NEAS[.]1777f08c4dbca7859b1ff08a357c7ac0_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.1777f08c4dbca7859b1ff08a357c7ac0_JC.exe
Size

532KB
MD5

1777f08c4dbca7859b1ff08a357c7ac0
SHA1

9e844453aded7a6604b6acc9f38ce7b74186875c
SHA256

098add9ba3661e494608b81706cadcd87465249be08b35299624e344aac303ec
SHA512

31b64aede9259945356da5726c31878f3edad200e7f79a4771cf73f1322bbff3b39a43e05ac20beb6910fc30bd1120066708d7f7f18bad04da945acea8e06fb2
SSDEEP

12288:Rd+LZrNwWrrwMNoz4vG1OYZabtK75W9y/7ikdjgEb:RYLZreWXvyPabI7AsiYj3b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1777f08c4dbca7859b1ff08a357c7ac0_JC.exe

Files

NEAS.1777f08c4dbca7859b1ff08a357c7ac0_JC.exe
.dll windows:5 windows x86

18a9672c82a5e7523b8185670465b54e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

winmm

timeGetTime

kernel32

GetCommandLineW
LocalFree
IsDebuggerPresent
GetCurrentProcess
WaitForSingleObject
GetCurrentThreadId
Sleep
RaiseException
CreateDirectoryW
ReadFile
GetTempPathW
GetFileAttributesW
GetCurrentDirectoryW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetModuleHandleExW
GetProcAddress
GetModuleHandleW
GetVersionExW
GetNativeSystemInfo
TzSpecificLocalTimeToSystemTime
FileTimeToSystemTime
QueryPerformanceFrequency
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
GetSystemTimeAsFileTime
QueryPerformanceCounter
SetEndOfFile
SetFilePointerEx
FlushFileBuffers
GetTickCount
FindClose
TlsSetValue
TlsAlloc
TlsGetValue
TlsFree
RtlCaptureStackBackTrace
SetUnhandledExceptionFilter
ExpandEnvironmentStringsW
VirtualQuery
GetSystemInfo
HeapAlloc
HeapReAlloc
HeapFree
OpenProcess
FindResourceW
SetHandleInformation
HeapSize
ReadConsoleW
UnlockFileEx
LockFileEx
GetWindowsDirectoryW
GetSystemDirectoryW
GetUserDefaultUILanguage
GetEnvironmentVariableW
CreateProcessW
ResumeThread
AssignProcessToJobObject
FormatMessageA
GetCurrentProcessId
CloseHandle
DeleteFileW
GetLastError
CreateFileW
GetModuleFileNameW
OutputDebugStringA
WriteFile
SetLastError
GetLocalTime
lstrlenW
LoadResource
LockResource
VirtualProtect
FreeLibrary
LoadLibraryExA
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
GetConsoleCP
GetConsoleMode
ExitProcess
GetFullPathNameW
SetStdHandle
GetFileType
GetProcessHeap
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetACP
WriteConsoleW
GetDriveTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
OutputDebugStringW
SizeofResource

ole32

CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeEx
CoTaskMemFree

user32

CharUpperW
SetWindowPos
GetShellWindow
EnumWindows
GetClassNameW
GetWindowThreadProcessId

advapi32

CreateProcessAsUserW
ConvertSidToStringSidW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
FreeSid
SystemFunction036
DuplicateTokenEx
CheckTokenMembership
AllocateAndInitializeSid
OpenProcessToken
RegCloseKey
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

oleaut32

SysAllocString
SysFreeString
VariantClear

rpcrt4

UuidCreate

Exports

Exports

CanOfferReactivation
CanOfferRelaunch
GetHandleVerifier
GoogleChromeCompatibilityCheck
GoogleChromeDaysSinceLastRun
LaunchGoogleChrome
LaunchGoogleChromeInBackground
LaunchGoogleChromeWithDimensions
ReactivateChrome
SetRelaunchOffered

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.text
Size: 147KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

18a9672c82a5e7523b8185670465b54e

Headers

DLL Characteristics

File Characteristics

Imports

version

winmm

kernel32

ole32

user32

advapi32

userenv

oleaut32

rpcrt4

Exports

Exports

Sections

.text Size: 288KB - Virtual size: 288KB

.rdata Size: 75KB - Virtual size: 75KB

.data Size: 4KB - Virtual size: 13KB

.gfids Size: 1024B - Virtual size: 808B

.tls Size: 512B - Virtual size: 2B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 13KB - Virtual size: 12KB

.text Size: 147KB - Virtual size: 148KB

.text
Size: 288KB - Virtual size: 288KB

.rdata
Size: 75KB - Virtual size: 75KB

.data
Size: 4KB - Virtual size: 13KB

.gfids
Size: 1024B - Virtual size: 808B

.tls
Size: 512B - Virtual size: 2B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 13KB - Virtual size: 12KB

.text
Size: 147KB - Virtual size: 148KB