NEAS[.]15b422db9dddebd5550225ecec3d1ca0_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.15b422db9dddebd5550225ecec3d1ca0_JC.exe
Size

1.6MB
MD5

15b422db9dddebd5550225ecec3d1ca0
SHA1

f633fe8174f856010b441940f9ec4aafbb4a60da
SHA256

f69615158b702ff7e604cbdc4f04bdb5de187e0acd4185686046d18feaf4c0f3
SHA512

95fcb0e4ea287d3c8007e65af29b0a4bc42ae726d1ef464ceeb0f8de5b9bfe1685c3e5cc82a5077f33cc664cd141cc2d5b34890e1e56f07e0306e0c78c113a0e
SSDEEP

24576:urM6smlKrTxC3xiTAOHiePCMwSwoopoo9R3YvH9fN90WPnw:urM6B+A3xuAOp6SQsdfN+w

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.15b422db9dddebd5550225ecec3d1ca0_JC.exe

Files

NEAS.15b422db9dddebd5550225ecec3d1ca0_JC.exe
.dll windows:6 windows x86

4ae2e7523249f9fd0a780f033456f22a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
CreateThread
ReleaseSemaphore
CreateSemaphoreA
GetSystemTime
GetModuleFileNameW
SystemTimeToFileTime
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GlobalMemoryStatus
GetProfileStringA
CreateDirectoryW
MultiByteToWideChar
CreateFileW
DeleteFileW
GetCurrentProcessId
FindFirstFileW
FindNextFileW
GetFileAttributesW
ReadFile
SetFilePointerEx
WriteFile
GetLastError
MoveFileExW
FileTimeToSystemTime
WideCharToMultiByte
IsValidCodePage
GetACP
Sleep
GetCurrentProcess
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThreadId
QueryPerformanceCounter
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
VerifyVersionInfoW
GetSystemInfo
IsProcessorFeaturePresent
FindClose
VerSetConditionMask
IsDebuggerPresent
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

user32

LoadStringA

gdi32

GetICMProfileW
DeleteDC
CreateDCW
CreateDCA

advapi32

RegQueryInfoKeyA
RegOpenKeyExA
RegEnumValueA
RegCloseKey
RegQueryValueExA

shell32

SHGetFolderPathW

ole32

CoCreateInstance

msvcp140

??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAG@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAH@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAI@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAM@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV01@AAN@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@AAD@Z
?peek@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEHXZ
?unget@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@V?$fpos@U_Mbstatet@@@2@@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE?AV?$fpos@U_Mbstatet@@@2@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?_Xout_of_range@std@@YAXPBD@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

vcruntime140

__current_exception
strstr
_except_handler4_common
__std_type_info_destroy_list
_CxxThrowException
memcmp
wcsstr
_purecall
memmove
__current_exception_context
__std_exception_destroy
__std_exception_copy
memset
memcpy
__RTDynamicCast
__std_terminate
__CxxFrameHandler3

api-ms-win-crt-math-l1-1-0

fabs
pow
log10
log2
sqrt
log
_fdsign

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_initterm_e
_invalid_parameter_noinfo
_errno
_initterm
terminate
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_invalid_parameter_noinfo_noreturn
_execute_onexit_table
_crt_atexit

api-ms-win-crt-string-l1-1-0

strncpy
strncmp
strcat
wcstok_s
wcscmp
strcmp
strlen
strnlen
towupper
strcpy

api-ms-win-crt-convert-l1-1-0

strtoul

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf_s
__stdio_common_vsprintf

api-ms-win-crt-heap-l1-1-0

_callnewh
realloc
malloc
free

api-ms-win-crt-environment-l1-1-0

getenv

api-ms-win-crt-time-l1-1-0

_time64
_gmtime64

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

ACEGetVersion
ACEHasFeature
ACEInitDelayed
ACEInitialize
ACEInitializeEx
ACETerminate

Sections

.text
Size: 850KB - Virtual size: 850KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 527KB - Virtual size: 528KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4ae2e7523249f9fd0a780f033456f22a

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

shell32

ole32

msvcp140

vcruntime140

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-environment-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-utility-l1-1-0

Exports

Exports

Sections

.text Size: 850KB - Virtual size: 850KB

.rdata Size: 250KB - Virtual size: 249KB

.data Size: 7KB - Virtual size: 13KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 527KB - Virtual size: 528KB

.text
Size: 850KB - Virtual size: 850KB

.rdata
Size: 250KB - Virtual size: 249KB

.data
Size: 7KB - Virtual size: 13KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 527KB - Virtual size: 528KB