urelas | NEAS[.]014ad95f03c8dfdcd7d63970ec3c90c0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.014ad95f03c8dfdcd7d63970ec3c90c0_JC.exe
Size

275KB
MD5

014ad95f03c8dfdcd7d63970ec3c90c0
SHA1

2ac477257c2380ea89c99f97703bea2cb25357db
SHA256

b664e2ff8e9788d6dd3d6a2177e2c915232c7ece4cd5fbdb4452716961a66b82
SHA512

af80b6aa5813d4490ec5be841f10a3381820c912cb3d436b7401b0dadd45dca6b1647a31efb6d20b5621a2faf22149e6298bf8ccde9166e7c7ffbf55664c044c
SSDEEP

6144:cKFyPHIhaJEVSu7dQLuLc1kTa3pF1JJ7l:ryPHijVSuJqu4kwXh

Score

10^/10

urelas

Malware Config

Extracted

Family

urelas

218.54.31.226

218.54.31.165

Signatures

Urelas family
urelas

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.014ad95f03c8dfdcd7d63970ec3c90c0_JC.exe

Files

NEAS.014ad95f03c8dfdcd7d63970ec3c90c0_JC.exe
.exe windows:5 windows x86

1c8eb547a4cf6ad47f5eb9f6d6ccd7c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateEventW
Sleep
GetTickCount
GetSystemDirectoryW
DeviceIoControl
ReadFile
CreateFileW
GetTempPathA
GetModuleFileNameA
CreateFileA
WriteFile
CreateThread
MultiByteToWideChar
ExitProcess
GetModuleHandleW
GetFileSizeEx
SetFileAttributesW
GetLastError
GetFileSize
SetFilePointer
SystemTimeToFileTime
GetCurrentDirectoryW
LocalFileTimeToFileTime
WideCharToMultiByte
CloseHandle
GetProcessHeap
SetEndOfFile
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
LoadLibraryA
OpenEventW
DeleteFileW
GetFileAttributesW
GetTempPathW
GetModuleFileNameW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineW
GetEnvironmentStringsW
GetModuleHandleA
FreeEnvironmentStringsW
GetVersionExW
HeapAlloc
HeapFree
GetStartupInfoW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
RaiseException
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage

user32

LoadCursorW
RegisterClassExW
CreateWindowExW
DialogBoxParamW
LoadStringW
LoadIconW
PostQuitMessage
EndDialog
wsprintfW
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

shell32

ShellExecuteW
ShellExecuteA

ws2_32

WSAStartup
htonl
gethostbyaddr
socket
gethostbyname
inet_addr
htons
connect
closesocket
send
recv
WSAGetLastError

