NEAS[.]db54ac6a7f5190e086a5d06f47de5b90_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.db54ac6a7f5190e086a5d06f47de5b90_JC.exe
Size

343KB
MD5

db54ac6a7f5190e086a5d06f47de5b90
SHA1

d585ff11eb4edcc5d95ced14e88ca9863c439f5f
SHA256

3f11ca088c565647dd14dea0030bf28c035b4a0d2dfb480cf88b6530ff9e798f
SHA512

2e6fa58ef660d04f85553cfc8beb893e0c34594a9c4bfb559b3d97794e54cd136eb10f3c6d37145c3efc981ed0d18667df5a6f653b9a7c7251b1568b7fb51929
SSDEEP

6144:3kuYMEtRvqPQGmic3gjJqVDZeTUgyIGqUCaB1wCliGHUdbey:3kuYMEtRvWAicwtqVDZen/jwzwBG0e

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.db54ac6a7f5190e086a5d06f47de5b90_JC.exe

Files

NEAS.db54ac6a7f5190e086a5d06f47de5b90_JC.exe
.exe windows:4 windows x86

69961daf2c8937a6a19e8b39578d72be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

connect
socket
htons
select
send
WSAGetLastError
WSASetLastError
WSAStartup
WSACleanup
accept
WSAIsBlocking
gethostbyname
ioctlsocket
getprotobyname
inet_addr
setsockopt
recv
bind
listen
WSACancelBlockingCall
shutdown
closesocket
WSASetBlockingHook
getsockname
ntohs

comctl32

PropertySheetA

kernel32

CopyFileA
lstrcatA
lstrlenA
lstrcpyA
FindClose
FindNextFileA
FindFirstFileA
Sleep
GetPrivateProfileStringA
GetPrivateProfileIntA
GlobalUnlock
DeleteFileA
RemoveDirectoryA
GlobalAlloc
WritePrivateProfileStringA
lstrcmpA
LocalFree
LocalAlloc
WinExec
GetWindowsDirectoryA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
GetProfileStringA
GlobalLock
RtlUnwind
WaitForSingleObject
CreateProcessA
GetTempFileNameA
FileTimeToSystemTime
FileTimeToLocalFileTime
LocalUnlock
LocalLock
_lclose
GetTickCount
_lread
_lopen
WriteFile
FlushFileBuffers
CreateFileA
InitializeCriticalSection
GetVersion
DeleteCriticalSection
TerminateThread
GetTempPathA
MulDiv
GetVolumeInformationA
WriteProfileStringA
GetLastError
CreateThread
SetFilePointer
UnhandledExceptionFilter
GetTimeZoneInformation
GetProcAddress
LoadLibraryA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
SetHandleCount
GetFileType
GetStdHandle
SetStdHandle
ReadFile
SetEndOfFile
CompareStringA
CompareStringW
HeapReAlloc
GetFileAttributesA
CloseHandle
GlobalFree
LCMapStringW
LCMapStringA
MultiByteToWideChar
HeapFree
ExitProcess
GetCommandLineA
GetStartupInfoA
GetModuleHandleA
CreateDirectoryA
GetDriveTypeA
GetFullPathNameA
SetCurrentDirectoryA
WideCharToMultiByte
GetStringTypeA
GetCurrentDirectoryA
SetEnvironmentVariableA
GetLocalTime
ExitThread
TlsSetValue
ResumeThread
HeapAlloc
MoveFileA
GetStringTypeW
HeapCreate
GetCurrentThreadId
TlsAlloc
SetLastError
TlsGetValue

user32

PeekMessageA
GetActiveWindow
EndPaint
BeginPaint
KillTimer
SetTimer
GetKeyState
WinHelpA
AppendMenuA
CreatePopupMenu
DeleteMenu
TranslateAcceleratorA
IsDialogMessageA
MessageBeep
GetMessageA
LoadAcceleratorsA
GetDialogBaseUnits
PostQuitMessage
RegisterClassA
LoadIconA
UnregisterClassA
DestroyMenu
GetClassInfoA
IsWindowVisible
RedrawWindow
IsDlgButtonChecked
DestroyWindow
GetDesktopWindow
SetActiveWindow
CreateDialogParamA
SetWindowTextA
ShowWindow
SetForegroundWindow
MessageBoxA
GetDlgItemTextA
SendDlgItemMessageA
SetDlgItemTextA
SetFocus
GetParent
GetDlgItem
SendMessageA
LoadStringA
wsprintfA
SetCursor
ReleaseCapture
SetCapture
GetWindowRect
ClientToScreen
GetWindowDC
GetClientRect
InvertRect
ReleaseDC
DefWindowProcA
DestroyCursor
LoadCursorA
CallWindowProcA
TrackPopupMenu
SetWindowLongA
TranslateMessage
DispatchMessageA
CreateWindowExA
BringWindowToTop
IsWindowEnabled
MoveWindow
IsZoomed
SetDlgItemInt
GetDlgItemInt
InvalidateRect
LoadBitmapA
GetSysColor
TabbedTextOutA
DrawTextA
DialogBoxParamA
EndDialog
CheckDlgButton
GetCursor
GetSystemMetrics
WindowFromPoint
IsWindow
GetWindowLongA
GetAsyncKeyState
UpdateWindow
GetWindowTextA
GetCursorPos
ScreenToClient
GetDC
PostMessageA
GetScrollPos
GetSystemMenu
EnableWindow
CheckRadioButton
IsIconic

gdi32

GetTextExtentPoint32A
SetBkColor
SetTextColor
DeleteObject
SelectObject
Rectangle
CreateSolidBrush
CreatePen
GetTextMetricsA
SetBkMode
GetStockObject
DeleteDC
BitBlt
ExtFloodFill
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
GetObjectA
CreateFontIndirectA
GetDeviceCaps
SetTextAlign
TextOutA
LineTo
MoveToEx

comdlg32

GetOpenFileNameA
ChooseFontA

shell32

DragAcceptFiles
ShellExecuteA
FindExecutableA
DragQueryPoint
DragQueryFileA
DragFinish

winmm

sndPlaySoundA

ws_ftp

ord107
ord100

Sections

.text
Size: 204KB - Virtual size: 204KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

69961daf2c8937a6a19e8b39578d72be

Headers

File Characteristics

Imports

wsock32

comctl32

kernel32

user32

gdi32

comdlg32

shell32

winmm

ws_ftp

Sections

.text Size: 204KB - Virtual size: 204KB

.rdata Size: 512B - Virtual size: 512B

.data Size: 25KB - Virtual size: 58KB

.idata Size: 6KB - Virtual size: 6KB

.rsrc Size: 84KB - Virtual size: 84KB

.reloc Size: 22KB - Virtual size: 26KB

.text
Size: 204KB - Virtual size: 204KB

.rdata
Size: 512B - Virtual size: 512B

.data
Size: 25KB - Virtual size: 58KB

.idata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 84KB - Virtual size: 84KB

.reloc
Size: 22KB - Virtual size: 26KB