NEAS[.]976f5c7efff6d2cfc796c94047508430_JC[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

NEAS.976f5c7efff6d2cfc796c94047508430_JC.exe
Size

2.7MB
MD5

976f5c7efff6d2cfc796c94047508430
SHA1

74668730b10b05fbe7a375c2c4272a14566fe083
SHA256

48d39ad9f6807dc903bc36dccf3861bb2451c0791350858a27cfa8290c7fe7b6
SHA512

b87bc58dab3cbdf4e07ec3becf5469394bc65414e5062517af08f40389117c0f6d3831be5f67921aa1802e32a783a97b10934fc148a9e53c708cf7fbf7e4e11c
SSDEEP

49152:2W3DaPwiXvOioBpIULKh7CnzePgmg55CybRv3/nEwq9l/ef+UY:1Da4iXvOJfAezsgmaRvPEtu+U

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.976f5c7efff6d2cfc796c94047508430_JC.exe

Files

NEAS.976f5c7efff6d2cfc796c94047508430_JC.exe
.dll windows:5 windows x86

19476771b6d95ce154aa7da2fadd0ddd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

user32

UnhookWindowsHookEx
CountClipboardFormats
ScreenToClient
GetMessageTime
ChildWindowFromPoint
CreatePopupMenu
SetKeyboardState
CallNextHookEx
SetCaretPos

advapi32

CryptDestroyKey

ws2_32

select

version

VerQueryValueA

mprapi

MprAdminInterfaceDisconnect

lz32

LZClose

gdi32

SetMapMode
SelectClipPath
CreateCompatibleBitmap
StretchBlt
StartPage

netapi32

NetUserSetGroups

kernel32

GetBinaryTypeW
LoadLibraryA
GetSystemTimeAsFileTime
CreateTimerQueue
GetCommMask
GetSystemDefaultUILanguage
GetModuleFileNameW
GetProcAddress
GetExitCodeProcess

msvfw32

ICCompress

shlwapi

StrRChrIA
IsCharSpaceA
StrCmpNA

Exports

Exports

TaretxopnnevnNtitx

Sections

.text
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

2*s+PkG
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qdata
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

G
Size: 344KB - Virtual size: 341KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.crt1
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

erHzy
Size: 548KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

H
Size: 88KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

19476771b6d95ce154aa7da2fadd0ddd

Headers

File Characteristics

Imports

user32

advapi32

ws2_32

version

mprapi

lz32

gdi32

netapi32

kernel32

msvfw32

shlwapi

Exports

Exports

Sections

.text Size: 12KB - Virtual size: 10KB

.rdata Size: 4KB - Virtual size: 2KB

.data Size: 236KB - Virtual size: 235KB

2*s+PkG Size: 12KB - Virtual size: 11KB

.qdata Size: 1.3MB - Virtual size: 1.3MB

G Size: 344KB - Virtual size: 341KB

.crt1 Size: 204KB - Virtual size: 203KB

erHzy Size: 548KB - Virtual size: 545KB

H Size: 88KB - Virtual size: 85KB

.rsrc Size: 4KB - Virtual size: 872B

.reloc Size: 28KB - Virtual size: 25KB

.text
Size: 12KB - Virtual size: 10KB

.rdata
Size: 4KB - Virtual size: 2KB

.data
Size: 236KB - Virtual size: 235KB

2*s+PkG
Size: 12KB - Virtual size: 11KB

.qdata
Size: 1.3MB - Virtual size: 1.3MB

G
Size: 344KB - Virtual size: 341KB

.crt1
Size: 204KB - Virtual size: 203KB

erHzy
Size: 548KB - Virtual size: 545KB

H
Size: 88KB - Virtual size: 85KB

.rsrc
Size: 4KB - Virtual size: 872B

.reloc
Size: 28KB - Virtual size: 25KB