NEAS[.]83593651bca90f6381f800a89af81d70_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.83593651bca90f6381f800a89af81d70_JC.exe
Size

485KB
MD5

83593651bca90f6381f800a89af81d70
SHA1

47d178cb9a90619c1092e96a914e6625f3be4fa5
SHA256

0bea5dbaa06c63c6614ad746228c31d1df68e44cfd3eb2dce717a92d11dea67b
SHA512

dc00f810e9e792c2e9e1f5423299d79ae0ab391876014f83acb2398ac2e6ba129f28dd036161d0f628bca5cc0d416901bc38023ffe3cd0a1c29a406bde689554
SSDEEP

12288:k1JTndkOv3HdQddia3Ogm2WSQlAYG2LA3TlYPye2DKscK4ZY:oTnr/HmEa9mZSQlAeAxggDeK4Z

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.83593651bca90f6381f800a89af81d70_JC.exe

Files

NEAS.83593651bca90f6381f800a89af81d70_JC.exe
.dll windows:6 windows x86

eedbf5ee843c910dcbc97e13f205b711

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr100

?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
vswprintf_s
_wtol
??_U@YAPAXI@Z
_vsnwprintf_s
wcstoul
_itow_s
??2@YAPAXI@Z
__CxxFrameHandler3
wcsncat_s
wcsncpy_s
memset
free
malloc
wcstol
_wtoi
_wfullpath
wcsstr
wcsnlen
_wcsnicmp
memcpy
_snwprintf_s
wcsncmp
memcmp
wcschr
wcsrchr
_wcsicmp
??3@YAXPAX@Z
??_V@YAXPAX@Z

advapi32

RegisterEventSourceW
DeregisterEventSource
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventW
RegOpenKeyExA
EventRegister
EventUnregister
EventWrite

kernel32

CreateFileW
FreeLibrary
GetFileType
SetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
DecodePointer
EncodePointer
LoadLibraryExW
GetModuleFileNameW
HeapFree
HeapAlloc
WerRegisterMemoryBlock
VirtualProtect
GetSystemTimeAsFileTime
GetCurrentThreadId
HeapSetInformation
GetProcessHeap
QueryPerformanceCounter
GetSystemDefaultLCID
CompareStringW
LocalAlloc
LoadLibraryA
TerminateProcess
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetTempPathW
GetUserDefaultLCID
lstrcmpiW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetCurrentProcessId
GetModuleHandleW
GetProcAddress
DeleteFileW
GetFileAttributesW
ReadFile
RemoveDirectoryW
SetFilePointer
WriteFile
CloseHandle
RaiseException
GetLocalTime
GetACP
GetOEMCP
GetTickCount
lstrcmpW

ole32

CoCreateInstance
CoTaskMemRealloc
CLSIDFromString
CoTaskMemFree
CoTaskMemAlloc
CoGetMalloc
StringFromGUID2

oleaut32

VariantChangeType
VariantChangeTypeEx
VariantCopy
VariantInit
SysStringLen
GetErrorInfo
SysAllocString
VariantClear
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysAllocStringLen

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 257KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

eedbf5ee843c910dcbc97e13f205b711

Headers

DLL Characteristics

File Characteristics

Imports

msvcr100

advapi32

kernel32

ole32

oleaut32

Sections

.text Size: 223KB - Virtual size: 222KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 1024B - Virtual size: 1000B

.reloc Size: 257KB - Virtual size: 260KB

.text
Size: 223KB - Virtual size: 222KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 257KB - Virtual size: 260KB