NEAS[.]54f8cf08535013895b96dbbcceaf90b0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.54f8cf08535013895b96dbbcceaf90b0_JC.exe
Size

683KB
MD5

54f8cf08535013895b96dbbcceaf90b0
SHA1

af2783d90b5daa28c43a08b1841368ef5e69beb1
SHA256

b51ceb06af5009a65d0c2f59a6eee68ea17d2420f717223df374bb2ba1e9e55e
SHA512

6a8647485227125f9982e12016c9fc46392f1c662cc62cc59c8ec71668544ef33b38747fa86833e3a890c1a67b6ff374b5a25a5bb09b95ac48a7622f60225868
SSDEEP

12288:T8zu5TEk3jfgNXk61WAIS+86edF1+nldZWM6EbTl+ggEFycwQTsak4Mt9vho16wj:4zu5TnoNXD1WAISjPdF1+nLZWMHVcC3b

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.54f8cf08535013895b96dbbcceaf90b0_JC.exe

Files

NEAS.54f8cf08535013895b96dbbcceaf90b0_JC.exe
.dll regsvr32 windows:4 windows x86

bbe36144a9cb0f3fe0f481a3340286ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcr80

_initterm_e
_initterm
_decode_pointer
_encoded_null
_malloc_crt
_wcstoui64
_HUGE
wcstod
malloc
_resetstkoflw
wcsspn
wcscspn
wcstok_s
_wcslwr_s
vsprintf_s
fclose
fwprintf_s
fopen_s
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_except_handler4_common
?terminate@@YAXXZ
_unlock
?_type_info_dtor_internal_method@type_info@@QAEXXZ
__dllonexit
_lock
_onexit
_crt_debugger_hook
__clean_type_info_names_internal
_encode_pointer
_wcstoi64
_errno
_fpclass
_set_errno
_get_errno
_gcvt_s
_ui64toa_s
_i64toa_s
_itoa_s
_itow_s
iswspace
wcsncmp
_vsnwprintf
strncmp
free
_ultoa_s
_strlwr_s
_wtol
swprintf_s
_wtoi
_wcsicmp
??0exception@std@@QAE@ABV01@@Z
calloc
memcpy
_scwprintf
??0exception@std@@QAE@XZ
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABQBD@Z
vswprintf_s
_vscwprintf
memmove_s
_invalid_parameter_noinfo
wcsnlen
wcsstr
wcsrchr
wcschr
wcscat_s
wcscpy_s
memset
_recalloc
??2@YAPAXI@Z
??_U@YAPAXI@Z
__CxxFrameHandler3
??_V@YAXPAX@Z
_msize
realloc
wcsncpy_s
_CxxThrowException
memcpy_s
??3@YAXPAX@Z

kernel32

HeapSize
HeapReAlloc
HeapDestroy
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
GetVersionExA
GetLocaleInfoA
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
HeapAlloc
HeapFree
GetTempPathA
GetTempFileNameA
CreateProcessA
GetProcessHeap
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
lstrlenW
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetLastError
lstrcmpiW
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetModuleHandleW
SetThreadLocale
GetThreadLocale
CreateEventW
LockResource
FindResourceExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrlenA
LoadLibraryW
GetModuleHandleA
GetProcAddress
GetFileAttributesW
GetVersion
SetLastError
OutputDebugStringA
FlushInstructionCache
GetCurrentProcess
lstrcmpW
MulDiv
GetCurrentThreadId
WideCharToMultiByte
SetEvent
GlobalHandle
ExitThread
WaitForSingleObject
CloseHandle
CreateThread
ResetEvent
LocalFree
FormatMessageW
DeleteFileW
VirtualProtect

user32

PtInRect
GetKeyState
DrawTextW
DialogBoxIndirectParamW
GetDialogBaseUnits
CheckRadioButton
CheckDlgButton
MsgWaitForMultipleObjects
IsWindowUnicode
GetMessageW
GetMessageA
TranslateMessage
UnionRect
DispatchMessageA
PeekMessageW
EnableMenuItem
EndDialog
MessageBoxW
CreateDialogIndirectParamW
GetWindowRect
MapWindowPoints
SetDlgItemTextW
CharNextW
LoadCursorW
SetWindowRgn
DestroyWindow
DispatchMessageW
GetNextDlgTabItem
SetWindowLongW
GetWindowLongW
SetWindowPos
SendDlgItemMessageW
GetWindow
SetWindowContextHelpId
SendMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
DefWindowProcW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
RegisterWindowMessageW
GetSysColor
MoveWindow
GetClientRect
ClientToScreen
ScreenToClient
GetDC
ReleaseDC
OffsetRect
EqualRect
IntersectRect
IsDialogMessageW
CopyAcceleratorTableW
GetActiveWindow
EnumChildWindows
NotifyWinEvent
DrawEdge
CopyRect
InflateRect
DrawIconEx
GetCapture
DestroyIcon
LoadImageW
GetSysColorBrush
UnregisterClassA
SetWindowsHookExW
EnumWindows
CallNextHookEx
UnhookWindowsHookEx
IsWindowVisible
MapDialogRect
EnableWindow
KillTimer
SetTimer
ShowWindow
BringWindowToTop
GetSystemMenu
SetCursor
CreateAcceleratorTableW
IsWindow
GetFocus
SetFocus
DestroyAcceleratorTable
InvalidateRect
InvalidateRgn
RedrawWindow
SetCapture
IsChild
GetParent
GetDlgItem
GetClassNameW
ReleaseCapture
FillRect
CallWindowProcW
EndPaint
GetDesktopWindow
BeginPaint
SystemParametersInfoW

