NEAS[.]7f6b9406fab9354ef90c8b8d7977c281_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.7f6b9406fab9354ef90c8b8d7977c281_JC.exe
Size

348KB
MD5

7f6b9406fab9354ef90c8b8d7977c281
SHA1

04e2a4b53f4b6bf33a22b3821afc1f9f93ad8718
SHA256

838a339eebb070263cd550f2300cab07f841d78b4c84318b71cc3bc58255c0b0
SHA512

c0ed38c47d54d7de2245b4712ab654c0751ff0db75cfcd5c11070ab9e6814d49467a96b3a0fdeec02412c56cf211f6f92046383b1688e15fafcb2e86332e79b1
SSDEEP

6144:/RvGLk+BOqs9F8tJ6b82rMFbocf9KW87m5Nt/9z9:RGLk+0qs9F8z6Zq8cfQW8s9z9

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.7f6b9406fab9354ef90c8b8d7977c281_JC.exe

Files

NEAS.7f6b9406fab9354ef90c8b8d7977c281_JC.exe
.exe windows:4 windows x86

0b17d87e764c80ecb3ce260bd0b92a63

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LocalFree
GetCommandLineW
GetModuleHandleW
OpenEventW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
DeleteFileW
Sleep
CreateEventW
SetEvent
ExpandEnvironmentStringsW
LoadLibraryExW
GetModuleFileNameW
FlushFileBuffers
CreateFileA
IsValidLocale
EnumSystemLocalesA
lstrcmpiW
InterlockedDecrement
InterlockedIncrement
GetLastError
lstrlenW
CloseHandle
SetLastError
GetCurrentThreadId
DeleteCriticalSection
InitializeCriticalSection
GetCurrentProcess
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
IsValidCodePage
GetOEMCP
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
SetHandleCount
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStdHandle
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStringTypeW
GetStringTypeA
GetCPInfo
LCMapStringW
LCMapStringA
ExitProcess
GetModuleHandleA
GetFileType
SetFilePointer
GetConsoleMode
FlushInstructionCache
LeaveCriticalSection
EnterCriticalSection
RaiseException
InterlockedExchange
LoadLibraryW
GetVersionExW
GetProcAddress
FindClose
FindFirstFileW
GetTempFileNameW
GetTempPathW
CreateDirectoryW
GetProcessHeaps
RemoveDirectoryW
ResetEvent
WaitForSingleObject
GetDiskFreeSpaceExW
GetExitCodeProcess
IsBadWritePtr
lstrcmpW
GlobalMemoryStatusEx
WideCharToMultiByte
GetACP
FormatMessageW
GetFileSize
ReadFile
WriteFile
CreateFileW
GetSystemDefaultLangID
DuplicateHandle
UnmapViewOfFile
ReleaseMutex
CreateProcessW
CreateMutexW
MapViewOfFile
CreateFileMappingW
GetCurrentProcessId
SetUnhandledExceptionFilter
GetLocaleInfoW
GetUserDefaultLCID
CreateThread
CompareStringW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
GetVersionExA
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
VirtualFree
VirtualAlloc
GetLocaleInfoA
GetThreadLocale
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapReAlloc
GetStartupInfoW
ExitThread
GetConsoleCP

user32

GetSystemMenu
GetWindowLongW
SendMessageW
SetWindowTextW
LoadImageW
SetFocus
MessageBoxW
CharNextW
GetActiveWindow
DialogBoxParamW
IsWindow
SetForegroundWindow
RemoveMenu
SetWindowLongW
LoadStringW
GetDlgItem
UnregisterClassA
EndDialog
GetParent
GetWindow
GetWindowRect
SystemParametersInfoW
GetClientRect
MapWindowPoints
SetWindowPos

advapi32

RegDeleteKeyW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext

shell32

SHGetFolderPathW
CommandLineToArgvW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

OleRun
CoInitialize
CoUninitialize
CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc

oleaut32

VariantClear
SysFreeString
VarUI4FromStr
SysAllocString
VariantInit

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain
WinVerifyTrust

wininet

InternetConnectW
InternetOpenW
InternetCrackUrlW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
HttpQueryInfoW
InternetCloseHandle

crypt32

CertVerifyCertificateChainPolicy
CertGetCertificateChain
CertFreeCertificateContext
CertFreeCertificateChain
CertGetNameStringW
CertDuplicateCertificateContext

msi

ord205
ord70

shlwapi

PathFindFileNameW
PathIsURLW
PathRemoveFileSpecW
PathStripToRootW

Sections

.text
Size: 236KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 32KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0b17d87e764c80ecb3ce260bd0b92a63

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

version

wintrust

wininet

crypt32

msi

shlwapi

Sections

.text Size: 236KB - Virtual size: 232KB

.rdata Size: 64KB - Virtual size: 63KB

.data Size: 12KB - Virtual size: 18KB

.rsrc Size: 32KB - Virtual size: 30KB

.text
Size: 236KB - Virtual size: 232KB

.rdata
Size: 64KB - Virtual size: 63KB

.data
Size: 12KB - Virtual size: 18KB

.rsrc
Size: 32KB - Virtual size: 30KB