NEAS[.]27bb60ec544ecc411de76960ebf0ffc0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.27bb60ec544ecc411de76960ebf0ffc0_JC.exe
Size

60KB
MD5

27bb60ec544ecc411de76960ebf0ffc0
SHA1

8e7c49d086eee17a5e92647c2b3b922d79ae21c8
SHA256

6556594ca63f81bd95c78bb61db4244f0453928adb3897a804df0df2c2d84dd4
SHA512

b385ebc3060f189d96a31461f32f7282c444ce10f01b5a94180715cb6bfaa795028e9896701610d227942514463a5b2eab7759777def04f6b1fee3efe560f921
SSDEEP

768:UIzHXafDQqBozDMRtEjYi7PI9owExHeg5rkriGenlR:DHXa1gitiYIgJaeg5fGelR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.27bb60ec544ecc411de76960ebf0ffc0_JC.exe

Files

NEAS.27bb60ec544ecc411de76960ebf0ffc0_JC.exe
.exe windows:4 windows x86

fb1e49569cbf768f5bfb6ef1ed8bc857

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc70

ord2356
ord2546
ord2648
ord4088
ord2529
ord2675
ord2359
ord2463
ord2352
ord2756
ord3522
ord3523
ord3513
ord2461
ord3751
ord4267
ord4043
ord300
ord2201
ord705
ord546
ord4975
ord3445
ord982
ord571
ord5565
ord2896
ord1871
ord2864
ord331
ord2479
ord561
ord5815
ord2471
ord4101
ord2012
ord2474
ord3566
ord1081
ord1077
ord1406
ord5669
ord1273
ord4986
ord2799
ord4042
ord3003
ord518
ord1646
ord3890
ord3565
ord695
ord1506
ord1450
ord2795
ord3135
ord3687
ord2697
ord4516
ord4322
ord3487
ord4972
ord3814
ord5992
ord3609
ord5990
ord4107
ord1913
ord1868
ord5339
ord3614
ord899
ord4883
ord5933
ord5152
ord3640
ord1770
ord2741
ord4996
ord4998
ord2096
ord3750
ord4349
ord5002
ord4985
ord5322
ord2651
ord4262
ord3140
ord512
ord698
ord689
ord532
ord947
ord3638
ord2990
ord5838
ord4134
ord977
ord3907
ord1755
ord1781
ord1344
ord3884
ord1939
ord1399
ord4015
ord2979
ord956
ord1948
ord1502
ord1446
ord4024
ord2791
ord3131
ord3685
ord957
ord4530
ord650
ord447
ord3206
ord703
ord257
ord256
ord1451
ord1507
ord1508
ord1814
ord4954
ord1234
ord4748
ord3152
ord5991
ord3610
ord5993
ord1377
ord2020
ord2026
ord2234
ord2216
ord2214
ord2232
ord2244
ord2221
ord2237
ord2242
ord2225
ord2227
ord2229
ord2223
ord2239
ord2219
ord823
ord819
ord821
ord817
ord812
ord5005
ord5007
ord5714
ord1452
ord4063
ord4503
ord3208
ord3966
ord5989
ord4854
ord1760
ord4933
ord4025
ord1272
ord3748
ord1469
ord1472
ord5666
ord1403
ord1522
ord1523
ord1870
ord4361
ord4671
ord3993
ord4958
ord3832
ord3246
ord1097

msvcr70

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_amsg_exit
_acmdln
exit
_cexit
_XcptFilter
_setmbcp
malloc
__CxxFrameHandler
free
_mbscmp
_vscprintf
vsprintf
memmove
_mbsstr
sprintf
__security_error_handler
__dllonexit
_onexit
_c_exit
_exit
_controlfp

kernel32

GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
InterlockedExchange
WritePrivateProfileStringA
GetPrivateProfileStringA
GetTempPathA
WriteFile
lstrcatA
CreateFileA
GetFileSize
CloseHandle
ReadFile
SizeofResource
ExitProcess
GetModuleHandleA
GetStartupInfoA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
Sleep
GlobalAlloc
GlobalFree
WaitForSingleObject
TerminateThread
CreateThread

user32

SetClassLongA
RegisterDeviceNotificationA
GetSystemMetrics
LoadIconA
SetForegroundWindow
IsIconic
DrawIcon
UnregisterDeviceNotification
FindWindowExA
IsWindow
MessageBoxA
GetDlgItem
SetWindowLongA
GetDC
DrawTextA
ReleaseDC
MoveWindow
GetDlgCtrlID
KillTimer
SetTimer
GetWindowRect
SetWindowRgn
GetClientRect
FindWindowA
GetWindowLongA
SendMessageA
EnableWindow
GetParent
PostMessageA
SetWindowTextA

gdi32

CreateSolidBrush
SetBkMode
GetStockObject
CreateRectRgn
CombineRgn
Rectangle
DeleteObject
SelectObject

shell32

Shell_NotifyIconA
ShellExecuteA

comctl32

ord17

newkeyfun

CSP_LoadCertToIE
CSP_GetSlotList
CSP_GetUsbKeyLabel
CSP_UnloadIECert
ord1
CSP_AddCertToIE
CSP_ReadCertByName
CSP_ContainerCount
CSP_ContainerInfo
CSP_ChangePassword
CSP_ImportPfxCert
CSP_GetSlotStatus

crypt32

CertFreeCertificateContext
CertGetNameStringA
CertCreateCertificateContext

Sections

.text
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 401KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.share
Size: 4KB - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

fb1e49569cbf768f5bfb6ef1ed8bc857

Headers

File Characteristics

Imports

mfc70

msvcr70

kernel32

user32

gdi32

shell32

comctl32

newkeyfun

crypt32

Sections

.text Size: 20KB - Virtual size: 18KB

.rdata Size: 16KB - Virtual size: 12KB

.data Size: 4KB - Virtual size: 401KB

.share Size: 4KB - Virtual size: 4B

.rsrc Size: 12KB - Virtual size: 8KB

.text
Size: 20KB - Virtual size: 18KB

.rdata
Size: 16KB - Virtual size: 12KB

.data
Size: 4KB - Virtual size: 401KB

.share
Size: 4KB - Virtual size: 4B

.rsrc
Size: 12KB - Virtual size: 8KB