NEAS[.]c6bb8a925d05326450cb1cdacdbb8efb_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.c6bb8a925d05326450cb1cdacdbb8efb_JC.exe
Size

33KB
MD5

c6bb8a925d05326450cb1cdacdbb8efb
SHA1

30a420af9c185931791720c927841c1380a316e6
SHA256

d134f7dc7e6310c0abf5ae5e6b589b229d7076216b815d5570125706b4888aa8
SHA512

eb87174dab05a0af7e46c53ecf284215635acff8d449c239936f8d24bc5dd5cd3090c911cd95346c5d3eb0b5a1b9f2967c8ed1147d766c2dee9c02b4192db4f1
SSDEEP

384:p8ld4fp1pUDJVexjgmaJMgUHdpisBUrtd3FDhdrtjWPZP5Uj:p8l+fpK74tcMPrB+td3bs5Uj

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.c6bb8a925d05326450cb1cdacdbb8efb_JC.exe

Files

NEAS.c6bb8a925d05326450cb1cdacdbb8efb_JC.exe
.exe windows:4 windows x86

2b052a0a20da475d2d00e49386106aee

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSVirtualChannelPurgeInput
WTSEnumerateServersA
WTSSendMessageA
WTSSetUserConfigA
WTSEnumerateSessionsA
WTSSetSessionInformationA
WTSQuerySessionInformationA
WTSVirtualChannelOpen
WTSLogoffSession
WTSVirtualChannelRead
WTSVirtualChannelWrite
WTSEnumerateProcessesA
WTSWaitSystemEvent
WTSQueryUserToken

crypt32

CertAddStoreToCollection
CertFindAttribute
CertDuplicateCRLContext
CertCreateCRLContext
CertCreateContext
CertDuplicateStore
CertSaveStore
CertFreeCRLContext
CertAlgIdToOID
CertGetNameStringA
CertFindCRLInStore
CryptEnumOIDInfo
CertControlStore

kernel32

SetErrorMode
CompareStringW
GetModuleHandleW
TlsGetValue
lstrcmpA
GetProcAddress
GetDiskFreeSpaceA
QueryDosDeviceA
FindFirstVolumeW
SetEnvironmentVariableW
GetPrivateProfileSectionA
DeleteFileA
FoldStringW
CreateEventW
InterlockedDecrement
GetVolumePathNameA
FindNextVolumeW
GetDriveTypeA
GetEnvironmentVariableW
DeviceIoControl
GetShortPathNameA
GetLocalTime
GetLocaleInfoA
GetPrivateProfileSectionA
WriteConsoleA
WaitForSingleObject
FileTimeToSystemTime
SetEnvironmentVariableA
lstrcpynW
ReplaceFileA
GetPrivateProfileSectionA
CopyFileW
SearchPathA
CreateSemaphoreW
GetCurrentProcess
GetPrivateProfileSectionA
IsValidCodePage
GetPrivateProfileSectionA
FindFirstFileA
CreateHardLinkA
GetCurrentDirectoryW
HeapAlloc

user32

SetFocus
EnumDesktopsA
wsprintfA
SetCursorPos
LoadImageA
GetMessageW
DialogBoxParamW
DrawTextA
DispatchMessageA
PostMessageW
CharToOemA
LoadCursorA

clbcatq

ComPlusMigrate
DowngradeAPL
CoRegCleanup
SetSetupOpen

dbnmpntw

ConnectionVer
ConnectionError
ConnectionRead

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

2b052a0a20da475d2d00e49386106aee

Headers

File Characteristics

Imports

wtsapi32

crypt32

kernel32

user32

clbcatq

dbnmpntw

Sections

.text Size: 11KB - Virtual size: 10KB

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 7KB - Virtual size: 6KB

.rsrc Size: 10KB - Virtual size: 10KB

.text
Size: 11KB - Virtual size: 10KB

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 7KB - Virtual size: 6KB

.rsrc
Size: 10KB - Virtual size: 10KB