iphlpapi

GetAdaptersInfo

Sections

.text
Size: 208KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

KFxydlVh
Size: 18KB - Virtual size: 20KB

IMAGE_SCN_MEM_READ

NHRxFgbg
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_MEM_READ

eJqEQeci
Size: 35KB - Virtual size: 56KB

IMAGE_SCN_MEM_READ

wecGQxDL
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

KhbyQchU
Size: - Virtual size: 212KB

IMAGE_SCN_MEM_READ

XJeTtlwN
Size: - Virtual size: 92KB

IMAGE_SCN_MEM_READ

sIfUscaw
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

KvMRdWwz
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ

rysupKzf
Size: - Virtual size: 88KB

IMAGE_SCN_MEM_READ

qheomvzq
Size: - Virtual size: 64KB

IMAGE_SCN_MEM_READ

IrzPJRUa
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

rdnZzASt
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

kmcCOkJX
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

nsNhgwRQ
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ

BTsPdCuj
Size: - Virtual size: 68KB

IMAGE_SCN_MEM_READ

qEdMHJMs
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

CRGJnYdz
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

KXaZfJiM
Size: - Virtual size: 124KB

IMAGE_SCN_MEM_READ

xNPyUrvh
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ

gXRyIVvd
Size: - Virtual size: 332KB

IMAGE_SCN_MEM_READ

ZnWEGVJR
Size: - Virtual size: 56KB

IMAGE_SCN_MEM_READ

OmSozLcc
Size: - Virtual size: 56KB

IMAGE_SCN_MEM_READ

FoLWGXZy
Size: - Virtual size: 64KB

IMAGE_SCN_MEM_READ

gFmPibrw
Size: - Virtual size: 64KB

IMAGE_SCN_MEM_READ

FYeAqCzk
Size: - Virtual size: 40KB

IMAGE_SCN_MEM_READ

vLZNadie
Size: - Virtual size: 56KB

IMAGE_SCN_MEM_READ

SaPtZkHb
Size: - Virtual size: 40KB

IMAGE_SCN_MEM_READ

APGZDLNv
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

ETnLQwQN
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

oByjpqLr
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ

aVmBHVvx
Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ

ELQiwKOT
Size: - Virtual size: 104KB

IMAGE_SCN_MEM_READ

tTJCIjfs
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ

pQmEbCSS
Size: - Virtual size: 48KB

IMAGE_SCN_MEM_READ

AwPxuDlo
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

ogXSKrIE
Size: - Virtual size: 36KB

IMAGE_SCN_MEM_READ

dPJCdOPe
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

aXsyWUTC
Size: - Virtual size: 96KB

IMAGE_SCN_MEM_READ

AEiNMMTP
Size: - Virtual size: 112KB

IMAGE_SCN_MEM_READ

YWsaoHpl
Size: - Virtual size: 40KB

IMAGE_SCN_MEM_READ

xoxUAwoo
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ

zHGEyOcF
Size: - Virtual size: 264KB

IMAGE_SCN_MEM_READ

beWuxjik
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ

JRnJKIpK
Size: - Virtual size: 48KB

IMAGE_SCN_MEM_READ

jQrVrkjm
Size: - Virtual size: 32KB

IMAGE_SCN_MEM_READ

MRAXqKKl
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ

OhvrUbpp
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ

rWXqwPqd
Size: - Virtual size: 44KB

IMAGE_SCN_MEM_READ

QsBBHEaU
Size: - Virtual size: 212KB

IMAGE_SCN_MEM_READ

nbYfwsfv
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

bXZDaGVC
Size: - Virtual size: 48KB

IMAGE_SCN_MEM_READ

BVaZttmI
Size: - Virtual size: 28KB

IMAGE_SCN_MEM_READ

bNslWLhu
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

ktAqLtdC
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

CvzCSNJS
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

fRzcyobi
Size: - Virtual size: 8KB

IMAGE_SCN_MEM_READ

nqNfaqzs
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

JubjQdke
Size: - Virtual size: 60KB

IMAGE_SCN_MEM_READ

nTCwcKrI
Size: - Virtual size: 52KB

IMAGE_SCN_MEM_READ

OMdERtLt
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

zoXJzNZC
Size: - Virtual size: 24KB

IMAGE_SCN_MEM_READ

IyRBAiqN
Size: - Virtual size: 4KB

IMAGE_SCN_MEM_READ

sMJLiYLH
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

fTKMsuJQ
Size: - Virtual size: 44KB

IMAGE_SCN_MEM_READ

fzUbmTAt
Size: - Virtual size: 276KB

IMAGE_SCN_MEM_READ

ecWAydFQ
Size: - Virtual size: 16KB

IMAGE_SCN_MEM_READ

HuJrzRFe
Size: - Virtual size: 12KB

IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Extracted

Signatures

Files

1c8eb547a4cf6ad47f5eb9f6d6ccd7c3

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

shell32

ws2_32

iphlpapi

Sections

.text Size: 208KB - Virtual size: 212KB

.rsrc Size: 4KB - Virtual size: 8KB

.reloc Size: - Virtual size: 4KB

KFxydlVh Size: 18KB - Virtual size: 20KB

NHRxFgbg Size: 3KB - Virtual size: 4KB

eJqEQeci Size: 35KB - Virtual size: 56KB

wecGQxDL Size: - Virtual size: 4KB

