NEAS[.]0c1f21f4a685b7ae4793742c4f5484c0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.0c1f21f4a685b7ae4793742c4f5484c0_JC.exe
Size

127KB
MD5

0c1f21f4a685b7ae4793742c4f5484c0
SHA1

219368fb9b005dab4890e98b0104725fdb64f7ae
SHA256

a958fd1a25a641a03769cb37de88e86ca1ad9dbc8b26baaee820731c173d3460
SHA512

edd4b98b16d1b7c18ec797b0302d3f1204df5d0faec2ff8019c619887be4290fea6f351356f0b05a87bc77b7b457686d03118443b18af7d7f6e6b05120e463a9
SSDEEP

1536:7VgxHldwsamaGKEYs2mOrUxRPLWgx6YjAE6k3HxoNqr9bzI5DLv:7UlWsadyxRKgkvE9bE5DLv

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0c1f21f4a685b7ae4793742c4f5484c0_JC.exe

Files

NEAS.0c1f21f4a685b7ae4793742c4f5484c0_JC.exe
.dll windows:5 windows x86

209db6e59ddae345e53c6a01b47d4d64

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteProcessMemory
GetProcAddress
LoadLibraryA
OpenProcess
GetCurrentProcessId
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
MultiByteToWideChar
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetLastError
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
HeapAlloc
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
HeapReAlloc
GetModuleHandleA
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
HeapSize
WriteFile
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle

user32

UnhookWindowsHookEx
FindWindowA
SendMessageA
SetWindowsHookExA
CallNextHookEx

ws2_32

gethostbyname

Exports

Exports

StartHook
UnLoadHook

Sections

.text
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

209db6e59ddae345e53c6a01b47d4d64

Headers

File Characteristics

Imports

kernel32

user32

ws2_32

Exports

Exports

Sections

.text Size: 94KB - Virtual size: 93KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 6KB - Virtual size: 13KB

.rsrc Size: 512B - Virtual size: 436B

.reloc Size: 7KB - Virtual size: 7KB

.text
Size: 94KB - Virtual size: 93KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 6KB - Virtual size: 13KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB