NEAS[.]0d9c2f06e486df047dcaf2ff6aa068f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0d9c2f06e486df047dcaf2ff6aa068f0_JC.exe
Size

6.9MB
MD5

0d9c2f06e486df047dcaf2ff6aa068f0
SHA1

570301888479bc8731a00744b265ed1da5613f50
SHA256

f968c514eb83ac3a1bffb605fcdab2ab98b95929f0588f3917c34f9cbaf93f01
SHA512

f64ff8b392789071791503444533698c55c1742a1ad5a917413b9a43b289feaa445bcbd697826cdc2185e9af272f922f85e1dc3bab7649a8de5c533af594dcf7
SSDEEP

196608:78yIQ9zVd3eB3FIJllPZvrj0j/0OXFakr2YR:oY3E1IJ/Pm9F72YR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0d9c2f06e486df047dcaf2ff6aa068f0_JC.exe

Files

NEAS.0d9c2f06e486df047dcaf2ff6aa068f0_JC.exe
.exe windows:6 windows x86

6477d0dfbe54b7cff7222180abd796cb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetStdHandle
OutputDebugStringW
SetFilePointerEx
ReadFile
GetConsoleMode
CloseHandle
GetOEMCP
IsValidCodePage
FreeEnvironmentStringsW
WriteFile
GetModuleFileNameW
GetFileType
GetStdHandle
HeapSize
GetModuleHandleExW
ExitProcess
GetCurrentThreadId
GetProcessHeap
EnumSystemLocalesW
WriteConsoleW
LCMapStringW
GetProcAddress
GetModuleHandleW
TlsSetValue
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapAlloc
RtlUnwind
GetCPInfo
HeapReAlloc
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
DecodePointer
WideCharToMultiByte
ReadConsoleW
TlsAlloc
GetOverlappedResult
SizeofResource
GetLogicalDrives
VerSetConditionMask
EnumCalendarInfoW
GetSystemDefaultLangID
HeapCreate
GetSystemTimeAsFileTime
lstrcpyW
TlsFree
GetCurrentProcessId
GetVersion
EnumResourceTypesW
GetExitCodeThread
LoadLibraryA
SetLastError
GetLastError
FindFirstFileA
GetACP
GetFileAttributesW
Beep
GetExitCodeProcess
GetFileAttributesA
GetVersionExW
IsValidLocale
GetConsoleCP
VirtualFree
GetCurrentThread
SetEnvironmentVariableW
RtlCaptureContext
GetLocaleInfoA
ResumeThread
FileTimeToLocalFileTime
GetStringTypeW
IsDebuggerPresent
GetModuleHandleA
QueryDosDeviceW
CreateEventW
LockResource
RaiseException
FlushFileBuffers
GetStartupInfoW
CompareStringW
CreateFileW
CreateProcessA
IsProcessorFeaturePresent
lstrcpynW
LeaveCriticalSection
GetSystemDirectoryW
GetUserDefaultLangID
ClearCommBreak
WaitForSingleObjectEx
GetUserDefaultLCID
SetHandleInformation
CreateDirectoryW
HeapFree
GetEnvironmentStringsW
QueryPerformanceCounter
CompareFileTime
WaitNamedPipeA
LoadLibraryExW
SetErrorMode
TlsGetValue
SetFilePointer
FindFirstFileW
GlobalMemoryStatus
GetDateFormatW
GetEnvironmentVariableW
EncodePointer
GetLocaleInfoW
GetCommandLineW

user32

SetCursor
MessageBeep
GetMenuStringW
CreateIconIndirect
OffsetRect
GetKeyboardLayout
CheckMenuRadioItem
RedrawWindow
GetSysColor
CreatePopupMenu
EnableScrollBar
EndPaint
GetDlgItem
InsertMenuA
GetDlgItemTextW
EnableWindow
DestroyMenu
GetDlgCtrlID
GetDlgItemTextA
SetWindowTextW
CheckMenuItem
IsRectEmpty
ToAsciiEx
ShowOwnedPopups
ReleaseDC
GetKeyboardType
EnumWindows
RegisterClassA
GetMessageTime
DialogBoxParamA
DrawTextExW
GetKeyState
GetSystemMetrics
DestroyWindow
DestroyAcceleratorTable
GetWindowRect
MapDialogRect
SendDlgItemMessageA
CharNextW
TrackPopupMenu
KillTimer
IsZoomed
DrawIconEx
LoadStringA
DeleteMenu
GetParent
AttachThreadInput
CharLowerBuffW
GetClientRect
GetWindowTextLengthA
DrawEdge
SetScrollRange
GetQueueStatus
GetCapture
DrawFocusRect
GetKeyboardState
GetMenu
SetPropA
MessageBoxA
UnregisterClassA
SetScrollPos
MonitorFromWindow
SetClassLongA
DrawStateW
SetWindowLongW
EndDialog
DestroyCaret
SendDlgItemMessageW
EnumChildWindows
IsDlgButtonChecked
RemoveMenu
CheckRadioButton
MessageBoxW
SystemParametersInfoA
BeginDeferWindowPos
RegisterClassW
ValidateRgn
MapWindowPoints
LoadCursorA
SetDlgItemTextA
CreateDialogParamA

