NEAS[.]629ba5a3b2d9c1696cde48f8bd42a2f0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.629ba5a3b2d9c1696cde48f8bd42a2f0_JC.exe
Size

262KB
MD5

629ba5a3b2d9c1696cde48f8bd42a2f0
SHA1

903892bcb6176e4ebb916d4e85aec4b2ba3fc669
SHA256

a05011414fab7f8b40f4b1d75d7f09b8e98e6a584303b7cdef6084fc8a8a4d98
SHA512

c96bc9c3e5765cc8ca6ea66aa04b0e0680821f88bc8085e471349a65ce77075c9782658aa7d5585e39549b22c8514d2814947ab70bd5ca9096d6865078680cee
SSDEEP

3072:lyj/SYC0N8C+8o+bIDsbcG/w3RIF7X8aQ5dtWm803Cgiq9uTuak6+Br4nZZhpxPF:0jKKdbpb+RIatdIq9MHMBYZbbR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.629ba5a3b2d9c1696cde48f8bd42a2f0_JC.exe

Files

NEAS.629ba5a3b2d9c1696cde48f8bd42a2f0_JC.exe
.exe windows:4 windows x86

7535e0c1c27da2c9d0af94991bde9708

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GlobalAlloc
DeleteCriticalSection
FlushInstructionCache
SetLastError
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
MultiByteToWideChar
CreateFileW
ReadFile
WriteFile
CloseHandle
FindResourceW
LoadResource
LoadLibraryExW
SizeofResource
lstrcmpiW
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GlobalLock
FreeLibrary
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleHandleA
GetOEMCP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
HeapReAlloc
VirtualAlloc
VirtualFree
GlobalUnlock
MulDiv
lstrcmpW
GetModuleFileNameW
GetLastError
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
Sleep
GetModuleHandleW
CreateThread
TerminateThread
WideCharToMultiByte
GetProcAddress
LoadLibraryW
GetTickCount
InterlockedIncrement
LocalFree
LocalAlloc
InterlockedDecrement
DebugBreak
lstrlenW
lstrlenA
OutputDebugStringW
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
GetVersionExA

user32

SendMessageW
PostMessageW
SetTimer
IsWindow
CharNextW
GetClientRect
SetWindowPos
PostQuitMessage
FindWindowW
GetWindowThreadProcessId
KillTimer
GetCursorPos
WindowFromPoint
GetFocus
IsChild
DefWindowProcW
DestroyWindow
RegisterClassExW
LoadCursorW
GetClassInfoExW
GetDesktopWindow
InvalidateRgn
InvalidateRect
ReleaseCapture
LoadStringW
UnregisterClassA
CharLowerW
DestroyIcon
DrawIconEx
LoadIconW
DrawTextW
DispatchMessageW
TranslateMessage
GetMessageW
CallWindowProcW
CreateWindowExW
GetWindowLongW
SetWindowLongW
RegisterWindowMessageW
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
DestroyAcceleratorTable
GetSysColor
BeginPaint
FillRect
EndPaint
GetDC
ReleaseDC
SetFocus
GetWindow
GetDlgItem
RedrawWindow
GetClassNameW
GetParent
CreateAcceleratorTableW
ClientToScreen
ScreenToClient
MoveWindow
SetCapture

gdi32

SetBkMode
CreateFontIndirectW
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
BitBlt
SelectObject
DeleteDC
DeleteObject
GetDeviceCaps
GetStockObject
GetObjectW
SetTextColor

advapi32

RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyW

shell32

ShellExecuteW

ole32

CLSIDFromProgID
OleLockRunning
StringFromGUID2
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
StringFromCLSID
CoCreateInstance
CoUninitialize
CoInitialize
CoTaskMemRealloc
OleInitialize
CreateStreamOnHGlobal
CLSIDFromString
CoGetClassObject

oleaut32

LoadTypeLi
LoadRegTypeLi
OleCreateFontIndirect
SysAllocString
SysStringByteLen
SysStringLen
SysFreeString
VariantInit
VariantClear
SysAllocStringLen
VarUI4FromStr

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

ws2_32

htons
gethostbyname
socket
connect
WSACleanup
WSAStartup
recv
send
closesocket
setsockopt

Sections

.text
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 12KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

7535e0c1c27da2c9d0af94991bde9708

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

version

ws2_32

Sections

.text Size: 116KB - Virtual size: 113KB

.rdata Size: 32KB - Virtual size: 28KB

.data Size: 12KB - Virtual size: 16KB

.rsrc Size: 92KB - Virtual size: 92KB

.text
Size: 116KB - Virtual size: 113KB

.rdata
Size: 32KB - Virtual size: 28KB

.data
Size: 12KB - Virtual size: 16KB

.rsrc
Size: 92KB - Virtual size: 92KB