NEAS[.]06d08d8db7d349174e25ce47278881a0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.06d08d8db7d349174e25ce47278881a0_JC.exe
Size

124KB
MD5

06d08d8db7d349174e25ce47278881a0
SHA1

e9d010364ebeac2d41ca3a908794eb9f1ff0710e
SHA256

ea0ceaf54d5f840a854241c5fff9bb71c706c1b14c50e273031fad5a04d55adb
SHA512

b4d75f26e397e82da5b6bba78a76d0c8d7d0881cc0e1f31a87b74fc7a55c3d0dbc01f7f6b694ca531221a35017e957287d035e467db545492392282171f83d42
SSDEEP

3072:xKAmALZJkksm5uIZFSOus4RAl7wF/uQVjPej4:RmAv195DZf4Ry8R1Y4

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.06d08d8db7d349174e25ce47278881a0_JC.exe

Files

NEAS.06d08d8db7d349174e25ce47278881a0_JC.exe
.exe windows:4 windows x86

2a4f29cebb61a43982a1f13b6f6f52a7

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCloseKey
RegEnumKeyExA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegQueryValueExA
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA

newdev

UpdateDriverForPlugAndPlayDevicesA

cfgmgr32

CM_Connect_MachineA
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExA

setupapi

SetupGetInfFileListA
SetupDiSetDeviceRegistryPropertyA
SetupDiInstallDevice
SetupDiCallClassInstaller
SetupDiDeleteDevRegKey
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInfo
SetupDiGetClassDevsA
SetupCloseInfFile
SetupGetStringFieldA
SetupFindFirstLineA
SetupOpenInfFileA
SetupCopyOEMInfA
SetupAddToSourceListA
SetupRemoveFromSourceListA
SetupDiDestroyDeviceInfoList

msvcrt

fgets
free
_mbsnset
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
getenv
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_strdup
_strlwr
strtok
_mbsicmp
strstr
_mbscmp
_mbsnbcmp
_mbslwr
_mbsstr
printf
fopen
fseek
fputs
fclose
sprintf
_mbsnbcpy
malloc
__getmainargs
_mbsrchr
_strupr

kernel32

GetSystemDirectoryA
GetStartupInfoA
GetLastError
SetLastError
FindFirstFileA
GetWindowsDirectoryA
LocalAlloc
lstrcatA
LocalFree
SetFileAttributesA
DeleteFileA
GetVersionExA
lstrlenA
lstrcpyA
WritePrivateProfileStringA
GetSystemTime
CreateFileA
GetFileSize
CloseHandle
GetModuleFileNameA

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2a4f29cebb61a43982a1f13b6f6f52a7

Headers

File Characteristics

Imports

advapi32

newdev

cfgmgr32

setupapi

msvcrt

kernel32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 8KB - Virtual size: 5KB

.sxdata Size: 4KB - Virtual size: 4B

.rsrc Size: 80KB - Virtual size: 80KB

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 8KB - Virtual size: 5KB

.sxdata
Size: 4KB - Virtual size: 4B

.rsrc
Size: 80KB - Virtual size: 80KB