NEAS[.]0b8997ab18d9b7c1250bb1f0aee7edb0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0b8997ab18d9b7c1250bb1f0aee7edb0_JC.exe
Size

363KB
MD5

0b8997ab18d9b7c1250bb1f0aee7edb0
SHA1

8f8e5e9edb97c9956499e354cecdea5c45e26ae1
SHA256

1b0803320820610fce9c4e91d138e0d999016f064cc5a99ab6930d434f36872c
SHA512

fe7240fa8026b9867c05c4ea22cbd2a615a59b0b1d3a232d3f884fc7efcab732348c5da1753dce651be44ee904f49ae47a7e85caf6ddd80c4910ef9aae880a35
SSDEEP

6144:5tjjiqr2VhhYDpzwcZkqG/vUppzwcZkqG/vUzpzwcZkqG:5NWYgxtRtj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0b8997ab18d9b7c1250bb1f0aee7edb0_JC.exe

Files

NEAS.0b8997ab18d9b7c1250bb1f0aee7edb0_JC.exe
.exe windows:4 windows x86

c0a78e305f5fdb74cde1860dcdaefdb2

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetFileAttributesA
lstrcmpiA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
ExitProcess
CloseHandle
WriteFile
CreateFileA
GetTempPathA
GetTickCount
ExitThread
CreateThread
GlobalUnlock
GlobalLock
GlobalAlloc
InterlockedDecrement
GetLocaleInfoA
GetVersionExA
SetFileAttributesA
lstrlenA
lstrcatA
GetDriveTypeA
GetLogicalDriveStringsA
ExpandEnvironmentStringsA
GetCurrentDirectoryA
CreateMutexA
SetErrorMode
HeapCreate
HeapDestroy
GetEnvironmentVariableA
LocalFree
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
LoadLibraryA
CopyFileA
GetLastError
Sleep
GetProcAddress
GetOEMCP
GetACP
GetCPInfo
SetStdHandle
GetStringTypeW
LCMapStringW
LCMapStringA
WideCharToMultiByte
HeapSize
HeapReAlloc
GetStringTypeA
IsBadCodePtr
IsBadReadPtr
SetUnhandledExceptionFilter
FlushFileBuffers
GetEnvironmentStringsW
GetEnvironmentStrings
GetCurrentProcess
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetFileType
GetStdHandle
SetHandleCount
SetFilePointer
ReadFile
IsBadWritePtr
VirtualAlloc
MultiByteToWideChar
RtlUnwind
HeapAlloc
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetStartupInfoA
GetCommandLineA
GetVersion
HeapFree
RaiseException
TerminateProcess
VirtualFree

user32

CloseClipboard
SetFocus
SetForegroundWindow
MessageBoxA
ShowWindow
keybd_event
OpenClipboard
EmptyClipboard
SetClipboardData
VkKeyScanA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SysFreeString
VariantInit
VariantClear
SysAllocString

ws2_32

WSAStartup
WSACleanup
closesocket
socket
htons
send
select
recv
gethostbyname
inet_addr
sendto
connect

urlmon

URLDownloadToFileA

shlwapi

PathRemoveFileSpecA

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

c0a78e305f5fdb74cde1860dcdaefdb2

Headers

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ws2_32

urlmon

shlwapi

Sections

.text Size: 62KB - Virtual size: 61KB

.rdata Size: 9KB - Virtual size: 9KB

.data Size: 14KB - Virtual size: 44KB

.text
Size: 62KB - Virtual size: 61KB

.rdata
Size: 9KB - Virtual size: 9KB

.data
Size: 14KB - Virtual size: 44KB