NEAS[.]1d6672d2139602f2d973957c778db490_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1d6672d2139602f2d973957c778db490_JC.exe
Size

2.4MB
MD5

1d6672d2139602f2d973957c778db490
SHA1

f240196558d7957b962374fbeb1122f3a48db11c
SHA256

73213eb09daca61a2d24629c58936115087a4149cbfd5babe755b677a961a653
SHA512

1fd0f171c34494522c3c81b98d38ad177e02ef50f71c535f2fbecfad8c7d186f3fa96d5ee8c7f2c5baaf57df9ff32458c0bc2c40e6ebf51a288ad8dd55ecfd01
SSDEEP

49152:RX5/JmoP0wkZ964jTJu5+T3i/dgD5LIbD7t3hlbOECXAHwS77777777v7777777h:RJCfLhdC+TyY5M7NSFwwS77777777v7+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1d6672d2139602f2d973957c778db490_JC.exe

Files

NEAS.1d6672d2139602f2d973957c778db490_JC.exe
.exe windows:4 windows x86

56f54c4acb2dac1b2e15ec843bcdd5b1

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
CreateFileA
WriteFile
IsBadStringPtrA
GetShortPathNameA
lstrcpyA
GetSystemDefaultLangID
GetStartupInfoA
CreateProcessA
FormatMessageA
LocalFree
EnumResourceLanguagesA
GetTempPathA
FindFirstFileA
FindNextFileA
GetVersionExA
FindClose
GetDriveTypeA
GetCurrentDirectoryA
VirtualAlloc
VirtualFree
GetFileSize
ReadFile
CreateEventA
VirtualQuery
GetSystemTime
WaitForSingleObject
RemoveDirectoryA
DeleteFileA
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForMultipleObjects
OutputDebugStringA
FileTimeToSystemTime
GetDateFormatA
IsBadReadPtr
GetTimeFormatA
CreateDirectoryA
SetFilePointer
SetEvent
ResetEvent
GetFileAttributesA
HeapAlloc
GetProcessHeap
InterlockedExchange
HeapFree
GetStdHandle
HeapCreate
RtlUnwind
CreateThread
ExitThread
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemInfo
VirtualProtect
GetThreadLocale
GetLocaleInfoA
GetACP
HeapSize
HeapReAlloc
HeapDestroy
IsProcessorFeaturePresent
InterlockedCompareExchange
GetCPInfo
GetOEMCP
IsValidCodePage
CompareStringA
SetLastError
MulDiv
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetTickCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
TlsGetValue
lstrcmpA
TlsSetValue
UnmapViewOfFile
GetProcAddress
FreeLibrary
LoadLibraryExA
InitializeCriticalSection
GetModuleHandleA
FindResourceA
GlobalFree
LockResource
LoadLibraryA
SizeofResource
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
TlsFree
FlushFileBuffers
DeleteCriticalSection
LoadResource
FindResourceExA
GetCommandLineA
CloseHandle
GlobalUnlock
GetCurrentProcess
GetCurrentProcessId
GlobalLock
GetModuleFileNameA
GlobalAlloc
OpenFileMappingA
EnterCriticalSection
GetCurrentThreadId
lstrlenA
GetLastError
IsDBCSLeadByte
CreateFileMappingA
MapViewOfFile
FlushInstructionCache
MultiByteToWideChar
InterlockedDecrement
CreateFileW
RaiseException
lstrlenW
InterlockedIncrement
lstrcmpiA
TlsAlloc
WideCharToMultiByte
IsBadWritePtr
LeaveCriticalSection

