NEAS[.]177518d78fe333924e9299e8f107ce30_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.177518d78fe333924e9299e8f107ce30_JC.exe
Size

184KB
MD5

177518d78fe333924e9299e8f107ce30
SHA1

51301801bc27d7b05bee82bbdcae1cc1c0de025e
SHA256

723be205f0116f16a0952ffe1f9ccdbc88d855082f97c1bff644a486a555ff6c
SHA512

8d0da4c81439cde2851efd5e43bbd3fd34f6c8bb00a1554f3067c00e023956ac9c29e8ecb57564c956e0a9f6b8ce59826b729e77ce9d23434513f1959bcf43a7
SSDEEP

3072:thrtQIuuho6zm6e2S8BMs+ASgi+hkWuInA:thYuho6zm78ij+hkd

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.177518d78fe333924e9299e8f107ce30_JC.exe

Files

NEAS.177518d78fe333924e9299e8f107ce30_JC.exe
.exe windows:4 windows x86

02fc9684fcfe6f7c79520dfff8b57f6b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

SetConsoleCursorPosition
SetConsoleWindowInfo
FillConsoleOutputCharacterA
GetConsoleScreenBufferInfo
GetStdHandle
GetLocalTime
Sleep
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
MoveFileA
CopyFileA
SetConsoleTitleA
FindClose
GetLastError
FindNextFileA
FindFirstFileA
GetDriveTypeA
GetFileSize
CreateDirectoryA
ReadFile
GetWindowsDirectoryA
GetSystemDirectoryA
lstrlenA
HeapAlloc
GetProcessHeap
HeapFree
ExitProcess
lstrcpyA
GetCommandLineA
RtlUnwind
GetModuleFileNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
VirtualQuery
GetSystemInfo
InterlockedExchange
VirtualAlloc
CreateFileA
WriteFile
SetFileAttributesA
DeleteFileA
GetFileAttributesA
GetVersion
GetCurrentProcess
CloseHandle
OpenProcess
GetComputerNameA
TerminateProcess
VirtualProtect
GetLocaleInfoA
GetModuleHandleA
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringA
GetCPInfo
GetOEMCP
GetACP

advapi32

RegQueryValueExA
RegDeleteValueA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetUserNameA

shell32

ShellExecuteA

user32

GetWindowTextA
GetWindowTextLengthA
GetForegroundWindow
CloseWindow
FindWindowA
CharUpperBuffA
ShowWindow
wvsprintfA
GetWindowThreadProcessId

wininet

InternetCloseHandle
InternetOpenUrlA
InternetOpenA
InternetReadFile

wsock32

closesocket
htons
socket
send
WSACleanup
recv
connect
shutdown
WSAStartup
gethostbyname

Sections

.Zem.Zem
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zem.Zem
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Zem.Zem
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

02fc9684fcfe6f7c79520dfff8b57f6b

Headers

File Characteristics

Imports

kernel32

advapi32

shell32

user32

wininet

wsock32

Sections

.Zem.Zem Size: 56KB - Virtual size: 56KB

.Zem.Zem Size: 48KB - Virtual size: 48KB

.Zem.Zem Size: 76KB - Virtual size: 76KB

.Zem.Zem
Size: 56KB - Virtual size: 56KB

.Zem.Zem
Size: 48KB - Virtual size: 48KB

.Zem.Zem
Size: 76KB - Virtual size: 76KB