NEAS[.]180a45e52b7a9d3c662a1c2123850700_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.180a45e52b7a9d3c662a1c2123850700_JC.exe
Size

441KB
MD5

180a45e52b7a9d3c662a1c2123850700
SHA1

408643c9a69307cf25086208291563810a180b7f
SHA256

aa1eb0c6a3564ace6581ea9af4b4c0bbf44b5385b80e21c2b1ca4706f4907725
SHA512

be01cc5794c88bb11c5a75772919088a9d981c5f73d86104af1731c6417f0e61ca28201976f47a9e1388028ef8d077a6cc04b68542ff16804d173890da95722a
SSDEEP

12288:RVRQZ+/VZa32Y3nPzPTBYNk3WT+RQGlAJ2Ouu:RV7UrTFGT+zlQ2r

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.180a45e52b7a9d3c662a1c2123850700_JC.exe

Files

NEAS.180a45e52b7a9d3c662a1c2123850700_JC.exe
.exe windows:6 windows x86

1622b8088cd76d7e9265d8050361963c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

sqlite3

sqlite3_bind_int64
sqlite3_finalize
sqlite3_column_count
sqlite3_column_int
sqlite3_reset
sqlite3_column_text16
sqlite3_clear_bindings
sqlite3_bind_int
sqlite3_step
sqlite3_column_int64
sqlite3_exec
sqlite3_open16
sqlite3_close
sqlite3_prepare16
sqlite3_bind_text16

kernel32

lstrcatW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileSize
CreateProcessW
CopyFileW
lstrcpyW
lstrcmpiW
lstrcmpW
SetFilePointer
CreateMutexW
MultiByteToWideChar
LoadLibraryW
GetProcAddress
FreeLibrary
VerSetConditionMask
VerifyVersionInfoW
WritePrivateProfileStringW
GetCommandLineW
GetPrivateProfileIntW
WaitForSingleObject
GetFileAttributesW
ReleaseMutex
UnmapViewOfFile
GetPrivateProfileStringW
CreateFileMappingW
MapViewOfFile
OpenMutexW
SetFilePointerEx
SetFileTime
LocalFileTimeToFileTime
CreateFileA
DosDateTimeToFileTime
GetFileTime
FileTimeToSystemTime
GetLocalTime
SystemTimeToFileTime
HeapSetInformation
LCMapStringW
GetConsoleCP
Sleep
GetConsoleMode
GetFileType
HeapAlloc
HeapFree
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetProcessHeap
GetFileAttributesExW
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
RaiseException
RtlUnwind
LoadLibraryExA
ExpandEnvironmentStringsA
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindFirstFileExW
IsValidCodePage
SetFileAttributesW
GetCurrentThreadId
GetACP
GetOEMCP
GetCPInfo
GetLastError
CreateFileW
FindClose
GetTempPathW
SetEndOfFile
RemoveDirectoryW
WriteFile
lstrlenW
FindNextFileW
FindFirstFileW
ReadFile
CreateDirectoryW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlushFileBuffers
HeapSize
GetCommandLineA
HeapReAlloc
DecodePointer
WriteConsoleW
ReadConsoleW

user32

CreatePopupMenu
GetScrollInfo
GetSubMenu
GetMonitorInfoW
MoveWindow
SetMenu
DestroyMenu
ScrollWindowEx
SetCapture
GetSystemMetrics
CheckMenuItem
DeleteMenu
GetMenuItemCount
MonitorFromWindow
SetWindowPos
InsertMenuItemW
GetClientRect
PostQuitMessage
EnableMenuItem
UpdateWindow
ReleaseCapture
LoadImageW
InvalidateRect
EndPaint
CallWindowProcW
LoadMenuW
DefWindowProcW
SetCursor
GetMessageW
CreateWindowExW
IsDialogMessageW
RegisterClassW
TranslateAcceleratorW
LoadIconW
LoadCursorW
FillRect
GetParent
GetDC
SendNotifyMessageW
BringWindowToTop
IsZoomed
SetForegroundWindow
IsIconic
ReleaseDC
CreateDialogParamW
PostMessageW
GetWindowRect
DestroyWindow
SetWindowTextW
EnableWindow
ShowWindow
GetWindowLongW
GetMenuItemInfoW
GetFocus
MessageBoxW
SendMessageW
CallNextHookEx
WaitForInputIdle
EndDialog
GetAsyncKeyState
DispatchMessageW
RedrawWindow
SetMenuItemInfoW
DestroyAcceleratorTable
PeekMessageW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxA
UnhookWindowsHookEx
CreateAcceleratorTableW
SetFocus
TranslateMessage
SetWindowsHookExW
SetWindowLongW
GetDlgItem
DialogBoxParamW
SetScrollInfo
BeginPaint

gdi32

LineTo
ExtTextOutW
SetTextAlign
MoveToEx
SelectClipRgn
CreatePen
SetBkMode
CreateRectRgnIndirect
EnumFontFamiliesExW
PatBlt
SelectObject
CreateCompatibleBitmap
BitBlt
SetTextColor
GetTextExtentExPointW
CreateFontIndirectW
GetTextMetricsW
GetObjectW
DeleteDC
GetDeviceCaps
CreateCompatibleDC
DeleteObject
GetStockObject
CreateSolidBrush

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteW
SHGetMalloc

ole32

CoInitializeEx
CoUninitialize

comctl32

ord17

gdiplus

GdiplusShutdown
GdiplusStartup

shlwapi

PathFileExistsW
PathIsDirectoryW
PathCombineW

urlmon

URLDownloadToFileW

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

Sections

.text
Size: 252KB - Virtual size: 251KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1622b8088cd76d7e9265d8050361963c

Headers

DLL Characteristics

File Characteristics

Imports

sqlite3

kernel32

user32

gdi32

shell32

ole32

comctl32

gdiplus

shlwapi

urlmon

advapi32

Sections

.text Size: 252KB - Virtual size: 251KB

.rdata Size: 125KB - Virtual size: 124KB

.data Size: 25KB - Virtual size: 28KB

.rsrc Size: 21KB - Virtual size: 21KB

.reloc Size: 17KB - Virtual size: 16KB

.text
Size: 252KB - Virtual size: 251KB

.rdata
Size: 125KB - Virtual size: 124KB

.data
Size: 25KB - Virtual size: 28KB

.rsrc
Size: 21KB - Virtual size: 21KB

.reloc
Size: 17KB - Virtual size: 16KB