NEAS[.]3a90e57d4ae9ff57e73a2e3be2d16c60_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.3a90e57d4ae9ff57e73a2e3be2d16c60_JC.exe
Size

4.5MB
MD5

3a90e57d4ae9ff57e73a2e3be2d16c60
SHA1

cafaeaf8790f1973ba467639dea2cc783092edd7
SHA256

7a941a49fe925bc0d5d72ca54268026a21ac65f9fff862de9d94d1064dc85228
SHA512

425d05dc686d6827738a42cb65a4522f97e4b4013cfa24f92c8aa18c0aad4d5c547b5e16d2b3793f30875c73818646d39875c9e03e2804417fb272a85a0bcdcf
SSDEEP

49152:xYzlnmThEssa+ssgFZyv6OP4CjHvNTwOcylNuT7cZ8qPO+nbOMor1Ptvfpo/La:2zlnqhEscMOPXzvgIrbOTjvf

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3a90e57d4ae9ff57e73a2e3be2d16c60_JC.exe

Files

NEAS.3a90e57d4ae9ff57e73a2e3be2d16c60_JC.exe
.exe windows:6 windows x86

cafebd28d812ffd4d8923543c8f002ca

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

EnumWindows
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxW
SendMessageA

ws2_32

accept
listen
ioctlsocket
getnameinfo
gethostname
shutdown
htonl
ntohl
WSAStartup
WSACleanup
WSAGetLastError
socket
__WSAFDIsSet
select
WSASetLastError
recv
sendto
recvfrom
freeaddrinfo
getaddrinfo
send
WSAIoctl
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket
bind

advapi32

CryptDecrypt
CryptReleaseContext
CryptGenRandom
CryptDestroyKey
CryptSetHashParam
CryptGetProvParam
CryptGetUserKey
CryptExportKey
CryptEnumProvidersW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptAcquireContextW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

wldap32

ord211
ord50
ord41
ord22
ord26
ord46
ord27
ord32
ord33
ord35
ord79
ord30
ord200
ord143
ord60
ord301

normaliz

IdnToAscii

libgmp-10

ord380
ord356
ord372
ord358
ord353
ord378
ord351
ord367
ord349
ord371
ord363
ord376
ord354

libmpfr-4

ord193
ord163
ord67
ord291

kernel32

ExitThread
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
WriteConsoleW
GetModuleFileNameA
RaiseException
SetConsoleCtrlHandler
SetEnvironmentVariableA
GetCommandLineW
GetACP
GetConsoleCP
GetTimeZoneInformation
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
RtlUnwind
LoadLibraryExW
GetModuleFileNameW
FreeLibraryAndExitThread
GetThreadTimes
FreeEnvironmentStringsW
CreateThread
GetProcAddress
GetProcessTimes
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
ResetEvent
SetEvent
DeviceIoControl
RemoveDirectoryW
GetCurrentDirectoryW
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetCPInfo
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
GetTempPathW
CreateMutexW
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
Sleep
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetLastError
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
CloseHandle
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LocalFree
LockFileEx
GetFileSize
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
LoadLibraryExA
GetCommandLineA
SetLastError
GetStdHandle
GetFileType
GetModuleHandleW
GetModuleHandleExW
GetTickCount64
InitializeCriticalSectionEx
SleepEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalMemoryStatus
SwitchToFiber
DeleteFiber
CreateFiber
VerSetConditionMask
GetSystemDirectoryA
GetModuleHandleA
VerifyVersionInfoA
PeekNamedPipe
WaitForMultipleObjects
ExpandEnvironmentStringsA
ConvertFiberToThread
ConvertThreadToFiber
GetEnvironmentVariableW
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
ReadConsoleA
ReadConsoleW
SetConsoleMode
OpenFileMappingA
SetCommTimeouts
GetCurrentProcess
GetCurrentThread
QueryPerformanceFrequency
CreateDirectoryW
SetFilePointerEx
CopyFileW
EncodePointer
DecodePointer
CreateEventW

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 748KB - Virtual size: 748KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 101KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 245B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

cafebd28d812ffd4d8923543c8f002ca

Headers

DLL Characteristics

File Characteristics

Imports

user32

ws2_32

advapi32

crypt32

wldap32

normaliz

libgmp-10

libmpfr-4

kernel32

Sections

.text Size: 3.7MB - Virtual size: 3.7MB

.rdata Size: 748KB - Virtual size: 748KB

.data Size: 101KB - Virtual size: 1.0MB

.tls Size: 512B - Virtual size: 245B

.rsrc Size: 512B - Virtual size: 480B

.text
Size: 3.7MB - Virtual size: 3.7MB

.rdata
Size: 748KB - Virtual size: 748KB

.data
Size: 101KB - Virtual size: 1.0MB

.tls
Size: 512B - Virtual size: 245B

.rsrc
Size: 512B - Virtual size: 480B