NEAS[.]1b000d8cc86ac790fb6acedd107cbe80_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.1b000d8cc86ac790fb6acedd107cbe80_JC.exe
Size

1.1MB
MD5

1b000d8cc86ac790fb6acedd107cbe80
SHA1

e583159f5e106c7fa1c1c5178a7988aeabfd5878
SHA256

dfe85791c071fcb4bfc0f25e30774bc0bca7990ff53f0d8fce55259b4e575749
SHA512

e2fe533ab5e3314538bab7753ad5b2030dad8f42b42a3f8cbfbda40f9c44445854bf52b63c45fbb2b47b71e650cb899862e07df09b47e1d899c6e4a5307235bf
SSDEEP

24576:v27RB91Z2pQ9cMh22EX9DeawqFR14te/cAm5P01hPPiRA:O7RBjZIQ9q2EXtIXe258PPiRA

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.1b000d8cc86ac790fb6acedd107cbe80_JC.exe

Files

NEAS.1b000d8cc86ac790fb6acedd107cbe80_JC.exe
.exe windows:6 windows x86

2b89fcb3bd093d9b0a59090fedb4556e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

EventRegister
EventUnregister
TraceMessage
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
EventWrite
RegCloseKey
RegOpenKeyExW
QueryServiceStatusEx
ControlService
SetServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW
DeleteService
ChangeServiceConfig2W
CreateServiceW
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
GetSecurityDescriptorControl
MakeAbsoluteSD
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
InitializeSecurityDescriptor
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
GetLengthSid
IsValidSid
CopySid
AddAce
InitializeAcl
GetAclInformation
SetSecurityDescriptorDacl
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertStringSidToSidW
RegSetKeySecurity
ConvertStringSecurityDescriptorToSecurityDescriptorW
EqualSid
GetNamedSecurityInfoW
RegEnumKeyExW
RegNotifyChangeKeyValue
RegGetValueW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
LsaClose
LsaFreeMemory
LsaLookupNames2
LsaOpenPolicy
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
ConvertSidToStringSidW
ImpersonateLoggedOnUser
RevertToSelf
OpenProcessToken
GetTokenInformation
TraceEvent
LookupAccountSidW
ChangeServiceConfigW
StartServiceW
SetSecurityInfo
GetAce
GetSecurityInfo
SetSecurityDescriptorControl
LookupAccountNameW

kernel32

InterlockedExchange
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
GetModuleFileNameW
LocalFree
IsWow64Process
GetCurrentProcess
lstrcmpW
ResetEvent
SetProcessWorkingSetSize
DeleteTimerQueueEx
DeleteTimerQueueTimer
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
InterlockedExchangeAdd
CompareStringOrdinal
MultiByteToWideChar
WriteFile
CreateFileW
CompareStringA
MulDiv
GetLongPathNameW
CreateEventW
GetFileAttributesW
RemoveDirectoryW
UnregisterWaitEx
DeleteFileW
CopyFileW
RegisterWaitForSingleObject
FindNextFileW
FindFirstFileW
QueueUserWorkItem
FormatMessageW
lstrcmpiW
CreateThread
WaitForMultipleObjects
GetStringTypeExW
GetDynamicTimeZoneInformation
GetComputerNameW
WideCharToMultiByte
lstrlenA
LocalAlloc
HeapFree
GetProcessHeap
GetProductInfo
GetVersionExW
GetTempPathW
DelayLoadFailureHook
GetProcAddress
FreeLibrary
LoadLibraryExA
PowerCreateRequest
InterlockedCompareExchange64
SetLastError
GetTickCount64
PowerClearRequest
PowerSetRequest
WaitForSingleObject
Sleep
GetTickCount
GetLastError
InterlockedCompareExchange
HeapSetInformation
CompareStringW
OpenEventW
SetEvent
InterlockedDecrement
InterlockedIncrement
lstrlenW
ExitProcess
GetCommandLineW
GetStartupInfoW
RegSetValueExA
RegQueryValueExA
RegCreateKeyExA
GetLocalTime
GlobalMemoryStatus
GetDiskFreeSpaceA
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
DeviceIoControl
GetModuleHandleA
LoadLibraryA
OpenMutexW
CreateMutexW
ReleaseMutex
GetFileAttributesExW
CompareFileTime
FreeLibraryAndExitThread
DuplicateHandle
LoadLibraryExW
FreeResource
GetFileSize
GetThreadPriority
SetThreadPriority
FileTimeToSystemTime
FileTimeToDosDateTime
FindClose
GetTempFileNameW
GlobalFree
ExpandEnvironmentStringsW
VirtualFree
OpenFileMappingW
VirtualAlloc
GetCurrentThread
SetFileAttributesW
CreateDirectoryW
GetFileSizeEx
SetFilePointerEx
ReadFile
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
CloseHandle
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
RaiseException
GetFullPathNameW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateFileMappingW
MapViewOfFile
GetSystemTime
SystemTimeToFileTime
UnmapViewOfFile
RegEnumValueW
RegQueryInfoKeyW
RegGetKeySecurity
GetModuleHandleW
LoadLibraryW
OutputDebugStringA
SetUnhandledExceptionFilter
GetVersionExA