KhbyQchU Size: - Virtual size: 212KB

XJeTtlwN Size: - Virtual size: 92KB

sIfUscaw Size: - Virtual size: 16KB

KvMRdWwz Size: - Virtual size: 12KB

rysupKzf Size: - Virtual size: 88KB

qheomvzq Size: - Virtual size: 64KB

IrzPJRUa Size: - Virtual size: 16KB

rdnZzASt Size: - Virtual size: 8KB

kmcCOkJX Size: - Virtual size: 8KB

nsNhgwRQ Size: - Virtual size: 32KB

BTsPdCuj Size: - Virtual size: 68KB

qEdMHJMs Size: - Virtual size: 8KB

CRGJnYdz Size: - Virtual size: 4KB

KXaZfJiM Size: - Virtual size: 124KB

xNPyUrvh Size: - Virtual size: 28KB

gXRyIVvd Size: - Virtual size: 332KB

ZnWEGVJR Size: - Virtual size: 56KB

OmSozLcc Size: - Virtual size: 56KB

FoLWGXZy Size: - Virtual size: 64KB

gFmPibrw Size: - Virtual size: 64KB

FYeAqCzk Size: - Virtual size: 40KB

vLZNadie Size: - Virtual size: 56KB

SaPtZkHb Size: - Virtual size: 40KB

APGZDLNv Size: - Virtual size: 16KB

ETnLQwQN Size: - Virtual size: 4KB

oByjpqLr Size: - Virtual size: 32KB

aVmBHVvx Size: - Virtual size: 52KB

ELQiwKOT Size: - Virtual size: 104KB

tTJCIjfs Size: - Virtual size: 28KB

pQmEbCSS Size: - Virtual size: 48KB

AwPxuDlo Size: - Virtual size: 8KB

ogXSKrIE Size: - Virtual size: 36KB

dPJCdOPe Size: - Virtual size: 8KB

aXsyWUTC Size: - Virtual size: 96KB

AEiNMMTP Size: - Virtual size: 112KB

YWsaoHpl Size: - Virtual size: 40KB

xoxUAwoo Size: - Virtual size: 28KB

zHGEyOcF Size: - Virtual size: 264KB

beWuxjik Size: - Virtual size: 32KB

JRnJKIpK Size: - Virtual size: 48KB

jQrVrkjm Size: - Virtual size: 32KB

MRAXqKKl Size: - Virtual size: 12KB

OhvrUbpp Size: - Virtual size: 28KB

rWXqwPqd Size: - Virtual size: 44KB

QsBBHEaU Size: - Virtual size: 212KB

nbYfwsfv Size: - Virtual size: 8KB

bXZDaGVC Size: - Virtual size: 48KB

BVaZttmI Size: - Virtual size: 28KB

bNslWLhu Size: - Virtual size: 16KB

ktAqLtdC Size: - Virtual size: 4KB

CvzCSNJS Size: - Virtual size: 16KB

fRzcyobi Size: - Virtual size: 8KB

nqNfaqzs Size: - Virtual size: 4KB

JubjQdke Size: - Virtual size: 60KB

nTCwcKrI Size: - Virtual size: 52KB

.text
Size: 208KB - Virtual size: 212KB

.rsrc
Size: 4KB - Virtual size: 8KB

.reloc
Size: - Virtual size: 4KB

KFxydlVh
Size: 18KB - Virtual size: 20KB

NHRxFgbg
Size: 3KB - Virtual size: 4KB

eJqEQeci
Size: 35KB - Virtual size: 56KB

wecGQxDL
Size: - Virtual size: 4KB

KhbyQchU
Size: - Virtual size: 212KB

XJeTtlwN
Size: - Virtual size: 92KB

sIfUscaw
Size: - Virtual size: 16KB

KvMRdWwz
Size: - Virtual size: 12KB

rysupKzf
Size: - Virtual size: 88KB

qheomvzq
Size: - Virtual size: 64KB

IrzPJRUa
Size: - Virtual size: 16KB

rdnZzASt
Size: - Virtual size: 8KB

kmcCOkJX
Size: - Virtual size: 8KB

nsNhgwRQ
Size: - Virtual size: 32KB

BTsPdCuj
Size: - Virtual size: 68KB

qEdMHJMs
Size: - Virtual size: 8KB

CRGJnYdz
Size: - Virtual size: 4KB

KXaZfJiM
Size: - Virtual size: 124KB

xNPyUrvh
Size: - Virtual size: 28KB

gXRyIVvd
Size: - Virtual size: 332KB

ZnWEGVJR
Size: - Virtual size: 56KB

OmSozLcc
Size: - Virtual size: 56KB

FoLWGXZy
Size: - Virtual size: 64KB

gFmPibrw
Size: - Virtual size: 64KB

FYeAqCzk
Size: - Virtual size: 40KB

vLZNadie
Size: - Virtual size: 56KB

SaPtZkHb
Size: - Virtual size: 40KB

APGZDLNv
Size: - Virtual size: 16KB

ETnLQwQN
Size: - Virtual size: 4KB

oByjpqLr
Size: - Virtual size: 32KB

aVmBHVvx
Size: - Virtual size: 52KB

ELQiwKOT
Size: - Virtual size: 104KB

tTJCIjfs
Size: - Virtual size: 28KB

pQmEbCSS
Size: - Virtual size: 48KB

AwPxuDlo
Size: - Virtual size: 8KB

ogXSKrIE
Size: - Virtual size: 36KB

dPJCdOPe
Size: - Virtual size: 8KB

aXsyWUTC
Size: - Virtual size: 96KB

AEiNMMTP
Size: - Virtual size: 112KB

YWsaoHpl
Size: - Virtual size: 40KB

xoxUAwoo
Size: - Virtual size: 28KB

zHGEyOcF
Size: - Virtual size: 264KB

beWuxjik
Size: - Virtual size: 32KB

JRnJKIpK
Size: - Virtual size: 48KB

jQrVrkjm
Size: - Virtual size: 32KB

MRAXqKKl
Size: - Virtual size: 12KB

OhvrUbpp
Size: - Virtual size: 28KB

rWXqwPqd
Size: - Virtual size: 44KB

QsBBHEaU
Size: - Virtual size: 212KB

nbYfwsfv
Size: - Virtual size: 8KB

bXZDaGVC
Size: - Virtual size: 48KB

BVaZttmI
Size: - Virtual size: 28KB

bNslWLhu
Size: - Virtual size: 16KB

ktAqLtdC
Size: - Virtual size: 4KB

CvzCSNJS
Size: - Virtual size: 16KB

fRzcyobi
Size: - Virtual size: 8KB

nqNfaqzs
Size: - Virtual size: 4KB

JubjQdke
Size: - Virtual size: 60KB

nTCwcKrI
Size: - Virtual size: 52KB

OMdERtLt
Size: - Virtual size: 4KB

zoXJzNZC
Size: - Virtual size: 24KB

IyRBAiqN
Size: - Virtual size: 4KB

sMJLiYLH
Size: - Virtual size: 16KB

fTKMsuJQ
Size: - Virtual size: 44KB

fzUbmTAt
Size: - Virtual size: 276KB

ecWAydFQ
Size: - Virtual size: 16KB

HuJrzRFe
Size: - Virtual size: 12KB