NEAS[.]3b495c04681d666a5e12a7f5a82d0287_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.3b495c04681d666a5e12a7f5a82d0287_JC.exe
Size

212KB
MD5

3b495c04681d666a5e12a7f5a82d0287
SHA1

a14b284e44c60a5dd9e310d41c1d0d35e94b3389
SHA256

601dd6264dca017c43b8acf71ca982a404317a8a5e1ff4981807a73230154113
SHA512

4e51c6678c2f4242919fab3eb67d1392fb4776792b86d564b650024438b3cad2cae2d3f93d25e5339bf9f6b3969eb44f597cf22b79f58e40fde6e7055e9dd833
SSDEEP

3072:lXi+1IfIwFs7ZbxrAerbWu7s3BLbOyYkW8/1HSG9VRfqXlzcM8tKog8vCa30+Z:lXMwwW7Z1rAeXT8bOcdHd9yrpoBv8+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.3b495c04681d666a5e12a7f5a82d0287_JC.exe

Files

NEAS.3b495c04681d666a5e12a7f5a82d0287_JC.exe
.exe windows:4 windows x86

398b036aefb0145ed1ec7104382f5198

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVolumeInformationA
CreateNamedPipeA
GetModuleHandleA
QueryPerformanceCounter
CreateThread
EnumTimeFormatsA
SetCurrentDirectoryW
FindAtomW
GetFullPathNameA
CreateEventA
ExpandEnvironmentStringsA
EnumDateFormatsA
GetProcAddress
SetEvent
FindResourceW
GetStringTypeW
IsBadWritePtr
GlobalDeleteAtom
MultiByteToWideChar
ConnectNamedPipe
GetMailslotInfo
GetPriorityClass
FindAtomA
GetShortPathNameW
WinExec
lstrcmpA
IsBadStringPtrW
lstrcatA
GetVersionExA
GetLogicalDrives
GetExitCodeThread
WaitForMultipleObjects
lstrcmpW
lstrcmpiA
CreateMailslotA
GetFileTime
GetExitCodeProcess

user32

wvsprintfW
SetForegroundWindow
CascadeWindows
EnumWindows
SetDlgItemTextA
SetWindowLongA
SendMessageW
EnumDesktopsW
CharLowerW
UpdateLayeredWindow
wsprintfW
DialogBoxIndirectParamW
OpenClipboard
SetWindowPos
GetClassNameA
GetClassInfoExW
CheckMenuRadioItem
DestroyMenu
LoadImageA
GetMenuInfo
CheckRadioButton
GetMenuItemRect
LoadMenuA
EnumChildWindows
GetMenuItemInfoW
AppendMenuA
CreateAcceleratorTableA
LoadImageW
GetDCEx
DestroyCursor
IsIconic
UpdateWindow
GetTopWindow

gdi32

SelectClipRgn
CreateRoundRectRgn
SetMapMode
StretchDIBits
SetWindowExtEx
GetNearestPaletteIndex
SetTextJustification
GetPixel
GetEnhMetaFilePaletteEntries
SetArcDirection
OffsetWindowOrgEx
GetLogColorSpaceW
RestoreDC
InvertRgn
PlayEnhMetaFile

advapi32

RegCreateKeyExA
RegCreateKeyExA
RegDeleteValueA
RegDeleteValueW

shlwapi

UrlCanonicalizeW
StrPBrkA
SHRegDeleteEmptyUSKeyA
ColorHLSToRGB
UrlIsW
StrSpnA
SHRegWriteUSValueW

setupapi

SetupDiSetClassInstallParamsA
CMP_GetServerSideDeviceInstallFlags
CM_Set_HW_Prof_FlagsW
SetupDiInstallDriverFiles
SetupDiCreateDeviceInterfaceW

oledlg

OleUIChangeIconA
OleUIObjectPropertiesA
OleUIBusyW
OleUIPasteSpecialA
OleUIPromptUserW
OleUIPromptUserA
OleUIPasteSpecialW
OleUIChangeSourceA
OleUIUpdateLinksA

crypt32

CryptCreateKeyIdentifierFromCSP
CertFindCertificateInStore
CryptMemFree
CertCompareCertificateName
CertGetValidUsages
CertFreeCRLContext
CryptDecryptAndVerifyMessageSignature
CryptFindOIDInfo
CertEnumCRLsInStore
CertVerifyCertificateChainPolicy
CryptMsgCountersignEncoded
CryptEncodeObject
I_CertSrvProtectFunction
I_CryptFlushLruCache
CertDuplicateCertificateContext

Sections

.PHTPjq
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.M
Size: 512B - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.XeM
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pL
Size: 2KB - Virtual size: 486KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Ire
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.DtwwV
Size: 2KB - Virtual size: 242KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.K
Size: 4KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rZUbM
Size: 3KB - Virtual size: 276KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 105KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.NT
Size: 1024B - Virtual size: 403KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

398b036aefb0145ed1ec7104382f5198

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shlwapi

setupapi

oledlg

crypt32

Sections

.PHTPjq Size: 3KB - Virtual size: 3KB

.M Size: 512B - Virtual size: 237KB

.XeM Size: 8KB - Virtual size: 8KB

.pL Size: 2KB - Virtual size: 486KB

.Ire Size: 4KB - Virtual size: 5KB

.DtwwV Size: 2KB - Virtual size: 242KB

.K Size: 4KB - Virtual size: 116KB

.rZUbM Size: 3KB - Virtual size: 276KB

.data Size: 105KB - Virtual size: 169KB

.NT Size: 1024B - Virtual size: 403KB

.rsrc Size: 74KB - Virtual size: 74KB

.reloc Size: 1024B - Virtual size: 616B

.PHTPjq
Size: 3KB - Virtual size: 3KB

.M
Size: 512B - Virtual size: 237KB

.XeM
Size: 8KB - Virtual size: 8KB

.pL
Size: 2KB - Virtual size: 486KB

.Ire
Size: 4KB - Virtual size: 5KB

.DtwwV
Size: 2KB - Virtual size: 242KB

.K
Size: 4KB - Virtual size: 116KB

.rZUbM
Size: 3KB - Virtual size: 276KB

.data
Size: 105KB - Virtual size: 169KB

.NT
Size: 1024B - Virtual size: 403KB

.rsrc
Size: 74KB - Virtual size: 74KB

.reloc
Size: 1024B - Virtual size: 616B