NEAS[.]0648b14c066a3f06970b4707c09df7f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.0648b14c066a3f06970b4707c09df7f0_JC.exe
Size

524KB
MD5

0648b14c066a3f06970b4707c09df7f0
SHA1

bea9f05beafcf81ca4bbf66505e8464b1bc5306d
SHA256

b3947b7457f28aa7388d4b16834b4fbdf9bdd5a223c61fe90f31bcf188bd03ce
SHA512

52d66be523be051975c5086559c9599f63c400af17734bcaf2d53bb4b7d5f06e4c5b674b3db90ccfd90dff682c0e9303d69a6d873ac29a53597edfb1019b4ba9
SSDEEP

6144:y+dNe6CBlOIxoHPb59NjJWAEnMsUKedadY6cQ7FIne94HxTZ/bQBX0vQk4:ndNjAM6ovb5LsLBHedH6r7FuZx9QxH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.0648b14c066a3f06970b4707c09df7f0_JC.exe

Files

NEAS.0648b14c066a3f06970b4707c09df7f0_JC.exe
.dll regsvr32 windows:6 windows x86

b3b53d65368903675722a4d7863df851

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTempPathW
TerminateProcess
OpenProcess
CopyFileW
WideCharToMultiByte
InitializeCriticalSection
FindResourceExW
LockResource
GlobalReAlloc
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
IsDebuggerPresent
OutputDebugStringW
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
SetFileAttributesW
DeleteFileW
LocalFree
lstrlenA
SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetTimeZoneInformation
SetStdHandle
GetStringTypeW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
CloseHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WriteFile
GetStdHandle
GetModuleHandleExW
ExitProcess
ReadFile
GetFileSize
CreateFileW
SetThreadLocale
GetThreadLocale
EncodePointer
FindResourceW
lstrcmpiW
SizeofResource
LoadResource
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
lstrcmpW
MulDiv
GlobalUnlock
GlobalLock
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
GetFileAttributesExW
VirtualQuery
VirtualProtect
GetSystemInfo
RtlUnwind
GlobalAlloc
FlushInstructionCache
GetCurrentThreadId
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
SetLastError
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
DecodePointer

user32

FillRect
SendMessageW
UnregisterClassW
CharLowerBuffW
RegisterWindowMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
IsWindow
IsChild
DestroyWindow
MoveWindow
SetWindowPos
GetDlgItem
CharNextW
SetFocus
GetFocus
SetCapture
GetWindowThreadProcessId
PeekMessageW
SetParent
ShowWindow
FindWindowW
IsClipboardFormatAvailable
ReleaseCapture
GetClipboardData
CloseClipboard
OpenClipboard
LoadCursorW
GetWindow
GetClassNameW
GetParent
GetDesktopWindow
SetWindowLongW
GetWindowLongW
OffsetRect
EmptyClipboard
GetSysColor
ScreenToClient
ClientToScreen
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
RedrawWindow
InvalidateRgn
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
DestroyAcceleratorTable
CreateAcceleratorTableW
KillTimer
SetTimer

advapi32

RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetKeyParam
CryptGetHashParam
CryptImportKey
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash
RegCloseKey

ole32

CreateStreamOnHGlobal
CoGetClassObject
CoCreateInstance
CLSIDFromString
CLSIDFromProgID
StringFromGUID2
CoTaskMemAlloc
CoTaskMemFree
CreateBindCtx
OleInitialize
OleUninitialize
CoTaskMemRealloc
HWND_UserFree
HWND_UserUnmarshal
HWND_UserMarshal
HWND_UserSize
OleLockRunning
OleDraw

shell32

SHGetDesktopFolder

oleaut32

VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
LPSAFEARRAY_UserSize
LPSAFEARRAY_UserMarshal
LPSAFEARRAY_UserUnmarshal
LPSAFEARRAY_UserFree
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SafeArrayCreate
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
VariantCopy
RegisterTypeLi
UnRegisterTypeLi
OleLoadPicture
SafeArrayDestroy
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayRedim
SafeArrayCopy
SafeArrayGetVartype
VariantChangeType
VarI4FromStr
VarBstrFromI4
VariantClear
VariantInit
SysAllocStringLen
VarBstrCmp
SysAllocString
LoadRegTypeLi
LoadTypeLi
SysStringLen
SysFreeString
OleCreateFontIndirect

gdi32

SetEnhMetaFileBits
GetDIBits
PlayEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFileW
DeleteEnhMetaFile
CreateDIBSection
CopyEnhMetaFileW
StretchBlt
SelectObject
GetStockObject
GetDeviceCaps
DeleteObject
DeleteDC
CreateSolidBrush
CreateCompatibleDC
CreateCompatibleBitmap
SetBrushOrgEx
BitBlt
SetStretchBltMode
GetObjectW

urlmon

CreateURLMonikerEx
CoInternetSetFeatureEnabled

rpcrt4

IUnknown_AddRef_Proxy
NdrOleAllocate
UuidToStringW
UuidCreate
RpcStringFreeW
NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrCStdStubBuffer_Release
NdrClientCall2
IUnknown_QueryInterface_Proxy
NdrOleFree
IUnknown_Release_Proxy
CStdStubBuffer_QueryInterface
CStdStubBuffer_AddRef
CStdStubBuffer_Connect
CStdStubBuffer_Disconnect
CStdStubBuffer_Invoke
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
CStdStubBuffer_DebugServerRelease

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 247B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 268KB - Virtual size: 272KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b3b53d65368903675722a4d7863df851

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ole32

shell32

oleaut32

gdi32

urlmon

rpcrt4

Exports

Exports

Sections

.text Size: 167KB - Virtual size: 167KB

.orpc Size: 512B - Virtual size: 247B

.rdata Size: 62KB - Virtual size: 62KB

.data Size: 12KB - Virtual size: 20KB

.rsrc Size: 12KB - Virtual size: 11KB

.reloc Size: 268KB - Virtual size: 272KB

.text
Size: 167KB - Virtual size: 167KB

.orpc
Size: 512B - Virtual size: 247B

.rdata
Size: 62KB - Virtual size: 62KB

.data
Size: 12KB - Virtual size: 20KB

.rsrc
Size: 12KB - Virtual size: 11KB

.reloc
Size: 268KB - Virtual size: 272KB