NEAS[.]5dad26a39119f5ffbd560f771ba765f0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.5dad26a39119f5ffbd560f771ba765f0_JC.exe
Size

533KB
MD5

5dad26a39119f5ffbd560f771ba765f0
SHA1

79c945be907da004ac38ff5cddfc007546dc5c7d
SHA256

9a6d366ee39f0650ba6f6b198d45abeebbac719529752785c3988f26348c7a3e
SHA512

648b725a5ffa749ef91a773508c6698cae59d6d377c032ed3b7168fae7501b4b3d284a9d39266acb7ebd48483fa2fd63aa20f260b3857db8fe6a68cedd980503
SSDEEP

12288:wYOxujL527XH1KRIqJaDuaxSuTJAdJO4mk3:K4jL5+HwFBa3JAfR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.5dad26a39119f5ffbd560f771ba765f0_JC.exe

Files

NEAS.5dad26a39119f5ffbd560f771ba765f0_JC.exe
.dll windows:5 windows x86

f471c22b9549a8bbe451be6474480fb0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

OpenSCManagerW
OpenServiceW
CloseServiceHandle
OpenProcessToken
LookupAccountSidW
GetTokenInformation
GetServiceDisplayNameW
QueryServiceStatus

kernel32

CreateFileW
SetFilePointer
ReadFile
MultiByteToWideChar
SetLastError
GetSystemDirectoryW
FreeLibrary
LoadLibraryW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
RaiseException
DeleteCriticalSection
WaitForSingleObject
GetCurrentProcess
FlushInstructionCache
FindResourceW
LoadResource
LockResource
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
OpenProcess
GetTempFileNameW
DeleteFileW
Sleep
CreateThread
GetCurrentProcessId
MoveFileW
GetTempPathW
WriteFile
FlushFileBuffers
GetFileSize
CopyFileW
GetDiskFreeSpaceExW
GetTickCount
InitializeCriticalSection
GetStringTypeExW
GetExitCodeThread
InterlockedExchange
SetThreadLocale
SizeofResource
FindResourceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
FormatMessageW
GetLastError
CloseHandle
GetThreadLocale
GetModuleFileNameW
GetConsoleMode
GetConsoleCP
IsProcessorFeaturePresent
RtlUnwind
GetStringTypeW
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
GetStdHandle
SetHandleCount
ExitProcess
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
HeapAlloc
HeapFree
GetSystemTimeAsFileTime
GetCommandLineA
SetStdHandle
WriteConsoleW
GetProcessHeap
InterlockedCompareExchange
InterlockedPushEntrySList
VirtualFree
VirtualAlloc
InterlockedPopEntrySList
GetCommandLineW
ExpandEnvironmentStringsW
OutputDebugStringW
GetModuleHandleW
GetProcAddress
GetVersionExW
LocalFree

gdi32

GetObjectW
DeleteObject
CreateFontIndirectW

user32

EnumChildWindows
GetPropW
GetKeyState
EndDialog
SetPropW
RemovePropW
CallWindowProcW
GetMenuItemInfoW
SetForegroundWindow
GetForegroundWindow
SetMenuItemBitmaps
InsertMenuW
EnableMenuItem
LoadImageW
SetCursor
EnumWindows
DialogBoxParamW
DestroyIcon
MsgWaitForMultipleObjects
MapDialogRect
SetWindowsHookExW
CallNextHookEx
RegisterClassExW
LoadCursorW
GetClassInfoExW
DefWindowProcW
GetDesktopWindow
GetMonitorInfoW
MonitorFromWindow
GetWindowThreadProcessId
MessageBoxW
GetDlgItem
GetParent
GetWindow
SetDlgItemTextW
SendDlgItemMessageW
IsDlgButtonChecked
CheckDlgButton
EnableWindow
IsWindowEnabled
KillTimer
SetTimer
IsWindowVisible
ShowWindow
MapWindowPoints
SetWindowPlacement
GetWindowPlacement
GetClientRect
GetWindowRect
SetWindowPos
GetSystemMenu
DrawMenuBar
GetWindowTextLengthW
GetWindowTextW
SetWindowTextW
PostMessageW
SendMessageW
CreateWindowExW
GetWindowLongW
DestroyWindow
SetWindowLongW
IsWindow
DispatchMessageW
TranslateMessage
PeekMessageW
UnhookWindowsHookEx
UnregisterClassA

comctl32

CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
InitCommonControlsEx

comdlg32

GetSaveFileNameW
GetOpenFileNameW

oleaut32

SysAllocStringLen
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantClear
VariantInit

ole32

CoCreateInstance
CoUninitialize
CoInitialize
CoInitializeEx
CoInitializeSecurity

shell32

ShellExecuteW

shlwapi

PathIsRootW
PathGetDriveNumberW
PathStripPathW
PathRemoveFileSpecW
PathQuoteSpacesW
PathStripToRootW
PathCombineW
PathAppendW
AssocQueryStringW
PathIsRelativeW
PathFileExistsW

userenv

ExpandEnvironmentStringsForUserW

psapi

GetModuleBaseNameW
EnumProcessModules

Exports

Exports

CreateClassFactory
_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 277KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f471c22b9549a8bbe451be6474480fb0

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

comctl32

comdlg32

oleaut32

ole32

shell32

shlwapi

userenv

psapi

Exports

Exports

Sections

.text Size: 234KB - Virtual size: 234KB

.data Size: 13KB - Virtual size: 20KB

.idata Size: 6KB - Virtual size: 5KB

.rsrc Size: 1024B - Virtual size: 976B

.reloc Size: 277KB - Virtual size: 280KB

.text
Size: 234KB - Virtual size: 234KB

.data
Size: 13KB - Virtual size: 20KB

.idata
Size: 6KB - Virtual size: 5KB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 277KB - Virtual size: 280KB