msvcrt

_CIsqrt
_ftol2_sse
_CIpow
_cexit
_initterm
strncpy_s
??1type_info@@UAE@XZ
realloc
_onexit
_lock
__dllonexit
_unlock
_except_handler4_common
?terminate@@YAXXZ
_callnewh
??0exception@@QAE@ABV0@@Z
??1exception@@UAE@XZ
?what@exception@@UBEPBDXZ
??0exception@@QAE@XZ
_time64
wcschr
strncmp
_ultoa_s
_strlwr_s
strcpy_s
_wtol
_wcsicmp
floor
ceil
swscanf
wcstol
_wcsnicmp
wcsncmp
_wcslwr_s
_wcstoui64
_errno
wcstoul
iswdigit
towupper
memcpy
qsort_s
_CxxThrowException
_ftol2
calloc
bsearch
memset
malloc
_purecall
free
wcscpy_s
_wputenv
__CxxFrameHandler3
memmove_s
memcpy_s
strchr
_vsnwprintf
_vsnprintf
wcsrchr
wcsstr
memmove
wcstok_s
__set_app_type

user32

wvsprintfA
CharLowerBuffW
CharUpperBuffW
PeekMessageW
DispatchMessageW
CharNextA
TranslateMessage
MsgWaitForMultipleObjects
MsgWaitForMultipleObjectsEx
RegisterPowerSettingNotification
CharUpperW
wvsprintfW
UnregisterPowerSettingNotification
UnregisterClassA

oleaut32

VarBstrCmp
VariantChangeTypeEx
SafeArrayGetElement
SafeArrayLock
SafeArrayPtrOfIndex
SafeArrayUnlock
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantCopy
CreateErrorInfo
SetErrorInfo
SafeArrayCopy
SafeArrayCreate
SafeArrayDestroy
SysAllocStringLen
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VariantClear
VariantInit
SysFreeString

ole32

CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
PropVariantClear
CoMarshalInterface
CreateStreamOnHGlobal
CoReleaseMarshalData
CoUnmarshalInterface
IIDFromString
CoTaskMemAlloc
PropVariantCopy
StringFromGUID2
CoCreateGuid
CoCreateInstance

wsock32

htons
WSAGetLastError
ntohs

iphlpapi

GetAdaptersAddresses
GetIpForwardTable
NotifyAddrChange
GetBestInterfaceEx
GetIpNetEntry2
SendARP
ResolveIpNetEntry2
CancelIPChangeNotify
GetIpAddrTable

shlwapi

PathFileExistsW
StrCmpNW
PathFindFileNameW
StrStrIW
PathAppendW
ord437
HashData

ntdll

NtQuerySystemTime
RtlFreeHeap
RtlAllocateHeap
RtlIpv4StringToAddressExW
RtlInitUnicodeString
RtlInitString
NtAllocateLocallyUniqueId
RtlFreeUnicodeString
RtlNtStatusToDosError

userenv

RegisterGPNotification
UnregisterGPNotification

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW
WTSQuerySessionInformationW

Sections

.text
Size: 943KB - Virtual size: 942KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 91KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

2b89fcb3bd093d9b0a59090fedb4556e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

msvcrt

user32

oleaut32

ole32

wsock32

iphlpapi

shlwapi

ntdll

userenv

wtsapi32

Sections

.text Size: 943KB - Virtual size: 942KB

.data Size: 11KB - Virtual size: 22KB

.rsrc Size: 75KB - Virtual size: 74KB

.reloc Size: 91KB - Virtual size: 92KB

.text
Size: 943KB - Virtual size: 942KB

.data
Size: 11KB - Virtual size: 22KB

.rsrc
Size: 75KB - Virtual size: 74KB

.reloc
Size: 91KB - Virtual size: 92KB