gdi32

DeleteDC
CreateFontIndirectW
StretchBlt
SetDIBColorTable
ExcludeClipRect
GetRgnBox
GetPaletteEntries
CreateCompatibleDC
OffsetRgn
ExtCreateRegion
GetObjectType
GetTextExtentPointW
GetBkColor
SelectPalette
GetSystemPaletteEntries
CreatePatternBrush
CreatePen
IntersectClipRect
CreateDIBitmap
GetPixel
GetStockObject
SetWinMetaFileBits
SetTextColor
CreateEnhMetaFileW
RestoreDC
UpdateColors
CreateSolidBrush
PlayEnhMetaFile
CreateRectRgnIndirect
SelectClipRgn
CreatePalette
GetDIBits
GetDeviceCaps
Polygon
SetWindowExtEx
Arc
CloseEnhMetaFile
SetTextAlign
GdiFlush
EndPage
CreatePolygonRgn
RectVisible
CreateFontA
GetTextExtentPoint32A
BitBlt
LineTo
SetLayout
MoveToEx
Polyline
GetTextExtentPointA
SetStretchBltMode
GetCharABCWidthsW
GetTextExtentExPointA
GetObjectW
GetDIBColorTable
StretchDIBits
ExtTextOutA
SetMapMode
Ellipse

comdlg32

FindTextW

advapi32

RegLoadKeyW
RegQueryValueExW
RegSetValueExW
RegEnumKeyExW
StartServiceW
InitializeSecurityDescriptor
EqualSid
OpenServiceW
OpenProcessToken
CloseServiceHandle
RegCloseKey

shell32

ExtractIconExW
CommandLineToArgvW

ole32

CoInitialize

oleaut32

SysFreeString
VariantClear
SysReAllocStringLen
VariantInit

Sections

.text
Size: 854KB - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.info
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lztg
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nblmh
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.undre
Size: 512B - Virtual size: 10B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6.1MB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.info
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lztg
Size: 512B - Virtual size: 389B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.nblmh
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.flroda
Size: 512B - Virtual size: 191B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.undre
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6477d0dfbe54b7cff7222180abd796cb

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

oleaut32

Sections

.text Size: 854KB - Virtual size: 853KB

.info Size: 512B - Virtual size: 10B

.lztg Size: 512B - Virtual size: 10B

.nblmh Size: 512B - Virtual size: 10B

.undre Size: 512B - Virtual size: 10B

.data Size: 6.1MB - Virtual size: 6.1MB

.idata Size: 7KB - Virtual size: 7KB

.info Size: 4KB - Virtual size: 4KB

.lztg Size: 512B - Virtual size: 389B

.nblmh Size: 6KB - Virtual size: 5KB

.flroda Size: 512B - Virtual size: 191B

.undre Size: 3KB - Virtual size: 2KB

.reloc Size: 22KB - Virtual size: 22KB

.rsrc Size: 3KB - Virtual size: 2KB

.text
Size: 854KB - Virtual size: 853KB

.info
Size: 512B - Virtual size: 10B

.lztg
Size: 512B - Virtual size: 10B

.nblmh
Size: 512B - Virtual size: 10B

.undre
Size: 512B - Virtual size: 10B

.data
Size: 6.1MB - Virtual size: 6.1MB

.idata
Size: 7KB - Virtual size: 7KB

.info
Size: 4KB - Virtual size: 4KB

.lztg
Size: 512B - Virtual size: 389B

.nblmh
Size: 6KB - Virtual size: 5KB

.flroda
Size: 512B - Virtual size: 191B

.undre
Size: 3KB - Virtual size: 2KB

.reloc
Size: 22KB - Virtual size: 22KB

.rsrc
Size: 3KB - Virtual size: 2KB