gdi32

SetBkMode
SetTextColor
Rectangle
SetBkColor
CreateDCW
RestoreDC
SetViewportOrgEx
SetWindowOrgEx
SetMapMode
SaveDC
LPtoDP
CreateRectRgnIndirect
SetBrushOrgEx
CloseMetaFile
SetWindowExtEx
CreateMetaFileW
CreateFontW
LineTo
MoveToEx
SetDCPenColor
RectInRegion
SelectClipRgn
CreateRectRgn
GetClipRgn
CreatePatternBrush
CreateFontIndirectW
GetTextMetricsW
GetTextExtentPointW
GetStockObject
GetObjectW
CreateSolidBrush
GetDeviceCaps
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteObject
DeleteMetaFile
DeleteDC

ole32

CoMarshalInterThreadInterfaceInStream
CoInitializeEx
WriteClassStm
CoUninitialize
CLSIDFromString
CoGetClassObject
OleSaveToStream
CoCreateGuid
CoCreateInstance
OleRegEnumVerbs
CreateOleAdviseHolder
OleRegGetUserType
OleLockRunning
OleUninitialize
OleInitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
CreateStreamOnHGlobal
OleRegGetMiscStatus
CreateDataAdviseHolder
ReadClassStm
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoGetInterfaceAndReleaseStream

oleaut32

SysAllocStringLen
GetErrorInfo
OleTranslateColor
OleCreatePropertyFrame
OleCreateFontIndirect
OleCreatePictureIndirect
SysStringByteLen
SysAllocStringByteLen
VariantChangeType
VarBstrCmp
RegisterTypeLi
UnRegisterTypeLi
SysAllocString
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
DispCallFunc
SysStringLen
VariantClear
VariantInit
SysFreeString

advapi32

RegQueryInfoKeyW
RegDeleteValueW
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegEnumKeyExW
RegDeleteKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey

wininet

InternetReadFile
InternetCloseHandle
InternetConnectW
InternetSetOptionW
InternetOpenW
HttpSendRequestW
InternetQueryOptionW
HttpOpenRequestW
HttpQueryInfoW

mso

ord993
ord1254
ord6360
ord7927
ord753
ord6835
ord6825
ord1311
ord1595
ord6281
ord638
ord1378
ord1453

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?c_str@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEPBDXZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
?max@?$numeric_limits@H@std@@SAHXZ
?min@?$numeric_limits@H@std@@SAHXZ
?max@?$numeric_limits@F@std@@SAFXZ
?min@?$numeric_limits@F@std@@SAFXZ
?max@?$numeric_limits@D@std@@SADXZ
?min@?$numeric_limits@D@std@@SADXZ
?max@?$numeric_limits@I@std@@SAIXZ
?min@?$numeric_limits@I@std@@SAIXZ
?max@?$numeric_limits@G@std@@SAGXZ
?min@?$numeric_limits@G@std@@SAGXZ
?max@?$numeric_limits@E@std@@SAEXZ
?min@?$numeric_limits@E@std@@SAEXZ

uxtheme

EnableThemeDialogTexture
IsAppThemed
DrawThemeText
GetThemeBackgroundContentRect
DrawThemeBackground
DrawThemeParentBackground

mapi32

ord135
ord75
ord17
ord140

shell32

SHGetFolderPathW

credui

CredUIConfirmCredentialsW
CredUIPromptForCredentialsW

crypt32

CryptProtectData
CryptUnprotectData

oleacc

LresultFromObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

bbe36144a9cb0f3fe0f481a3340286ce

Headers

DLL Characteristics

File Characteristics

Imports

msvcr80

kernel32

user32

gdi32

ole32

oleaut32

advapi32

wininet

mso

msvcp80

uxtheme

mapi32

shell32

credui

crypt32

oleacc

Exports

Exports

Sections

.text Size: 296KB - Virtual size: 295KB

.data Size: 19KB - Virtual size: 20KB

.rsrc Size: 79KB - Virtual size: 79KB

.reloc Size: 287KB - Virtual size: 288KB

.text
Size: 296KB - Virtual size: 295KB

.data
Size: 19KB - Virtual size: 20KB

.rsrc
Size: 79KB - Virtual size: 79KB

.reloc
Size: 287KB - Virtual size: 288KB