NEAS[.]2ddefc918d7fe2cef4024d542c0e91c0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.2ddefc918d7fe2cef4024d542c0e91c0_JC.exe
Size

975KB
MD5

2ddefc918d7fe2cef4024d542c0e91c0
SHA1

ebee516933c0eae38389798d2577793aec4b6caa
SHA256

5df569ff80a8c09ae6ecc5716e9a15ece687ec9bf9d5623692337b5102490cbf
SHA512

61b0761c62b36bade6be423ae1884366fc8eb6feef5d93e69b4cd699ccc4fa8a4ddc2416fd578b0180cc4c33de4ff161ae17b2ca307fab8aca4e06888328d0f9
SSDEEP

24576:xkBkOEjMrqajql1ae0xIHExnIWvbDbKe/5:fOE/ajql1a3xIHElXN/5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.2ddefc918d7fe2cef4024d542c0e91c0_JC.exe

Files

NEAS.2ddefc918d7fe2cef4024d542c0e91c0_JC.exe
.dll regsvr32 windows:6 windows x86

f9800ee57d7c67c033caa682c471c5ea

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegEnumKeyExW
RegQueryValueExW
RegSetValueExW
RegQueryInfoKeyW
RegGetValueW
RegEnumValueA
RegDeleteValueA
GetTokenInformation
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
ReportEventW
RegisterEventSourceW
DeregisterEventSource
RegEnumValueW
RevertToSelf
EventRegister
EventUnregister
OpenProcessToken
OpenThreadToken
GetLengthSid
CopySid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSidToStringSidA
CreateWellKnownSid
EqualSid
EventWriteTransfer

kernel32

TlsAlloc
FlsAlloc
TlsGetValue
FlsGetValue
TlsSetValue
FlsSetValue
CompareStringEx
GetLocaleInfoEx
CloseHandle
ReleaseSemaphore
GetCurrentThreadId
WaitForSingleObjectEx
CreateEventExW
ResetEvent
SetEvent
MapViewOfFile
LCIDToLocaleName
LocaleNameToLCID
ResolveLocaleName
GetUserPreferredUILanguages
GetACP
GetTickCount64
UnmapViewOfFile
LockResource
GetUserDefaultLocaleName
IsValidCodePage
WideCharToMultiByte
FileTimeToSystemTime
GetStringTypeExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
TerminateProcess
GetModuleFileNameA
GetShortPathNameA
K32GetModuleFileNameExW
VerSetConditionMask
VerifyVersionInfoW
IsWow64Process
OpenProcess
GetCurrentProcessId
GlobalAlloc
HeapFree
HeapAlloc
GetProcessHeap
EnumSystemLocalesEx
GetSystemDefaultLocaleName
FlsFree
GetModuleHandleExW
GetVersionExW
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockShared
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
LocalFree
GetLongPathNameW
TlsFree
GetLogicalProcessorInformationEx
CancelWaitableTimer
SetWaitableTimerEx
CreateWaitableTimerW
GetProcessAffinityMask
InterlockedPushEntrySList
QueryDepthSList
RtlCaptureStackBackTrace
SleepConditionVariableSRW
WakeAllConditionVariable
WakeConditionVariable
SubmitThreadpoolWork
CreateThreadpoolWork
CreateThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolWait
CloseThreadpoolWait
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
WaitForMultipleObjectsEx
LoadLibraryExA
VirtualQuery
VirtualProtect
GetSystemInfo
InitializeSListHead
QueryPerformanceCounter
SetThreadLocale
GetThreadLocale
DisableThreadLibraryCalls
EncodePointer
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LocalAlloc
GlobalFree
CreateFileMappingA
OpenFileMappingA
CreateSemaphoreA
OpenSemaphoreA
CreateMutexA
OpenMutexA
CreateEventA
OpenEventA
lstrcmpiW
RaiseException
MultiByteToWideChar
GetLastError
InitializeCriticalSectionEx
EnterCriticalSection
GetModuleFileNameW
LeaveCriticalSection
DeleteCriticalSection
LoadResource
SizeofResource
FindResourceW
GetModuleHandleW
GetProcAddress
DecodePointer
SetLastError
GetModuleHandleA
LoadLibraryExW
LoadLibraryW
IsDebuggerPresent
OutputDebugStringW
CreateEventW
CreateIoCompletionPort
PostQueuedCompletionStatus
GetThreadIOPendingFlag
GetCurrentThread
GetQueuedCompletionStatus
Sleep
CreateThread
OutputDebugStringA
WaitForSingleObject
IsProcessorFeaturePresent
InterlockedPopEntrySList
ReleaseMutex
WerRegisterMemoryBlock
WerUnregisterMemoryBlock
QueryFullProcessImageNameW
GetTickCount
CreateMemoryResourceNotification
GetSystemPowerStatus
IsSystemResumeAutomatic

