NEAS[.]22a5b45bd5aaad2c849b198a011c9870_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.22a5b45bd5aaad2c849b198a011c9870_JC.exe
Size

228KB
MD5

22a5b45bd5aaad2c849b198a011c9870
SHA1

13ce2bdc80a258492dd1274bcc757e14235435e7
SHA256

20486c787e22dba4f72ded970179ef02394220e6e779606ac0be3043fe62c77b
SHA512

b713ecc5c5c0f758b31354f5acb6e194110305c30ab2c4a68e8a0f3e420bbf29f5fd7780bdd471cc76c7ff16fd3c3061b2b6b037ebc6bddc03150346ccd61773
SSDEEP

6144:o1qbJz4ELB2iMmM6R/vsN4i8GmCHFdJBzPnH:q7mM6RvsN4iiCldjzH

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.22a5b45bd5aaad2c849b198a011c9870_JC.exe

Files

NEAS.22a5b45bd5aaad2c849b198a011c9870_JC.exe
.exe windows:4 windows x86

1216742c5aa8edec1ffccbbb4b6e6c0e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

SetDlgItemTextW
CreateWindowExW
GetDesktopWindow
LoadStringW
LoadMenuW
CreateDialogIndirectParamW
CreateDialogParamW
DdeFreeDataHandle
DdeGetLastError
DdeDisconnect
WaitForInputIdle
GetDlgItemTextW
DestroyWindow
ReleaseDC
GetSystemMetrics
GetDC
DestroyMenu
TrackPopupMenuEx
SetForegroundWindow
LoadBitmapW
IsWindow
RegisterClassExW
IsDialogMessageW
DispatchMessageW
TranslateMessage
GetMessageW
CheckMenuItem
SetMenuDefaultItem
GetSubMenu
GetCursorPos
MessageBeep
LoadIconW
GetWindowRect
SystemParametersInfoW
PostMessageW
SetTimer
GetDoubleClickTime
KillTimer
DdeClientTransaction
DdeCreateStringHandleW
DdeFreeStringHandle
DdeConnect
DdeUninitialize
DdeInitializeW
GetMenuItemInfoW
SetMenuItemInfoW
OpenClipboard
EmptyClipboard
PostQuitMessage
DefWindowProcW
SetWindowPos
FindWindowExW
ShowWindow
SetClipboardData
CloseClipboard

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExA
GetNamedSecurityInfoW
LookupAccountSidW
RegQueryValueExA

gdi32

SelectObject
BitBlt
DeleteDC
GetDIBits
CreateCompatibleDC
CreateCompatibleBitmap
DeleteObject

shell32

Shell_NotifyIconW
SHGetMalloc
SHGetFolderLocation
SHGetFileInfoW
SHGetFolderPathW
ord165
CommandLineToArgvW
SHGetSpecialFolderPathW
ShellExecuteExW
SHGetDesktopFolder

ole32

CoInitialize
CoUninitialize
CoCreateInstance

shlwapi

PathFindNextComponentW
PathCommonPrefixW
PathAppendW
PathIsDirectoryW
PathFileExistsW
PathRemoveFileSpecW
StrCatW
StrRetToBufW

winmm

PlaySoundW

msvcr71

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_controlfp
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_ismbblead
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
localtime
time
fwrite
_wfopen
fread
fclose
_tzset
swscanf
_snwprintf
__RTDynamicCast
strncmp
sprintf
strchr
calloc
strncpy
atoi
_wgetcwd
_wmkdir
_vsnwprintf
free
_wcsdup
wcschr
_vsnprintf
wcstombs
mbstowcs
towlower
tolower
towupper
toupper
iswcntrl
iscntrl
iswgraph
isgraph
iswprint
isprint
iswpunct
ispunct
iswspace
isspace
iswalnum
isalnum
iswxdigit
isxdigit
iswdigit
isdigit
iswlower
islower
iswupper
isupper
_CxxThrowException
??0bad_cast@@QAE@PBD@Z
??1bad_cast@@UAE@XZ
??0bad_cast@@QAE@ABV0@@Z
??0exception@@QAE@ABV0@@Z
wcscoll
malloc
strcoll
??2@YAPAXI@Z
??3@YAXPAX@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_purecall
_wcsicmp
swprintf
wcscat
wcscpy
__CxxFrameHandler
_wstat
_wrmdir
_wunlink
_errno
_wrename
fflush
fputs
printf
gmtime
wcstoul
wcstol
wcstod
mktime
_timezone
iswctype
??0exception@@QAE@XZ
??1exception@@UAE@XZ
wcslen
vsprintf
_iob
fprintf
memmove
realloc
_strdup

