NEAS[.]51df27fe5c51c32e73b1bed35690b2933e19b21ef1ad0b70f7e35383752100e4_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.51df27fe5c51c32e73b1bed35690b2933e19b21ef1ad0b70f7e35383752100e4_JC.exe
Size

161KB
MD5

e14f176af9c7b0c4d3a8da8f43593b01
SHA1

118647549cf5b0a7d10f69405d650f0ef33fa691
SHA256

51df27fe5c51c32e73b1bed35690b2933e19b21ef1ad0b70f7e35383752100e4
SHA512

11211014e6e25c3adabdc57e98cab79f2852338cc2d9802c50dabc77d225e376d031a1181df635d4009b8309d7e164619d37659463c69b1d63583f24f9a6d78f
SSDEEP

3072:d+VtCAckFmbpjAtJX2t5sLJtKQrszp303ZHMi:d+RckFmbpWzLJUQAN035M

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.51df27fe5c51c32e73b1bed35690b2933e19b21ef1ad0b70f7e35383752100e4_JC.exe

Files

NEAS.51df27fe5c51c32e73b1bed35690b2933e19b21ef1ad0b70f7e35383752100e4_JC.exe
.dll windows:5 windows x86

781f8a3658a36648e9500fd4e6d42216

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteTimerQueueTimer
GetModuleHandleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
WideCharToMultiByte
CreateFileA
SetFilePointer
InterlockedExchange
GetModuleFileNameA
CreateTimerQueueTimer
GetFileSize
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
WriteFile
GetLastError
FormatMessageA
CreateThread
WaitForSingleObjectEx
WriteConsoleW
SetEvent
WaitForSingleObject
CloseHandle
CreateEventW
DeleteFileA
GetTickCount
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
SetStdHandle
GetStringTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
GetStdHandle
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetFileType
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA

shlwapi

PathRemoveFileSpecA

ws2_32

bind
closesocket
inet_addr
socket
WSAStartup
sendto
recvfrom
htons

Exports

Exports

UDPAddServer
UDPDelServer
UDPPost
UDPSendAsyn
UDPSendSync
UDPSetRetryTimes
UDPSetTimeout

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rmnet
Size: 56KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

781f8a3658a36648e9500fd4e6d42216

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shlwapi

ws2_32

Exports

Exports

Sections

.text Size: 73KB - Virtual size: 73KB

.rdata Size: 16KB - Virtual size: 16KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 1024B - Virtual size: 844B

.reloc Size: 8KB - Virtual size: 8KB

.rmnet Size: 56KB - Virtual size: 60KB

.text
Size: 73KB - Virtual size: 73KB

.rdata
Size: 16KB - Virtual size: 16KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 1024B - Virtual size: 844B

.reloc
Size: 8KB - Virtual size: 8KB

.rmnet
Size: 56KB - Virtual size: 60KB