InternetCloseHandle
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
InternetCrackUrlW

Sections

.text
Size: 369KB - Virtual size: 368KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

a10272f036ffac7fbe5f688e2c281ee2

Headers

DLL Characteristics

File Characteristics

Imports

rpcrt4

imagehlp

shlwapi

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

wininet

Sections

.text Size: 369KB - Virtual size: 368KB

.rdata Size: 81KB - Virtual size: 80KB

.data Size: 15KB - Virtual size: 24KB

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 152KB - Virtual size: 152KB

.text
Size: 369KB - Virtual size: 368KB

.rdata
Size: 81KB - Virtual size: 80KB

.data
Size: 15KB - Virtual size: 24KB

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 152KB - Virtual size: 152KB