NEAS[.]0d9593470a28b3c8c9677e455ff6ac10_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.0d9593470a28b3c8c9677e455ff6ac10_JC.exe
Size

2.7MB
MD5

0d9593470a28b3c8c9677e455ff6ac10
SHA1

7d243eaca320a62b517c12c22eb8e9424e01e84b
SHA256

3faf9a1ecfb32c93ab4c9f1014cf265ce9602a961b76ba2981483654c68fd3e9
SHA512

77d223be699a9294dfe5e5aa1e45388c4a8e69c114aa7599de0969658c65753d27670c1ed3e5d59127649bdacecd12ec8aabb3c4f92010e27ac6da05aba6a8c9
SSDEEP

49152:4eE2dUxkp8cWu9+E0AaFEH5ZHGW5qtKEbHrHI9CgtuvZeDZNprF/PnS/Tp5NaLfE:4eaxkpEHE0i5N5lEbHrHIkKZ7h/PnSbb

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0d9593470a28b3c8c9677e455ff6ac10_JC.exe

Files

NEAS.0d9593470a28b3c8c9677e455ff6ac10_JC.exe
.dll windows:5 windows x86

03ce0b17c6568a4d3f01bd6ebfdb91f6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

gdi32

GetDIBits
RemoveFontResourceW
GetPath
FrameRgn

shlwapi

StrRChrW

wintrust

CryptCATPersistStore
IsCatalogFile

msvcrt

memset
putc

advapi32

AreAllAccessesGranted
RegFlushKey
RegCloseKey

kernel32

GetBinaryTypeW
GetModuleHandleW
GetExitCodeThread
OpenProcess
LoadLibraryExA
InterlockedPushEntrySList
SetStdHandle
EnterCriticalSection
Process32FirstW
GetProcessHeap
IsProcessorFeaturePresent
VirtualAlloc
GetSystemTimeAsFileTime
GetUserDefaultUILanguage
GetVersionExA
VerLanguageNameA
WaitForSingleObject
SetMailslotInfo
GetModuleHandleA
GetProcAddress
TerminateJobObject
GlobalMemoryStatus
GetModuleFileNameW

ws2_32

select
WSAGetLastError

rasapi32

RasSetEntryPropertiesW

oleaut32

SafeArrayPtrOfIndex
VarR8FromI1
GetRecordInfoFromGuids
GetErrorInfo
SysAllocStringLen

clusapi

CloseCluster

user32

SetCursorPos
DrawEdge
PostQuitMessage
ShowWindow
GetUpdateRgn
SwapMouseButton
GetMonitorInfoW
DrawIcon
CreateWindowExA
GetSysColor
BroadcastSystemMessageA
SetMenuDefaultItem
FrameRect

setupapi

SetupDiGetDeviceRegistryPropertyA

psapi

EnumProcesses

winmm

OpenDriver
waveOutOpen

ole32

CoEnableCallCancellation
CoFreeUnusedLibrariesEx

winspool.drv

SetPrinterW

lz32

LZOpenFileW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 836KB - Virtual size: 835KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 204KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt0
Size: 584KB - Virtual size: 583KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PACK
Size: 412KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

CRT
Size: 636KB - Virtual size: 635KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_READ

.reloc
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

03ce0b17c6568a4d3f01bd6ebfdb91f6

Headers

DLL Characteristics

File Characteristics

Imports

gdi32

shlwapi

wintrust

msvcrt

advapi32

kernel32

ws2_32

rasapi32

oleaut32

clusapi

user32

setupapi

psapi

winmm

ole32

winspool.drv

lz32

Sections

.text Size: 28KB - Virtual size: 25KB

.rdata Size: 836KB - Virtual size: 835KB

.data Size: 204KB - Virtual size: 202KB

.crt0 Size: 584KB - Virtual size: 583KB

PACK Size: 412KB - Virtual size: 410KB

CRT Size: 636KB - Virtual size: 635KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 100KB - Virtual size: 99KB

.text
Size: 28KB - Virtual size: 25KB

.rdata
Size: 836KB - Virtual size: 835KB

.data
Size: 204KB - Virtual size: 202KB

.crt0
Size: 584KB - Virtual size: 583KB

PACK
Size: 412KB - Virtual size: 410KB

CRT
Size: 636KB - Virtual size: 635KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 100KB - Virtual size: 99KB