msvcp71

?to_char_type@?$char_traits@G@std@@SAGABG@Z
?eq_int_type@?$char_traits@G@std@@SA_NABG0@Z
?eof@?$char_traits@G@std@@SAGXZ
?to_int_type@?$char_traits@G@std@@SAGABG@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIPBGI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIPBG@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@V312@0@Z
?end@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
?begin@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE?AViterator@12@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??4?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
?flags@ios_base@std@@QBEHXZ
?to_int_type@?$char_traits@D@std@@SAHABD@Z
?width@ios_base@std@@QBEHXZ
?eof@?$char_traits@D@std@@SAHXZ
?eq_int_type@?$char_traits@D@std@@SA_NABH0@Z
?to_char_type@?$char_traits@D@std@@SADABH@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?rdstate@ios_base@std@@QBEHXZ
?width@ios_base@std@@QAEHH@Z
?good@ios_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?widen@?$basic_ios@GU?$char_traits@G@std@@@std@@QBEGD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?substr@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBE?AV12@II@Z
?sputc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGG@Z
?sbumpc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?npos@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@2IB
?sgetc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?is@?$ctype@G@std@@QBE_NFG@Z
?snextc@?$basic_streambuf@GU?$char_traits@G@std@@@std@@QAEGXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1locale@std@@QAE@XZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?clear@ios_base@std@@QAEXH_N@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Ipfx@?$basic_istream@GU?$char_traits@G@std@@@std@@QAE_N_N@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEXXZ
?flush@?$basic_ostream@GU?$char_traits@G@std@@@std@@QAEAAV12@XZ
?substr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBE?AV12@II@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@G@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV01@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@D@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@ABV01@@Z
?id@?$ctype@G@std@@2V0locale@2@A
?_Getcat@?$ctype@G@std@@SAIPAPBVfacet@locale@2@@Z
??0_Lockit@std@@QAE@H@Z
?id@?$ctype@D@std@@2V0locale@2@A
??1_Lockit@std@@QAE@XZ
?_Id_cnt@id@locale@std@@0HA
?_Getfacet@locale@std@@QBEPBVfacet@12@I@Z
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@@Z
?_Incref@facet@locale@std@@QAEXXZ
?_Register@facet@locale@std@@QAEXXZ
?_Lock@_Mutex@std@@QAEXXZ
?_Unlock@_Mutex@std@@QAEXXZ
?rfind@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?reserve@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXI@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIIG@Z
?replace@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IIABV12@@Z
?swap@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEXAAV12@@Z
?insert@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IABV12@@Z
?find@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIABV12@I@Z
?erase@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@II@Z
?compare@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEHABV12@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?append@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@IG@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBGI@Z
?rfind@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?reserve@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXI@Z
?replace@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IIABV12@@Z
?swap@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEXAAV12@@Z
?insert@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@IABV12@@Z
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?erase@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@II@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHIIPBDI@Z
?compare@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEHABV12@@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?append@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ID@Z
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?assign@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAEAAV12@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??1?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?max_size@?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QBEIXZ
?max_size@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIXZ

kernel32

GetStartupInfoA
GetModuleHandleA
LoadLibraryA
GetProcAddress
ReleaseMutex
WaitForSingleObject
RemoveDirectoryW
LocalFree
CreateMutexW
SetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
FreeLibrary
FindResourceW
LoadResource
GetUserDefaultUILanguage
LoadLibraryW
DeleteFileW
Sleep
GlobalSize
GlobalUnlock
CloseHandle
GetModuleFileNameW
ExpandEnvironmentStringsW
GlobalAlloc
GlobalLock
GlobalFree
FormatMessageW
GetLastError
GetFullPathNameW
FindClose
FindNextFileW
FindFirstFileW
GetFileInformationByHandle
CreateDirectoryW
CreateFileW

Sections

.text
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1216742c5aa8edec1ffccbbb4b6e6c0e

Headers

File Characteristics

Imports

user32

advapi32

gdi32

shell32

ole32

shlwapi

winmm

msvcr71

msvcp71

kernel32

Sections

.text Size: 128KB - Virtual size: 127KB

.rdata Size: 44KB - Virtual size: 40KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 44KB - Virtual size: 42KB

.text
Size: 128KB - Virtual size: 127KB

.rdata
Size: 44KB - Virtual size: 40KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 44KB - Virtual size: 42KB