user32

DrawTextA
GetActiveWindow
ShowWindow
GetDlgCtrlID
GetPropA
GetSystemMetrics
SetPropA
GetCursorPos
UpdateWindow
DrawFocusRect
IsWindowVisible
CreateDialogParamA
MapWindowPoints
PeekMessageA
IsWindowEnabled
GetMessageA
TranslateMessage
CreateCursor
DispatchMessageA
GetCapture
IsDialogMessageA
DialogBoxParamA
GetAsyncKeyState
MessageBoxA
KillTimer
SetTimer
PostQuitMessage
InflateRect
OffsetRect
GetWindowRect
PtInRect
SetCursor
RedrawWindow
GetClassNameA
CharNextA
SetWindowTextA
InvalidateRect
SetCapture
ReleaseCapture
SendMessageA
DefWindowProcA
EnableWindow
EqualRect
ValidateRect
ScrollWindowEx
ShowScrollBar
SetScrollRange
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
EndDialog
LoadIconA
GetWindowDC
SetRect
GetSystemMenu
RemoveMenu
MessageBeep
LoadImageA
SendDlgItemMessageA
SetActiveWindow
DrawEdge
MsgWaitForMultipleObjects
GetTopWindow
SetRectEmpty
LoadStringA
SystemParametersInfoA
IsChild
ReleaseDC
GetFocus
SetFocus
PostMessageA
LoadCursorA
GetWindow
GetDC
SetWindowLongA
InvalidateRgn
GetParent
GetDlgItem
GetWindowLongA
GetClassInfoExA
CallWindowProcA
CreateAcceleratorTableA
IsWindow
GetWindowTextA
ExitWindowsEx
GetDesktopWindow
ScreenToClient
RegisterWindowMessageA
RegisterClassExA
BeginPaint
GetClientRect
FillRect
CreateWindowExA
DestroyAcceleratorTable
EndPaint
ClientToScreen
DestroyWindow
GetSysColor
GetWindowTextLengthA
MoveWindow
SetWindowPos
DestroyCursor
UnregisterClassA

gdi32

LineTo
CreatePen
SetViewportOrgEx
MoveToEx
GetTextExtentPoint32A
GetClipBox
ExtTextOutA
LPtoDP
DPtoLP
SetTextColor
SetBkMode
RealizePalette
SelectPalette
CreateBitmap
CreateFontIndirectA
GetTextMetricsA
SetBkColor
BitBlt
SelectObject
CreateCompatibleDC
GetObjectA
GetStockObject
CreateCompatibleBitmap
CreateSolidBrush
GetDeviceCaps
StretchBlt
DeleteObject
DeleteDC

advapi32

RegQueryValueExA
RegQueryInfoKeyA
RegEnumKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenKeyExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHChangeNotify
SHGetDataFromIDListA
SHGetFileInfoA
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetPathFromIDListA
ShellExecuteA

ole32

CLSIDFromString
CLSIDFromProgID
CoCreateInstance
CoInitialize
StringFromGUID2
CoGetClassObject
OleUninitialize
OleInitialize
CreateStreamOnHGlobal
OleLockRunning
CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
CoTaskMemAlloc

oleaut32

SysFreeString
VarUI4FromStr
OleCreateFontIndirect
SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
VariantClear
VariantInit
VarI4FromStr
OleLoadPicture
SysAllocStringByteLen
SysAllocStringLen
SysStringByteLen

shlwapi

StrStrA
StrStrIA
PathRemoveFileSpecA
PathFindExtensionA
PathCombineA
PathAppendW
PathRemoveBackslashA
PathCanonicalizeA

comctl32

_TrackMouseEvent
FlatSB_SetScrollInfo
FlatSB_GetScrollInfo
FlatSB_SetScrollPos
InitCommonControlsEx

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

Sections

.text
Size: 324KB - Virtual size: 321KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.zero
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56f54c4acb2dac1b2e15ec843bcdd5b1

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

shlwapi

comctl32

version

Sections

.text Size: 324KB - Virtual size: 321KB

.rdata Size: 76KB - Virtual size: 73KB

.data Size: 20KB - Virtual size: 30KB

.rsrc Size: 2.0MB - Virtual size: 2.0MB

.zero Size: 4KB - Virtual size: 3KB

.text
Size: 324KB - Virtual size: 321KB

.rdata
Size: 76KB - Virtual size: 73KB

.data
Size: 20KB - Virtual size: 30KB

.rsrc
Size: 2.0MB - Virtual size: 2.0MB

.zero
Size: 4KB - Virtual size: 3KB