NEAS[.]b9dc95921eab3f631f64a26223561c00_JC[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

NEAS.b9dc95921eab3f631f64a26223561c00_JC.exe
Size

124KB
MD5

b9dc95921eab3f631f64a26223561c00
SHA1

425bb70faaf7fdd093423d139b22768ba5b5ec2e
SHA256

1aa72c1ce2dd40b0e3d145cfdc08b8ad093abe0f8cca9d240a011b20b97ecca0
SHA512

23f4cbc61ddc47cc48812a8eda237378a61869413fdda470484e65bd73db8e45070f2eb35bdfcccc8d60756534e38b9f332a1b97b1149b37b38012e51aeaa992
SSDEEP

1536:VgVHIIikPbwWf5nKEj3uKTpgcnNmb0Xzo3Trunj8Cbgfv2OX4XgX/G:V4IsPbwG5KE5Tpg8yruj8Dv2OIQ+

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
NEAS.b9dc95921eab3f631f64a26223561c00_JC.exe

Files

NEAS.b9dc95921eab3f631f64a26223561c00_JC.exe
.exe windows:4 windows x86

0f49425461030c4dd92c430dfb2b4f8d

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetHandleInformation
CreatePipe
CreateDirectoryA
CreateProcessA
WaitForSingleObject
MultiByteToWideChar
ReadFile
CloseHandle
GetStartupInfoA
FreeLibrary
GetThreadLocale
GetModuleFileNameA
GetTickCount
LoadLibraryA
GetProcAddress
GlobalAlloc
WideCharToMultiByte
FindFirstFileA
GetModuleHandleA
GetWindowsDirectoryA
FindClose

user32

RegisterClassA
SetTimer
wsprintfA
ReleaseDC
GetDC
SetWindowPos
GetClientRect
GetDesktopWindow
EndPaint
BeginPaint
PostQuitMessage
DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
LoadCursorA
CreateWindowExA
MessageBoxA

gdi32

GetDeviceCaps
BitBlt
SelectObject
CreateCompatibleDC
DeleteDC
CreateDIBSection

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
RegEnumKeyExA

wsock32

closesocket
WSAStartup
connect
WSAAsyncSelect
htons
ioctlsocket
bind
getsockname
listen
socket
ntohs
accept
recv
send
WSAGetLastError

msvcrt

_stricmp
strncmp
calloc
sprintf
malloc
_acmdln
_XcptFilter
_exit
_ftol
sscanf
fseek
ftell
fread
_setjmp3
_except_handler3
_tempnam
_open
_close
_stat
_putenv
_strdup
_controlfp
__set_app_type
__p__fmode
__p__commode
_spawnv
strchr
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
getenv
free
exit
atoi
_errno
_iob
strstr
iswctype
__p___argc
__p___argv
strrchr
fopen
perror
strncpy
printf
fclose
fwrite
fprintf
_pctype
__mb_cur_max
_isctype
strpbrk
remove

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

0f49425461030c4dd92c430dfb2b4f8d

Headers

File Characteristics

Imports

kernel32

user32

gdi32

advapi32

wsock32

msvcrt

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 8KB - Virtual size: 4KB

.data Size: 16KB - Virtual size: 50KB

.rsrc Size: 28KB - Virtual size: 26KB

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 8KB - Virtual size: 4KB

.data
Size: 16KB - Virtual size: 50KB

.rsrc
Size: 28KB - Virtual size: 26KB