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoUninitialize
CoInitializeEx
CoRevokeInitializeSpy
CoRegisterInitializeSpy
StringFromGUID2

oleaut32

SysFreeString
SysStringLen
VariantInit
VariantClear
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
DispCallFunc
SysAllocString

msohev

_PHevCreateFileInfoForAddons@4
_FHevAddToFileInfo@12
_FHevActivateApp@12
_HevDestroyFileInfo@4

vcruntime140

__std_type_info_destroy_list
_except_handler4_common
memset
memmove
_CxxThrowException
memcmp
memcpy
wcsrchr
__CxxFrameHandler3
wcschr
__std_type_info_compare
__std_terminate
wcsstr
__std_exception_destroy
_purecall
__std_exception_copy

msvcp140

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?_Incref@facet@locale@std@@UAEXXZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
??Bid@locale@std@@QAEIXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
_Query_perf_counter
_Query_perf_frequency
?_Execute_once@std@@YAHAAUonce_flag@1@P6GHPAX1PAPAX@Z1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrToBool@@YA_NPBX@Z
?_XGetLastError@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@G@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@H@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?id@?$ctype@_W@std@@2V0locale@2@A
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@F@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@G@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@M@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?uncaught_exception@std@@YA_NXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEPA_WXZ
?gbump@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXH@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Thrd_id
?_Xout_of_range@std@@YAXPBD@Z
_Xtime_get_ticks
_Thrd_sleep
?_Xbad_function_call@std@@YAXXZ
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
_Mtx_lock
?_Xlength_error@std@@YAXPBD@Z
_Mtx_destroy_in_situ
?_Xbad_alloc@std@@YAXXZ
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
_Mtx_init_in_situ

api-ms-win-crt-string-l1-1-0

strnlen
wcscpy_s
_wcsicmp
wcstok_s
wcsncat_s
strcmp
wcscat_s
strncpy_s
wcscmp
wcsnlen
isdigit
_stricmp
towlower
wcsncpy_s
_towupper_l

api-ms-win-crt-heap-l1-1-0

realloc
malloc
free
_recalloc

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_clearfp
_initterm
terminate
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit
_errno
_invalid_parameter_noinfo

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vswprintf

api-ms-win-crt-math-l1-1-0

_libm_sse2_exp_precise
_libm_sse2_log_precise
_except1

api-ms-win-crt-convert-l1-1-0

_wtoi
_i64tow_s

api-ms-win-crt-locale-l1-1-0

__initialize_lconv_for_unsigned_char
_create_locale

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 444KB - Virtual size: 443KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 150KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 353KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f9800ee57d7c67c033caa682c471c5ea

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

ole32

oleaut32

msohev

vcruntime140

msvcp140

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-locale-l1-1-0

Exports

Exports

Sections

.text Size: 444KB - Virtual size: 443KB

.rdata Size: 150KB - Virtual size: 149KB

.data Size: 20KB - Virtual size: 45KB

.rsrc Size: 6KB - Virtual size: 5KB

.reloc Size: 353KB - Virtual size: 356KB

.text
Size: 444KB - Virtual size: 443KB

.rdata
Size: 150KB - Virtual size: 149KB

.data
Size: 20KB - Virtual size: 45KB

.rsrc
Size: 6KB - Virtual size: 5KB

.reloc
Size: 353KB - Virtual size: 356KB