NEAS[.]586cc28d2d8ed214f2f02896bfae0670_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.586cc28d2d8ed214f2f02896bfae0670_JC.exe
Size

3.5MB
MD5

586cc28d2d8ed214f2f02896bfae0670
SHA1

9ea1d67ef57bb338800460d7f948257823f9ed30
SHA256

d80840efdcde6f21858022634c612a09f25d78e05c0026b5401f8ed7f3aabd04
SHA512

e0317e34c7db218b0a87625b7f41b89ed47e2c70cf65fb5fabe2335ebccfd28cd7f6c047c0fe31a02977fefd3111871b17c3f736e0bfa76cca385242be9691a8
SSDEEP

98304:N23sIHp0adbc46RQVAiNSw+WAWu34gHQsPj:jIHp0atc5KVZSw8Wgfj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.586cc28d2d8ed214f2f02896bfae0670_JC.exe

Files

NEAS.586cc28d2d8ed214f2f02896bfae0670_JC.exe
.exe windows:6 windows x64

a8ac88dc7ae327720be4445394838726

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

FindNextFileNameW
LocalFree
GetCommandLineA
TlsSetValue
CreateEventW
ResetEvent
Sleep
WaitForMultipleObjects
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
GetModuleHandleW
GetProcAddress
CreateFileW
DeviceIoControl
GetCommandLineW
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
FindFirstFileExW
OutputDebugStringW
QueryPerformanceCounter
ReadFile
WriteFile
DeleteFileW
GetModuleFileNameW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetCurrentThread
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
GetTickCount64
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueEx
GetSystemDirectoryW
FindFirstFileNameW
GetFinalPathNameByHandleW
OpenFileById
FindFirstFileW
FindNextFileW
GetCurrentProcess
SetPriorityClass
DeleteTimerQueueTimer
GetSystemPowerStatus
HeapFree
TryEnterCriticalSection
CreateDirectoryW
GetFileAttributesW
SetFileAttributesW
InitializeCriticalSection
ExitProcess
TlsAlloc
TlsFree
HeapReAlloc
MoveFileW
HeapAlloc
HeapDestroy
GetLastError
CloseHandle
DecodePointer
WaitForSingleObject
SetEvent
SetEnvironmentVariableW
HeapCreate
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
TlsGetValue
CompareFileTime
ExpandEnvironmentStringsW
GetSystemTime
SystemTimeToFileTime
SuspendThread
ResumeThread
FindClose
lstrlenW
GetOverlappedResult
CancelIoEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
TerminateProcess
IsProcessorFeaturePresent
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
CreateThread
ExitThread
FreeLibrary
FreeLibraryAndExitThread
GetModuleHandleExW
GetCurrentThreadId
HeapQueryInformation
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetSystemTimeAsFileTime
LoadLibraryExW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
GetStartupInfoW
RaiseException
GetFileSizeEx
SetFilePointerEx
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WideCharToMultiByte
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
SetStdHandle
ReadConsoleW
WriteConsoleW
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
EncodePointer
InterlockedFlushSList
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
GetCurrentProcessId
FormatMessageA
LCMapStringEx
GetLocaleInfoEx
CompareStringEx
SetFilePointer
FileTimeToLocalFileTime
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
UnmapViewOfFile
FileTimeToSystemTime
HeapValidate
GetTempPathA
FormatMessageW
LeaveCriticalSection
AreFileApisANSI
EnterCriticalSection
GetTickCount
MapViewOfFile
CreateFileMappingW
GetFileSize
LockFileEx
UnlockFile
HeapCompact
LoadLibraryW
DeleteFileA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTimeZoneInformation

advapi32

DeregisterEventSource
ReportEventW
ConvertStringSecurityDescriptorToSecurityDescriptorW
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
UnregisterTraceGuids
RegisterTraceGuidsW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
RegisterEventSourceW
QueryServiceStatusEx
OpenServiceW
ChangeServiceConfigW
QueryServiceConfigW
StartServiceW
EnumDependentServicesW
OpenThreadToken
CopySid
EqualSid
GetLengthSid
GetSidLengthRequired
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
InitializeSid
IsValidSid
ControlService
DeleteService
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ChangeServiceConfig2W
OpenSCManagerW
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
CloseServiceHandle
SetEntriesInAclW
CreateServiceW
RegDeleteTreeW
RegCreateKeyExW

shlwapi

PathIsDirectoryW
PathFindExtensionW
PathFindFileNameW
PathIsRelativeW
PathFileExistsW
PathRemoveFileSpecW

rpcrt4

RpcServerUseProtseqEpW
RpcImpersonateClient
RpcRevertToSelf
RpcMgmtStopServerListening
RpcMgmtWaitServerListen
RpcEpRegisterW
NdrAsyncServerCall
NdrServerCallAll
Ndr64AsyncServerCallAll
NdrServerCall2
RpcEpUnregister
RpcServerTestCancel
RpcAsyncCompleteCall
RpcBindingVectorFree
RpcServerInqBindings
RpcServerUnregisterIf
RpcServerListen
RpcAsyncAbortCall
RpcServerRegisterIf3

userenv

UnloadUserProfile

api-ms-win-security-base-l1-2-2

DeriveCapabilitySidsFromName

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CoRevokeClassObject
CoSetProxyBlanket

oleaut32

VariantInit
VariantClear
SysAllocString
SetErrorInfo
VariantChangeType
GetErrorInfo
CreateErrorInfo
SysFreeString

fltlib

FilterReplyMessage
FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort

api-ms-win-power-setting-l1-1-0

PowerSettingRegisterNotification
PowerSettingUnregisterNotification

user32

LoadStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 490KB - Virtual size: 489KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 41KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 576KB - Virtual size: 580KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

a8ac88dc7ae327720be4445394838726

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

advapi32

shlwapi

rpcrt4

userenv

api-ms-win-security-base-l1-2-2

ole32

oleaut32

fltlib

api-ms-win-power-setting-l1-1-0

user32

api-ms-win-core-winrt-error-l1-1-0

Sections

.text Size: 2.3MB - Virtual size: 2.3MB

.rdata Size: 490KB - Virtual size: 489KB

.data Size: 41KB - Virtual size: 52KB

.pdata Size: 113KB - Virtual size: 113KB

_RDATA Size: 512B - Virtual size: 384B

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 576KB - Virtual size: 580KB

.text
Size: 2.3MB - Virtual size: 2.3MB

.rdata
Size: 490KB - Virtual size: 489KB

.data
Size: 41KB - Virtual size: 52KB

.pdata
Size: 113KB - Virtual size: 113KB

_RDATA
Size: 512B - Virtual size: 384B

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 576KB - Virtual size: 580KB